[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
server crashes (ITS#2195)
Full_Name: Igor Brezac
Version: 2.1.8
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.147.26.35)
I have the following access setup:
access to dn.base=""
by * read
access to attr=userPassword dn.children="ou=People,ou=Admin,o=pb"
by anonymous auth
by self write
by group.base="cn=proxyagents,ou=Group,ou=Admin,o=pb" read
by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
access to dn.children="ou=Admin,o=pb"
by group.base="cn=proxyagents,ou=Group,ou=Admin,o=pb" read
by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
access to *
by group.base="cn=techs,ou=Group,ou=Admin,o=pb" write
by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
by * continue
'ldapsearch -x -W -Dcn=igor,ou=people,ou=admin,o=pb -b o=pb cn=admins' where
cn=igor,ou=people,ou=admin,o=pb is a memebr of cn=admins,ou=Group,ou=Admin,o=pb
causes slapd to loop indefinitely and become unusable. This is what slapd debug
shows (truss shows repeating yield() call):
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
.
.
.
Note that this needs to be the first query after the server is started. The
same ldapsearch query appears to work fine if a different query is performed
before hand. I noticed this when I tried to update
cn=admins,ou=group,ou=admin,o=pb and some of the replicas became unusable as a
result. In addition, this may need to be a different ITS, I could no longer
bind to operating slaves using members from cn=admins,ou=group,ou=admin,o=pb
until the slapd was restarted. Master slapd worked fine.
Please let me know if you need any further information.
-Igor