[Date Prev][Date Next] [Chronological] [Thread] [Top]

segfaults with syncrepl



hello everybody,

I'm quite new to OpenLdap. Actually i've been using it for a few years, but I have no deep knowlege.
The problem I'm facing is my cosumer replicas are segfaulting.
My design:
I have one master with several o=BranchX,dc=example,dc=com This is provider.
I have several (the number is X-1) replicas, consumers.
All consumers are replicating its branch o=BranchX,dc=example,dc=com and one common branch o=BranchMain,dc=example,dc=com.
The picture is  like this:

Provider
o=BranchMain,dc=example,dc=com
o=Branch1,dc=example,dc=com
o=Branch2,dc=example,dc=com
.....
o=BranchX,dc=example,dc=com

Consumer 1:
o=BranchMain,dc=example,dc=com
o=Branch1,dc=example,dc=com

Consumer 2:
o=BranchMain,dc=example,dc=com
o=Branch2,dc=example,dc=com

At the begining I had one consumer, which was segfaultin just randomly once or twice a day. I decided to comment out my syncrepl directives in conf file and now it is running for a day and half. I should mention, that after cosumer segfaults I cannot start slapd any more. The only solution I have is to delete ol /var/lib/ldap (all database) directory contents and then restarting slapd. If restarting slapd on the old database - segfaulti is happening.

Since this was a smaill branch and only one branch I thought to debug the problem later. Today I faced the same situation on a biger consumer. The same situation. slapd just crashed and only deleting database helped me to start it again.

My systems are Mandriva 2008.1 with slapd version:
@(#) $OpenLDAP: slapd 2.4.8 (Mar 23 2008 16:49:39) $
        mandrake@klodia.mandriva.com:/home/mandrake/rpm/BUILD/openldap-2.4.8/servers/slapd

I have one branch runing old slapd versions (the ones comming with Mandriva 2007.0), but they seem to work except that I can have replicated only one branch (one rid). Seems old slapd doesn't support several rids.

Can anybody help me to debug this situation? This configuration is rather new but I was thinking to build all infrastructure on such a configuration, so segfaulting is very big issue.
Provider (master) configuration is:

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/qmail.schema
include /etc/openldap/schema/local.schema
include         /etc/openldap/slapd.access.conf
access to dn.subtree="dc=example,dc=com"
        by group="cn=Replicator,ou=Group,dc=example,dc=com"
        by users read
        by anonymous read
pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args
modulepath      /usr/lib64/openldap
moduleload     syncprov.la
TLSRandFile             /dev/random
TLSCipherSuite          HIGH:MEDIUM:+SSLv2+SSLv3
TLSCertificateFile      /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile   /etc/pki/tls/certs/slapd.pem
TLSCACertificatePath    /etc/pki/tls/certs/
TLSCACertificateFile    /etc/pki/tls/certs/ca-bundle.crt
TLSVerifyClient never # ([never]|allow|try|demand)
database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret
directory       /var/lib/ldap
checkpoint 256 5
index   mailAlternateAddress                    eq,sub
index   accountStatus,mailHost,deliveryMode     eq
index   default                                 sub
index   objectClass                                             eq
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
index  entryCSN,entryUUID                                      eq
limits group="cn=Replicator,dc=infosaitas,dc=lt"
     size=unlimited
     time=unlimited

access to *
        by group="cn=Replicator,dc=infosaitas,dc=lt" write
        by * read
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 10

Consumers configuration (all the same):
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/qmail.schema
include /etc/openldap/schema/local.schema
include         /etc/openldap/slapd.access.conf
include         /etc/openldap/slapd.access.ldapauth.conf
access to dn.subtree="dc=example,dc=com"
        by group="cn=Replicator,ou=Group,dc=example,dc=com"
        by users read
        by anonymous read
pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args
modulepath      /usr/lib64/openldap
moduleload      back_ldap.la
TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
overlay                 chain
chain-uri               "ldap://master.server"
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=Manager,dc=example,dc=com"
                        credentials=secret
                        mode="none"
chain-tls               start
chain-return-error      TRUE
database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret
directory       /var/lib/ldap
checkpoint 256 5
index   objectClass                                             eq
index   mailAlternateAddress                    eq,sub
index   accountStatus,mailHost,deliveryMode     eq
index   default                                 sub
index   cn,mail,surname,givenname                               eq,subinitial
index   uidNumber,gidNumber,memberuid,member,uniqueMember       eq
index   uid                                                     eq,subinitial
index   sambaSID,sambaDomainName,displayName                    eq
limits group="cn=Replicator,ou=Group,dc=example,dc=com"
 size=unlimited
 time=unlimited

syncrepl rid=1
    provider=ldap://master.server:389
    type=refreshAndPersist
    retry="60 +"
    searchbase="o=BranchMain,dc=example,dc=com"
    filter="(objectClass=*)"
    scope=sub
    attrs=*
    schemachecking=off
    bindmethod=simple
    binddn="cn=Manager,dc=example,dc=com"
    credentials=secret
    starttls=yes
syncrepl rid=2
    provider=ldap://master.server:389
    type=refreshAndPersist
    retry="60 +"
    searchbase="o=Branch1,dc=example,dc=com"
    filter="(objectClass=*)"
    scope=sub
    attrs=*
    schemachecking=off
    bindmethod=simple
    binddn="cn=Manager,dc=example,dc=com"
    credentials=secret
    starttls=yes
updateref ldap://master.server


Thanks for any hints on this
Liutauras