Ubuntu

[SRU] Slave slapd crashes when doing syncrepl

Reported by Anderson on 2008-05-06
6
Affects Status Importance Assigned to Milestone
openldap2.3 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: slapd

I am trying to run a LDAP server which holds a replica of my existent database, but it is crashing during the syncrepl phase.

Using slapd 2.4.7-6ubuntu4.1 from Ubuntu Hardy in a x86 system.

--------

Steps to reproduce (at least in my system):

# Download my attachment and extract the BZIP archive on an existing folder '/home/amg1127'.
# "cd" to '/home/amg1127/ldap
# Create the database from the included LDIF by running './create-master-base.sh'
# Run the server: './run-master-slapd.sh'
# Open another terminal window and run the slave: './run-slave-slapd.sh'
# Master continues to run, but slave gets a SIGSEGV.

--------

I couldn't give a backtrace now, because 'slapd-dbg' package is currently not installable.

Chuck Short (zulcss) wrote :

Hi Thanks for the bug report can you describe more of your test setup?

Thanks
chuck

Changed in openldap2.3:
status: New → Incomplete
Anderson (amg1127) wrote :

Humm...

I have an OpenLDAP server listening in ldaps:// and ldapi://. Simple and SASL authentication are enabled.

I am trying to run in the same machine another OpenLDAP server listening only in ldap://, but acting as a replica of the existing OpenLDAP server. In this second server, I want to disable simple authentication and enforce stronger SASL mechanisms in order to bind to it. My intention is to use ldap:// to serve NSS_LDAP modules and use ldaps:// to serve PAM_LDAP modules on workstations.

Now, I am using ldaps:// to serve either NSS_LDAP and PAM_LDAP and if I run 2500 instances of "getent passwd", my LDAP server eats all CPU resources because of the encryption. If I run 2500 instances of "getent passwd" agains a ldap:// server, the server uses no more than 5% of CPU resources. Good performance, but using ldap:// in PAM_LDAP arises a security problem in my network.

The file I attached here has the full LDAP base and OpenLDAP configuration I use here. I only moved configuration and databases to my home directory (/home/amg1127) in order to avoid conflict with my existing server. Unfortunately, I couldn't reproduce the bug by using a little base.

Anderson (amg1127) wrote :

A question: the bug didn't occur in your setup?

Chuck Short (zulcss) wrote :

I was able to reproduce the bug but I dont have a fix for it yet.

Thanks
chuck

Changed in openldap2.3:
status: Incomplete → Confirmed
Chuck Short (zulcss) wrote :

I tried running your test setup with a newer version with openldap. I was still able to reproduce I have opened up a bug upstream: http://www.openldap.org/its/index.cgi?findid=5503.

Thanks
chuck

Anderson (amg1127) wrote :

Are you alive? :-)

Chuck Short (zulcss) wrote :

Sorry still investigating we dont have a fix for it yet.

Thanks
chuck

Blade (johnblade) wrote :

Chuck I read the openldap thread and apparently they're waiting for some more checks from you. Any more news to this? It's quite crippling not having Ldap slaves.

Chuck Short (zulcss) wrote :

This is fixed for upstream but not for hardy.

Thanks
chuck

Adam Sommer (asommer) wrote :

Ran the test routine above using openldap2.3 - 2.4.9-1ubuntu1~ppa1 from Chuck's PPA, and there was no segfault when using syncrepl. Everything worked as advertised.

Adam Sommer (asommer) wrote :

I just tested Chuck's openldap2.3 - 2.4.9-1ubuntu1~ppa1 on my production test systems and didn't find any regressions. I tested adding users, deleting users, syncrepl, and RequestTracker configured to use OpenLDAP for authentication. Everything worked great.

At this time those are the main features I use OpenLDAP for, but if there are other things that I can check please let me know.

Thanks for you work on this Chuck.

Anderson (amg1127) wrote :

syncrepl is working for me, also.

Thanks!

Chuck Short (zulcss) wrote :

This is due to a bug in the upstream version however there are so many problems with 2.4.7 I have uploaded 2.4.9 with a patch that fixes this issue:

TEST CASE:

1. Install openldap 2.4.9
2 Run the script mentioned above.
3. openldap 2.4.9 will not crash.

I have attached the patch which fixes this issue. If you have any questions please let me know.

Thanks
chuck

Changed in openldap2.3:
status: New → Confirmed
Chuck Short (zulcss) wrote :
Martin Pitt (pitti) wrote :

Looks fine. Please incorporate it into the pending 2.4.9 SRU once the remaining question there is solved. Is this patch fixed in 2.4.9 upstream, or does it still need to be applied there?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap2.3 - 2.4.9-1ubuntu2

---------------
openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low

  * Rebuild for perl 5.10 transition (LP: #230016)
  * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
    syncrepl. (LP: #227178)

 -- Chuck Short <email address hidden> Mon, 09 Jun 2008 14:56:40 +0000

Changed in openldap2.3:
status: Confirmed → Fix Released
Mathias Gug (mathiaz) wrote :

The patch has been applied upstream and is in 2.4.10.

2.4.9 still need the patch applied.

Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here

Changed in openldap2.3:
status: Confirmed → Fix Committed
Anderson (amg1127) wrote :

Sorry, I didn't saw your packages before, because of version numbering. I had installed packages from Chuck's PPA, with version 2.4.9-1ubuntu1~ppa1 and packages from hardy-proposed has version 2.4.9-0ubuntu0.8.04.

In order to allow automatic installation of hardy-proposed packages with a standard dist-upgrade, can version numbering be changed?

Anderson (amg1127) wrote :

I just installed them now... No crashes while starting services...

Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in openldap2.3:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers