[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnMatch flooding logs and access blocked

Al Dispennette wrote:

Seriously, I need help.
Can anyone help me?

None of the avenues I have looked into have amounted to anything.
The logging is not helping.  I believe whatever is happening is supposed to be
happening but when it does blocking occurs.
I have commented out all of the syncing properties in slapd.conf
I do still have "checkpoint 1024 15" enabled.

I am pretty desperate for help and I have not had a response from anyone on
any site I have posted this.
I have been searching for an direction for a couple weeks now, I'm not asking
for an answer just a direction on where I maybe should look.
Why are you using loglevel 3? or 255? What do those loglevels mean, do you know? Have you read the slapd.conf(5) or slapd-config(5) manpages?
Give some more information on the actual operations involved. Use a loglevel that's actually useful. If you don't know what operations are occurring, then clearly the loglevel you've chosen isn't helping. 

Thanks,


From: Al Dispennette <al.dispennette@clairmail.com
<mailto:al.dispennette@clairmail.com>>
Date: Tue, 4 Dec 2012 10:32:40 -0800
To: <openldap-technical@openldap.org <mailto:openldap-technical@openldap.org>>
Subject: Re: dnMatch flooding logs and access blocked

So I downloaded the openldap source and looked at the places where the debug
output logs the message below.
That being said it looks like it is happening during some group entry
modification.

I am not that knowledgeable with ldap so I have another question related to
the blocking that is occurring.
So the situation is this, in my application I allow users to update their
usernames and password.
For the username update I copy the user into a cloned object delete the entry
from ldap and then add the cloned object with the new username to ldap.
As for the password I simply update the password attribute.

Is there something in the removal and addition of the user object that is
causing the group to need to be reindexed or the cache to be reloaded or
anything that may cause the blocking that I am seeing?

I changed the log level from 255 to 3 so I should see some different debug
output, but until this occurs again does anyone have any insight or knowledge
that could help me.

Thanks,

*
*
*Al Dispennette*

*
*


From: Al Dispennette <al.dispennette@clairmail.com
<mailto:al.dispennette@clairmail.com>>
Date: Mon, 3 Dec 2012 14:35:44 -0800
To: <openldap-technical@openldap.org <mailto:openldap-technical@openldap.org>>
Subject: dnMatch flooding logs and access blocked

Hello,

I am seeing the following get repeated in my slapd logs for hundreds of line.
  I know it is due to the logging level.

However, when this starts happening no one can access the server because what
ever is logging this is blocking.

Can anyone tell me what is causing this log entry?


slapd[20616]: dnMatch
-1#012#011"uid=item1,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch
2#012#011"uid=item2,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch
2#012#011"uid=item3,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch
-2#012#011"uid=item4,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch
-1#012#011"uid=item5,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch
-2#012#011"uid=item6,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"


*
*
*Al Dispennette*

*
*




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/