[Date Prev][Date Next] [Chronological] [Thread] [Top]

server crashes (ITS#2195)

Full_Name: Igor Brezac
Version: 2.1.8
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.147.26.35)


I have the following access setup:

access to dn.base=""
       by * read
access to attr=userPassword dn.children="ou=People,ou=Admin,o=pb"
       by anonymous auth
       by self write
       by group.base="cn=proxyagents,ou=Group,ou=Admin,o=pb" read
       by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
access to dn.children="ou=Admin,o=pb"
       by group.base="cn=proxyagents,ou=Group,ou=Admin,o=pb" read
       by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
access to *
       by group.base="cn=techs,ou=Group,ou=Admin,o=pb" write
       by group.base="cn=admins,ou=Group,ou=Admin,o=pb" write
       by * continue

'ldapsearch -x -W -Dcn=igor,ou=people,ou=admin,o=pb -b o=pb cn=admins' where
cn=igor,ou=people,ou=admin,o=pb is a memebr of cn=admins,ou=Group,ou=Admin,o=pb
causes slapd to loop indefinitely and become unusable.  This is what slapd debug
shows (truss shows repeating yield() call):

====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
====> bdb_cache_find_entry_dn2id("cn=admins,ou=group,ou=admin,o=pb"): 17 (not
ready) 4
.
.
.

Note that this needs to be the first query after the server is started.  The
same ldapsearch query appears to work fine if a different query is performed
before hand.  I noticed this when I tried to update
cn=admins,ou=group,ou=admin,o=pb and some of the replicas became unusable as a
result.  In addition, this may need to be a different ITS, I could no longer
bind to operating slaves using members from cn=admins,ou=group,ou=admin,o=pb
until the slapd was restarted.  Master slapd worked fine.

Please let me know if you need any further information.

-Igor