[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
memberof overlay results in unexpected slapd death?
- To: <openldap-technical@openldap.org>
- Subject: memberof overlay results in unexpected slapd death?
- From: "Paul B. Henson" <henson@acm.org>
- Date: Fri, 11 Oct 2013 13:04:06 -0700
- Content-language: en-us
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=USc5YgIqA0GCzmqqkwZDPcYbu+GlwBNS8hpj3g3likA=; b=Wyv0983SiQ+jI6lygwHIv177WQxux+atLeAd2oOkhN7OhUl8kbQMnD4sQVh3f7qCZT qDhM8rpZhfhMlNHgpvrIK6CXVi+pQ8x7VixGGJ7tRYKiYoP0AuTF6kwbIOga26XFWHnZ UlHFdw7Ib1QRF97MffcF3Er646xdXolWsCrLydp5eA/mnyz3RI0p96cUwQ7CMFFjAU8Y 5GQWKG9y56qpEXIctFV4A5bnSbA18HIhF5JXZc0iIK49c+kcfZcK7YhUiRAFkaaEzXC1 t/2uXpui8RJvHv0rfhf8tezh58DtUTugOY83LRvqlCAxBsADDCF1Fx+ZlrelbcL5n7cV bXaQ==
- Thread-index: Ac7Gsl3RJZCHMxh2SuaDZQHLWHmoRQ==
Our LDAP infrastructure is currently running 2.4.35, and consists of two
read/write masters configured in mirror mode behind the load balancer, with
three additional read-only slaves using syncrepl. We recently decided to add
the memberof overlay to our configuration, due to an application that did
not support querying the groups for members.
I updated our configuration to load the module, and add the overlay, and
proceeded to rip through all of our groups removing and then re-adding the
members in order to populate the memberOf attribute on the user objects.
While doing so, there were errors logged on all of the servers:
Oct 10 04:26:09 fosse slapd[9944]: conn=75373 op=184748:
memberof_value_modify DN="uid=tdnguyen1,ou=user,dc=cs
upomona,dc=edu" delete memberOf="uid=classes,ou=group,dc=csupomona,dc=edu"
failed err=16
This was expected, as the memberOf attribute did not exist in our current
directory. However, what was unexpected was that the slapd processes started
to mysteriously die while I was trying to repopulate the groups. No log
messages, or any other indication of the failure, just attribute delete
errors:
Oct 10 04:29:39 filmore slapd[25526]: conn=-1 op=0: memberof_value_modify
DN="uid=rfu,ou=user,dc=csupomona,dc=edu" delete
memberOf="uid=mhr31806,ou=group,dc=csupomona,dc=edu" failed err=16
Oct 10 04:29:39 filmore slapd[25526]: conn=-1 op=0: memberof_value_modify
DN="uid=rfu,ou=user,dc=csupomona,dc=edu" delete
memberOf="uid=mhr_classes,ou=group,dc=csupomona,dc=edu" failed err=16
Then the process was gone. It was definitely related to mass group updates,
they would run for hours with no problems under general use, but as soon as
I started churning group members, bam, one or two of them would go away.
I ended up backing out the modification, dumping the database, removing all
of the memberOf attributes, and reloading it. I will try to duplicate this
in a test environment with debugging enabled and see if I can get a better
idea what's going on, but I was just curious if anyone had seen anything
like this or knew of any underlying issues with the memberof overlay.
Thanks much.