[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP crash when defining multiple olcDbURI for chaining
Hello list,
I am trying to setup referral chaining in a multi-master setup. I can
setup chaining to one of the masters without any problems. And I can
perform a MOD operation that is then referral chased and performed on
the master.
However, when I define both masters the replica crashes when I do a MOD
operation.
Snippet of cn=config from the working example:
dn:
olcDatabase={1}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {1}ldap
olcDbStartTLS: start starttls=yes
olcDbIDAssertAuthzFrom: {0}*
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbURI: ldap://ldap-m1.example.com
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical
bindmethod=simple timeout=0 network-timeout=0
binddn="cn=admin,dc=example,dc=com" credentials="secret" keepalive=0:0:0
starttls=yes tls_reqcert=allow
If I change olcDbURI to either of the entries below, the replica server
crashes
* olcDbURI: "ldap://ldap-m1.example.com,ldap://ldap-m2.example.com";
* olcDbURI: "ldap://ldap-m1.example.com ldap://ldap-m2.example.com";
According to slapd-ldap(5), the URI list can be comma or space separated.
I've turned on "args" and "trace" debugging to troubleshoot, but never
get any errors in the logs. I only see an attempt to chase the referral
followed by an immediate crash (see log snippet at the end of email).
Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also able
to replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise.
Any help is much appreciated.
--
Khosrow Ebrahimpour
Crash Log:
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 modifications:
Sep 8 21:07:23 ldap-rep1 slapd[20947]: replace: givenName
Sep 8 21:07:23 ldap-rep1 slapd[20947]: one value, length 1
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD
dn="uid=user1,ou=people,dc=example,dc=com"
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD attr=givenName
Sep 8 21:07:23 ldap-rep1 slapd[20947]:
bdb_dn2entry("uid=user1,ou=people,dc=example,dc=com")
Sep 8 21:07:23 ldap-rep1 slapd[20947]: =>
hdb_dn2id("ou=people,dc=example,dc=com")
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0x6
Sep 8 21:07:23 ldap-rep1 slapd[20947]: =>
hdb_dn2id("uid=user1,ou=people,dc=example,dc=com")
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0xe
Sep 8 21:07:23 ldap-rep1 slapd[20947]: entry_decode: ""
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= entry_decode()
Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: conn=1000 op=1 p=3
Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: err=10
matched="" text=""
Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result:
referral="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com";
Sep 8 21:07:23 ldap-rep1 slapd[20947]: >>> dnPrettyNormal:
<uid=user1,ou=people,dc=example,dc=com>
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <<< dnPrettyNormal:
<uid=user1,ou=people,dc=example,dc=com>,
<uid=user1,ou=people,dc=example,dc=com>
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 ldap_chain_op:
ref="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com";
-> "ldap://ldap-m1.example.com";
Sep 8 21:09:02 ldap-rep1 slapd[21057]: @(#) $OpenLDAP: slapd (Ubuntu)
(Mar 17 2014 21:20:08) $
buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd