[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Slapd aborts for duplicate cn: value (ITS#1536)
Full_Name: John Unekis
Version: 2.0.11
OS: Redhat 7.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (205.197.120.254)
Slapd appears to abort when a search is performed for a record with duplicate
CN: values....
I have a 149MB LDIF file, with hundreds of thousands of records in it, which is
being used to create a phone directory. In the LDIF file are about a thousand
randomly distributed records with duplicate cn: values in them.
Here is the one that is causing the abort, anytime I search for "Ray Williams"
-
dn: cn=Raymond G Williams, ou=People, ou=Lewis Research Center, ou=National
Aeronautics and Space Administration, o=U.S. Government, c=US
cn: R G Williams
cn: R Williams
cn: Ray Williams
cn: Raymond G Williams
cn: Raymond Williams
cn: RGWilliams
cn: RWilliams
cn: Williams
sn: Williams
mail: Raymond.G.Williams@lerc.nasa.gov
telephonenumber: 216-433-5956
objectclass: top
objectclass: person
objectclass: organizationalPerson
and -
dn: cn=Ray Williams, ou=General Services Administration, o=U.S. Government,
c=US
cn: Ray Williams
sn: Williams
givenname: Ray
mail: rayc.williams@gsa.gov
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
creatorsname: cn=manager
# createtimestamp: 19991026032631Z
There are 1903 cn: values with Ray in them, and 2715 cn: values with Williams in
them if that matters.
THe log file from ldap at the time of the crash looks like -
he Interior,o=U.S. Government,c=US" scope=1 filter="(|(cn=*)(ou=*))"
Jan 16 10:21:52 linitc slapd[22249]: conn=242 op=0 SEARCH RESULT tag=101 err=0
text=
Jan 16 10:21:52 linitc slapd[22249]: conn=-1 fd=7 closed
Jan 16 10:21:52 linitc slapd[22249]: conn=-1 fd=12 closed
Jan 16 10:21:55 linitc slapd[22249]: daemon: conn=243 fd=7 connection from
IP=127.0.0.1:37833 (IP=0.0.0.0:34049) accepted.
Jan 16 10:21:55 linitc slapd[22249]: conn=243 op=0 SRCH base="ou=BOHA,
ou=Department of the Interior,o=U.S. Government,c=US" scope=1
filter="(|(cn=*)(ou=*))"
Jan 16 10:21:55 linitc slapd[22249]: conn=243 op=0 SEARCH RESULT tag=101 err=0
text=
Jan 16 10:22:20 linitc slapd[22249]: daemon: conn=244 fd=12 connection from
IP=127.0.0.1:37834 (IP=0.0.0.0:34049) accepted.
Jan 16 10:22:20 linitc slapd[22249]: conn=244 op=0 SRCH base="o=U.S.
Government,c=US" scope=2 filter="(&(|(cn=*)(ou=*))(cn=*Ray*)(cn=*Williams*))"
Jan 16 11:33:03 linitc slapd[23195]: daemon: socket() failed errno=97 (Address
family not supported by protocol)
Jan 16 11:33:03 linitc slapd[23197]: slapd starting
Jan 16 11:34:57 linitc slapd[23197]: daemon: conn=0 fd=7 connection from
IP=172.16.1.150:37999 (IP=0.0.0.0:34049) accepted.
Jan 16 11:34:57 linitc slapd[23197]: conn=0 op=0 BIND dn="CN=MANAGER,C=US"
method=128
Jan 16 11:34:58 linitc slapd[23197]: conn=0 op=0 RESULT tag=97 err=0 text=
(The time from 10:22 to 11:33 is when ldap was dead before I restarted it)
Our slapd.conf file is:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
# turn on logging for a while to see activity
# loglevel 256
# Idle timeout set to 180 seconds for queries
idletimeout 180
# Schemachecking is turned off
schemacheck off
# Set a 7 minute time limit on queries
timelimit 420
#pidfile //var/run/slapd.pid
#argsfile //var/run/slapd.args
# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
######################################################################
# first backend for slapd
######################################################################
backend ldbm
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "c=US"
rootdn "cn=Manager,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# This password just for testing
rootpw xxxxxxxxxxxxxxx
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index gn,surname,ou,objectClass eq
index cn eq,sub
# Set a cache size of 5000 entries (5x default)
cachesize 5000
# turn off locking to improve performance (we only have one update going)
# dbnolocking
# quintuple the default ram cache size
dbcachesize 500000
# Define ACLs to disable default read access.
access to *
by self write
by dn="cn=Manager,c=US" write
by * read
by anonymous auth
######################
Is this a bug or a feature? How do I make it behave??
Thanks,
John Unekis