Many "connection_read(): no connection!" warnings from OpenLDAP server when using ldapi:/// and a bind DN (no external authentication)

Reported by Mark A. Ziesemer on 2010-06-15
This bug affects 19 people
Affects Status Importance Assigned to Milestone
openldap (Debian)
openldap (Ubuntu)

Bug Description

Reported upstream at http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6548 , but it needs to be re-opened there.

Many "connection_read(): no connection!" warnings are written to /var/log/debug and /var/log/syslog by slapd. As stated at http://www.openldap.org/lists/openldap-software/200811/msg00079.html , this is apparently not a problem with slapd, but a client that is disconnecting without first unbinding.

This appears to be an issue with the libldap client library provided by OpenLDAP itself (2.4.21), and not the slapd daemon.

Issue is reproducible even by just using "ldapsearch -H ldapi:///", but only if a bind DN is specified (-D) and external authentication is not used.

Running slapd with logging enabled (-d 8) shows the attached 3 sequences - ldapsearch command followed by the slapd logs. Note that the "connection_read(): no connection!" is only visible on the middle pair.

If this can't / won't be fixed in the client library, the logging of the "connection_read(): no connection!" event from slapd should at least be demoted to a lower level so that it doesn't fill the default logging output, without having to change the overall configured logging level and potentially missing other logged events that do require attention.

Ubuntu 10.04, libldap-2.4-2 : 2.4.21-0ubuntu5

Also still confirmed in Ubuntu 11.10, libldap-2.4-2 : 2.4.25-1.1ubuntu4.1

Mark A. Ziesemer (ziesemer) wrote :
Thierry Carrez (ttx) on 2010-06-16
Changed in openldap (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Kjell Braden (afflux) wrote :

I can reproduce this behavior by running "ldapsearch -H ldapi:/// -Y EXTERNAL", too.

This symptom can be shut off with the rsyslog rule, should be at the top of /etc/rsyslog.d/50-default.conf:

:msg, contains, ": no connection" ~

Marcio Merlone (mmerlone) wrote :

This affects not just logging, but it seems to affect search capability from some clients. For instance, my thunderbird addressbook fails occasionally. Simultaneously on the client error, I get these error messages on syslog:

slapd[29694]: SASL [conn=1577] Failure: realm changed: authentication aborted
slapd[29694]: connection_read(46): no connection!

This is happening not all times with all users on my network (about 100 users).

description: updated
airtonix (airtonix-gmail) wrote :

still occuring

Mark A. Ziesemer (ziesemer) wrote :

Some interesting comments left in the notes field at http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6548 :

fixed in master
fixed in RE24

So hopefully this means that a fix is pending - eventually?

description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers