[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5022) ldappasswd crash consumer slapd with some loglevels

Pierangelo Masarati wrote:
> gao@schrodinger.com wrote:
>> URL: ftp://ftp.schrodinger.com/support/openldap/simon.gao.openldap_2.3.35.its.ext
> ^^^ This link is unreachable
Sorry about the broken link. Here is the correct one:


>> When following command against a consumer slapd, it will crash slapd of the
>> consumer when loglevel is set to any other value other than 1 or -1 on the
>> consumer:
>> ldappasswd -v -H ldap://consumer -D "uid=joe,ou=people,dc=example,dc=com" -W -S
>> -x -A
>> The crash happens to at least to loglevel 0, 256, 512. When loglevel is set to 1
>> or "-1", then no crash is experienced. In addition, when run consumer slapd
>> manually as front process,
> ^^^ what does this mean?
If I start slapd manually as following commands:

/usr/lib/openldap/slapd -d 0 -u ldap -g ldap -h 'ldap:// ldaps'
/usr/lib/openldap/slapd -d 256 -u ldap -g ldap -h 'ldap:// ldaps'
/usr/lib/openldap/slapd -d 512 -u ldap -g ldap -h 'ldap:// ldaps'

Then I did not see the problem as I would when setting loglevel to 0,
256, 512 in slapd.conf and start slapd from /etc/init.d/slapd, which
launch the daemon with the same options. When starting slapd from
/etc/init.d/slapd as background daemon process, slapd will write to
/var/log/ldap.log and /var/log/message. It seems that the difference
exists between writing ldap logs to a file (slapd runs in background) or
writing to console (slapd runs in foreground as started manually).
>> then all debug level works without problem.
> OpenLDAP re23 (in practice, 2.3.36 just released) doesn't show anything
> like that.  I note that differences related to the debug level usually
> mean that a NULL or an invalid pointer is passed to a *printf(3) routine
> on those systems that do not tolerate it (e.g. Solaris).  But usually
> the bug disappears when __decreasing__ the log level, while -1 means all.
> p.

I would expect writing less log should help avoiding problem. In this
case, somehow logging must be set at certain or above a level. Below
that it will trigger problem. While I was trying to get pieces working,
I always set loglevel to 1 or -1. So I did not realize this problem
until very late. The error I got as a result of attempting change
password is "can't contact LDAP server" which is very confusing (might
be because slapd already crashed before serving last request).

I am happy to run more tests and provide further information as needed.