[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4801) segfault in dynlist




--On Thursday, January 11, 2007 9:53 PM +0100 Pierangelo Masarati 
<ando@sys-net.it> wrote:

> quanah@stanford.edu wrote:
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.3.32
>> OS: Linux 2.6 (64-bit)
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (171.64.19.81)
>>
> I'm not seeing anything like that, neither with HEAD nor with re23.  It
> might be worth having a bit more details on your configuration, since
> that resulting from test044 (which basically complies with the info you
> provided) doesn't even hit that line of code (because rs->sr_flags == 0).
> So there must be something in between that causes the entry to be freed.
> That could be slapo-dynlist in some cases, but also slapo-translucent,
> slapo-collect, slapo-rwm or slapo-valsort.  I guess at this point you
> should share the conf, the data and the op that's causing trouble.

The search I'm performing is:

ldapsearch -LLL -Q -h ldap-dev1.stanford.edu -b 
"cn=groups,cn=applications,dc=stanford,dc=edu"

the slapd.conf is as follows, and the group configurations are as 
previously noted.

My principal has full read into the LDAP database, so the only ACL parsed 
is access to * for it.  I am using valsort, so perhaps it is an interaction 
between those two?


# $Id: slapd.conf.dev,v 1.7 2007/01/11 00:05:44 quanah Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/dyngroup.schema
include         /usr/local/etc/openldap/schema/krb5-kdc.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/eduperson.schema
include         /usr/local/etc/openldap/schema/suacct.schema
include         /usr/local/etc/openldap/schema/superson.schema
include         /usr/local/etc/openldap/schema/suapplication.schema

# Allow V2 binds
allow bind_v2

# Use star cert
TLSCertificateFile      /usr/local/etc/openldap/stardomain.crt
TLSCertificateKeyFile   /usr/local/etc/openldap/stardomain.key
TLSCACertificateFile    /usr/local/etc/openldap/comodo.pem

# Define global ACLs
include         /usr/local/etc/openldap/slapd.acl

#
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# Set the default search base for clients that don't specify a base.
defaultsearchbase "dc=stanford,dc=edu"

# Turn gentlehup off, it takes too long.
gentlehup off

#  Read slapd.conf(5) for possible values
loglevel        256

# Set the number of threads (8 seems to work best)
threads 8

# Set the number of threads to use in tool mode
tool-threads    2

# Set the timeout for idle connections
#idletimeout 30

# SASL conf
sasl-realm      stanford.edu
sasl-authz-policy both
sasl-regexp uid=(.*)/cgi,cn=stanford.edu,cn=gssapi,cn=auth 
ldap:///cn=cgi,cn=applications,dc=stanford,dc=edu??sub?krb5PrincipalName=$1/cgi@stanford.edu
sasl-regexp uid=service/(.*),cn=stanford.edu,cn=gssapi,cn=auth 
ldap:///cn=Service,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=service/$1@stanford.edu
sasl-regexp uid=webauth/(.*),cn=stanford.edu,cn=gssapi,cn=auth 
ldap:///cn=Webauth,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=webauth/$1@stanford.edu
sasl-regexp uid=(.*),cn=stanford.edu,cn=gssapi,cn=auth 
ldap:///uid=$1,cn=Accounts,dc=stanford,dc=edu??sub?suSeasStatus=active

# Load dynamic backend modules:
modulepath              /usr/local/lib/openldap
moduleload              back_hdb.la
moduleload              back_monitor.la
moduleload              valsort.la
moduleload              dynlist.la

#######################################################################
# stanford.edu database definitions
#######################################################################

database        hdb
suffix          "dc=stanford,dc=edu"
rootdn          "cn=manager,dc=stanford,dc=edu"

# Valsort Overlay
overlay valsort
valsort-attr ou cn=people,dc=stanford,dc=edu weighted
valsort-attr suAffiliation cn=people,dc=stanford,dc=edu weighted
valsort-attr suDisplayAffiliation cn=people,dc=stanford,dc=edu weighted

# Dynlist Overlay
overlay dynlist
dynlist-attrset groupOfURLS memberURL member

# Let ldapadmin have limitless searches
limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=unlimited 
size.hard=unlimited

# Let the Athletics principal have limitless searches
limits 
dn.exact="cn=athletics,cn=service,cn=applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=unlimited 
size.hard=unlimited

# Let the Authority audit principal have limitless searches
limits 
dn.exact="cn=workgroup-audit,cn=service,cn=applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=unlimited 
size.hard=unlimited

# Let the Registry Data Auditor principal have limitless searches
limits 
dn.exact="cn=RegistryDataAuditor,cn=Service,cn=Applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=unlimited 
size.hard=unlimited

# Let the ispace prinicpal have a search of 5000 entries
limits dn.exact="cn=ispace,cn=Service,cn=Applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000

# Let the GSB person principal have unlimited searches
limits 
dn.exact="cn=gsb-person,cn=service,cn=applications,dc=stanford,dc=edu" 
time.soft=unlimited time.hard=unlimited size.soft=unlimited 
size.hard=unlimited

# Save the time that the entry gets modified
lastmod         on

include         /usr/local/etc/openldap/syncrepl.conf

# Set the location of where the database storage files go.
directory       /var/lib/ldap

dbconfig set_cachesize 3 536870912 1
dbconfig set_lg_regionmax 262144
dbconfig set_lg_bsize 2097152
dbconfig set_lg_dir /var/log/bdb
dbconfig set_lk_max_locks 3000
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_lockers 1500
#
# Automatically remove log files that are no longer needed.
dbconfig set_flags DB_LOG_AUTOREMOVE
#
# Setting set_tas_spins reduces resource contention from multiple clients 
on systems with multiple CPU's.
dbconfig set_tas_spins 1

# Checkpoint the database to prevent transaction loss in unclean shutdowns, 
and speed up slapd shutdowns.
checkpoint 1024 5

# Entries to cache in memory
cachesize 50000

# IDL Entries to cache in memory
idlcachesize 50000

# Entries to free up when cache gets full
cachefree 1000

# Change the sub_any index length from 4 to 3 so that searches like *lee* 
work.
index_substr_any_len 3

# Indices to maintain
index   default                         eq
index   cn                                      eq,sub
index   dc
index   displayName
index   entryUUID
index   givenName                       eq,sub
index   homePhone                       eq,sub
index   krb5PrincipalName
index   mail                            eq,sub
index   mobile                          eq,sub
index   modifyTimestamp
index   o
index   objectClass
index   pager                           eq,sub
index   sn                                      eq,sub,approx
index   suAffiliation
index   suCalendarStatus
index   suCardNumber            pres,eq
index   suCN                            eq,sub
index   suDialinStatus
index   suDisplayAffiliation
index   suEmailPager            eq,sub
index   suGeneralID                     eq,sub
index   suGivenName                     eq,sub
index   suGwAffilFax1           eq,sub
index   suGwAffilFax2           eq,sub
index   suGwAffilFax3           eq,sub
index   suGwAffilFax4           eq,sub
index   suGwAffilFax5           eq,sub
index   suGwAffilPhone1         eq,sub
index   suGwAffilPhone2         eq,sub
index   suGwAffilPhone3         eq,sub
index   suGwAffilPhone4         eq,sub
index   suGwAffilPhone5         eq,sub
index   suKerberosStatus
index   suLelandStatus
index   suLocalPhone            eq,sub
index   suMaildrop
index   suOtherName
index   suPermanentPhone        eq,sub
index   suPrimaryOrganizationID
index   suPrivilegeGroup        eq,sub
index   suProxyCardNumber       pres,eq
index   suRegID
index   suRegisteredName        eq,sub
index   suResidencePhone        eq,sub
index   suSearchID
index   suSeasStatus
index   suSeasSunetID
index   suSN                            eq,sub,approx
index   suSunetID
index   suUniqueIdentifier
index   suUnivID
index   suVisibAffilAddress1
index   suVisibAffilAddress2
index   suVisibAffilAddress3
index   suVisibAffilAddress4
index   suVisibAffilAddress5
index   suVisibAffilFax1
index   suVisibAffilFax2
index   suVisibAffilFax3
index   suVisibAffilFax4
index   suVisibAffilFax5
index   suVisibAffiliation1
index   suVisibAffiliation2
index   suVisibAffiliation3
index   suVisibAffiliation4
index   suVisibAffiliation5
index   suVisibAffilPhone1
index   suVisibAffilPhone2
index   suVisibAffilPhone3
index   suVisibAffilPhone4
index   suVisibAffilPhone5
index   suVisibEmail
index   suVisibFacsimileTelephoneNumber
index   suVisibHomeAddress
index   suVisibHomePage
index   suVisibHomePhone
index   suVisibIdentity
index   suVisibLocalAddress
index   suVisibMailAddress
index   suVisibMailCode
index   suVisibMobilePhone
index   suVisibPagerEmail
index   suVisibPagerPhone
index   suVisibPermanentAddress
index   suVisibProfile
index   suVisibStreet
index   suVisibSunetID
index   suVisibTelephoneNumber
index   telephoneNumber         eq,sub
index   uid                                     pres,eq
index   uidNumber

#######################################################################
# back-monitor database definitions
#######################################################################
database                monitor

reverse-lookup on




--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html