[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4801) segfault in dynlist
--On Thursday, January 11, 2007 9:53 PM +0100 Pierangelo Masarati
<ando@sys-net.it> wrote:
> quanah@stanford.edu wrote:
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.3.32
>> OS: Linux 2.6 (64-bit)
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (171.64.19.81)
>>
> I'm not seeing anything like that, neither with HEAD nor with re23. It
> might be worth having a bit more details on your configuration, since
> that resulting from test044 (which basically complies with the info you
> provided) doesn't even hit that line of code (because rs->sr_flags == 0).
> So there must be something in between that causes the entry to be freed.
> That could be slapo-dynlist in some cases, but also slapo-translucent,
> slapo-collect, slapo-rwm or slapo-valsort. I guess at this point you
> should share the conf, the data and the op that's causing trouble.
The search I'm performing is:
ldapsearch -LLL -Q -h ldap-dev1.stanford.edu -b
"cn=groups,cn=applications,dc=stanford,dc=edu"
the slapd.conf is as follows, and the group configurations are as
previously noted.
My principal has full read into the LDAP database, so the only ACL parsed
is access to * for it. I am using valsort, so perhaps it is an interaction
between those two?
# $Id: slapd.conf.dev,v 1.7 2007/01/11 00:05:44 quanah Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/eduperson.schema
include /usr/local/etc/openldap/schema/suacct.schema
include /usr/local/etc/openldap/schema/superson.schema
include /usr/local/etc/openldap/schema/suapplication.schema
# Allow V2 binds
allow bind_v2
# Use star cert
TLSCertificateFile /usr/local/etc/openldap/stardomain.crt
TLSCertificateKeyFile /usr/local/etc/openldap/stardomain.key
TLSCACertificateFile /usr/local/etc/openldap/comodo.pem
# Define global ACLs
include /usr/local/etc/openldap/slapd.acl
#
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Set the default search base for clients that don't specify a base.
defaultsearchbase "dc=stanford,dc=edu"
# Turn gentlehup off, it takes too long.
gentlehup off
# Read slapd.conf(5) for possible values
loglevel 256
# Set the number of threads (8 seems to work best)
threads 8
# Set the number of threads to use in tool mode
tool-threads 2
# Set the timeout for idle connections
#idletimeout 30
# SASL conf
sasl-realm stanford.edu
sasl-authz-policy both
sasl-regexp uid=(.*)/cgi,cn=stanford.edu,cn=gssapi,cn=auth
ldap:///cn=cgi,cn=applications,dc=stanford,dc=edu??sub?krb5PrincipalName=$1/cgi@stanford.edu
sasl-regexp uid=service/(.*),cn=stanford.edu,cn=gssapi,cn=auth
ldap:///cn=Service,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=service/$1@stanford.edu
sasl-regexp uid=webauth/(.*),cn=stanford.edu,cn=gssapi,cn=auth
ldap:///cn=Webauth,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=webauth/$1@stanford.edu
sasl-regexp uid=(.*),cn=stanford.edu,cn=gssapi,cn=auth
ldap:///uid=$1,cn=Accounts,dc=stanford,dc=edu??sub?suSeasStatus=active
# Load dynamic backend modules:
modulepath /usr/local/lib/openldap
moduleload back_hdb.la
moduleload back_monitor.la
moduleload valsort.la
moduleload dynlist.la
#######################################################################
# stanford.edu database definitions
#######################################################################
database hdb
suffix "dc=stanford,dc=edu"
rootdn "cn=manager,dc=stanford,dc=edu"
# Valsort Overlay
overlay valsort
valsort-attr ou cn=people,dc=stanford,dc=edu weighted
valsort-attr suAffiliation cn=people,dc=stanford,dc=edu weighted
valsort-attr suDisplayAffiliation cn=people,dc=stanford,dc=edu weighted
# Dynlist Overlay
overlay dynlist
dynlist-attrset groupOfURLS memberURL member
# Let ldapadmin have limitless searches
limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Let the Athletics principal have limitless searches
limits
dn.exact="cn=athletics,cn=service,cn=applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Let the Authority audit principal have limitless searches
limits
dn.exact="cn=workgroup-audit,cn=service,cn=applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Let the Registry Data Auditor principal have limitless searches
limits
dn.exact="cn=RegistryDataAuditor,cn=Service,cn=Applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Let the ispace prinicpal have a search of 5000 entries
limits dn.exact="cn=ispace,cn=Service,cn=Applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000
# Let the GSB person principal have unlimited searches
limits
dn.exact="cn=gsb-person,cn=service,cn=applications,dc=stanford,dc=edu"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
# Save the time that the entry gets modified
lastmod on
include /usr/local/etc/openldap/syncrepl.conf
# Set the location of where the database storage files go.
directory /var/lib/ldap
dbconfig set_cachesize 3 536870912 1
dbconfig set_lg_regionmax 262144
dbconfig set_lg_bsize 2097152
dbconfig set_lg_dir /var/log/bdb
dbconfig set_lk_max_locks 3000
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_lockers 1500
#
# Automatically remove log files that are no longer needed.
dbconfig set_flags DB_LOG_AUTOREMOVE
#
# Setting set_tas_spins reduces resource contention from multiple clients
on systems with multiple CPU's.
dbconfig set_tas_spins 1
# Checkpoint the database to prevent transaction loss in unclean shutdowns,
and speed up slapd shutdowns.
checkpoint 1024 5
# Entries to cache in memory
cachesize 50000
# IDL Entries to cache in memory
idlcachesize 50000
# Entries to free up when cache gets full
cachefree 1000
# Change the sub_any index length from 4 to 3 so that searches like *lee*
work.
index_substr_any_len 3
# Indices to maintain
index default eq
index cn eq,sub
index dc
index displayName
index entryUUID
index givenName eq,sub
index homePhone eq,sub
index krb5PrincipalName
index mail eq,sub
index mobile eq,sub
index modifyTimestamp
index o
index objectClass
index pager eq,sub
index sn eq,sub,approx
index suAffiliation
index suCalendarStatus
index suCardNumber pres,eq
index suCN eq,sub
index suDialinStatus
index suDisplayAffiliation
index suEmailPager eq,sub
index suGeneralID eq,sub
index suGivenName eq,sub
index suGwAffilFax1 eq,sub
index suGwAffilFax2 eq,sub
index suGwAffilFax3 eq,sub
index suGwAffilFax4 eq,sub
index suGwAffilFax5 eq,sub
index suGwAffilPhone1 eq,sub
index suGwAffilPhone2 eq,sub
index suGwAffilPhone3 eq,sub
index suGwAffilPhone4 eq,sub
index suGwAffilPhone5 eq,sub
index suKerberosStatus
index suLelandStatus
index suLocalPhone eq,sub
index suMaildrop
index suOtherName
index suPermanentPhone eq,sub
index suPrimaryOrganizationID
index suPrivilegeGroup eq,sub
index suProxyCardNumber pres,eq
index suRegID
index suRegisteredName eq,sub
index suResidencePhone eq,sub
index suSearchID
index suSeasStatus
index suSeasSunetID
index suSN eq,sub,approx
index suSunetID
index suUniqueIdentifier
index suUnivID
index suVisibAffilAddress1
index suVisibAffilAddress2
index suVisibAffilAddress3
index suVisibAffilAddress4
index suVisibAffilAddress5
index suVisibAffilFax1
index suVisibAffilFax2
index suVisibAffilFax3
index suVisibAffilFax4
index suVisibAffilFax5
index suVisibAffiliation1
index suVisibAffiliation2
index suVisibAffiliation3
index suVisibAffiliation4
index suVisibAffiliation5
index suVisibAffilPhone1
index suVisibAffilPhone2
index suVisibAffilPhone3
index suVisibAffilPhone4
index suVisibAffilPhone5
index suVisibEmail
index suVisibFacsimileTelephoneNumber
index suVisibHomeAddress
index suVisibHomePage
index suVisibHomePhone
index suVisibIdentity
index suVisibLocalAddress
index suVisibMailAddress
index suVisibMailCode
index suVisibMobilePhone
index suVisibPagerEmail
index suVisibPagerPhone
index suVisibPermanentAddress
index suVisibProfile
index suVisibStreet
index suVisibSunetID
index suVisibTelephoneNumber
index telephoneNumber eq,sub
index uid pres,eq
index uidNumber
#######################################################################
# back-monitor database definitions
#######################################################################
database monitor
reverse-lookup on
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html