[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slapd aborts for duplicate cn: value (ITS#1536)



Full_Name: John Unekis
Version: 2.0.11
OS: Redhat 7.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (205.197.120.254)


Slapd appears to abort when a search is performed for a record with duplicate
CN: values....

I have a 149MB LDIF file, with hundreds of thousands of records in it, which is
being used to create a phone directory. In the LDIF file are about a thousand
randomly distributed records with duplicate cn: values in them.

Here is the one that is causing the abort, anytime I search for "Ray Williams"
-

dn: cn=Raymond G Williams, ou=People, ou=Lewis Research Center, ou=National
Aeronautics and Space Administration, o=U.S. Government, c=US
cn: R G Williams
cn: R Williams
cn: Ray Williams
cn: Raymond G Williams
cn: Raymond Williams
cn: RGWilliams
cn: RWilliams
cn: Williams
sn: Williams
mail: Raymond.G.Williams@lerc.nasa.gov
telephonenumber: 216-433-5956
objectclass: top
objectclass: person
objectclass: organizationalPerson

and -

dn: cn=Ray Williams, ou=General Services Administration, o=U.S. Government,
c=US
cn: Ray Williams
sn: Williams
givenname: Ray
mail: rayc.williams@gsa.gov
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
creatorsname: cn=manager
# createtimestamp: 19991026032631Z

There are 1903 cn: values with Ray in them, and 2715 cn: values with Williams in
them if that matters. 

THe log file from ldap at the time of the crash looks like -
he Interior,o=U.S. Government,c=US" scope=1 filter="(|(cn=*)(ou=*))" 
Jan 16 10:21:52 linitc slapd[22249]: conn=242 op=0 SEARCH RESULT tag=101 err=0
text= 
Jan 16 10:21:52 linitc slapd[22249]: conn=-1 fd=7 closed 
Jan 16 10:21:52 linitc slapd[22249]: conn=-1 fd=12 closed 
Jan 16 10:21:55 linitc slapd[22249]: daemon: conn=243 fd=7 connection from
IP=127.0.0.1:37833 (IP=0.0.0.0:34049) accepted. 
Jan 16 10:21:55 linitc slapd[22249]: conn=243 op=0 SRCH base="ou=BOHA,
ou=Department of the Interior,o=U.S. Government,c=US" scope=1
filter="(|(cn=*)(ou=*))" 
Jan 16 10:21:55 linitc slapd[22249]: conn=243 op=0 SEARCH RESULT tag=101 err=0
text= 
Jan 16 10:22:20 linitc slapd[22249]: daemon: conn=244 fd=12 connection from
IP=127.0.0.1:37834 (IP=0.0.0.0:34049) accepted. 
Jan 16 10:22:20 linitc slapd[22249]: conn=244 op=0 SRCH base="o=U.S.
Government,c=US" scope=2 filter="(&(|(cn=*)(ou=*))(cn=*Ray*)(cn=*Williams*))" 
Jan 16 11:33:03 linitc slapd[23195]: daemon: socket() failed errno=97 (Address
family not supported by protocol) 
Jan 16 11:33:03 linitc slapd[23197]: slapd starting 
Jan 16 11:34:57 linitc slapd[23197]: daemon: conn=0 fd=7 connection from
IP=172.16.1.150:37999 (IP=0.0.0.0:34049) accepted. 
Jan 16 11:34:57 linitc slapd[23197]: conn=0 op=0 BIND dn="CN=MANAGER,C=US"
method=128 
Jan 16 11:34:58 linitc slapd[23197]: conn=0 op=0 RESULT tag=97 err=0 text=
(The time from 10:22 to 11:33 is when ldap was dead before I restarted it)

Our slapd.conf file is:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include        /etc/openldap/schema/core.schema
include        /etc/openldap/schema/cosine.schema
include        /etc/openldap/schema/inetorgperson.schema
include        /etc/openldap/schema/nis.schema
include        /etc/openldap/schema/redhat/rfc822-MailMember.schema
include        /etc/openldap/schema/redhat/autofs.schema
include        /etc/openldap/schema/redhat/kerberosobject.schema


# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

# turn on logging for a while to see activity
# loglevel 256
# Idle timeout set to 180 seconds for queries
idletimeout 180
# Schemachecking is turned off
schemacheck off
# Set a 7 minute time limit on queries
timelimit 420

#pidfile  //var/run/slapd.pid
#argsfile //var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile    /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath   /usr/sbin/openldap
# moduleload   back_ldap.la
# moduleload   back_ldbm.la
# moduleload   back_passwd.la
# moduleload   back_shell.la

# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem                      

######################################################################
# first backend for slapd
######################################################################
backend ldbm

#######################################################################
# ldbm database definitions
#######################################################################

database  ldbm
suffix         "c=US"

rootdn         "cn=Manager,c=US"

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# This password just for testing
rootpw        xxxxxxxxxxxxxxx
# rootpw       {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain
index     gn,surname,ou,objectClass     eq
index     cn                            eq,sub


# Set a cache size of 5000 entries (5x default)
cachesize 5000
# turn off locking to improve performance (we only have one update going)
# dbnolocking 
# quintuple the default ram cache size
dbcachesize 500000
# Define ACLs to disable default read access.
access to *
   by self write
   by dn="cn=Manager,c=US" write
   by * read
   by anonymous auth

######################

Is this a bug or a feature? How do I make it behave??
Thanks,
John Unekis