[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6540) test022-ppolicy is flawed, masks serious stability issue
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6540) test022-ppolicy is flawed, masks serious stability issue
- From: ryans@aweber.com
- Date: Wed, 28 Apr 2010 19:04:38 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Ryan Steele
Version: 2.4.18
OS: Ubuntu Server
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (207.106.239.81)
When the chaining configuration for cn=config is added, as is done in
test022-ppolicy, the process of adding the module and overlay succeed, but
subsequent slapcat operations will fail with:
root@nebula:~# slapcat -n1
slapd-chain: first underlying database
"olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config"
cannot contain attribute "olcDbURI".
config error processing
olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config:
slapcat: bad configuration file!
Additionally, if slapd is stopped after adding the configuration in
test022-ppolicy, the server will not start again, and on the foreground shows:
slapd-chain: first underlying database
"olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config"
cannot contain attribute "olcDbURI".
: config_add_internal:
DN="olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config"
no structural objectClass add function
config error processing
olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config:
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=65 matched="" text=""
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
The reason test022-ppolicy does not catch this is because an ldapsearch will
still work. In fact, the chaining operations still succeed (writes are ferried
off to the upstream server). But, this is a very grave problem, as it can cause
the slapd server to stop functioning completely.