Could you please try to reproduce this with OpenLDAP from git repo? It contains a fix for ITS#7710: http://www.openldap.org/its/index.cgi?findid=7710 RE snapshot link in case you don't want to use command-line git: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs/heads/OPENLDAP_REL_ENG_2_4;sf=tgz Ciao, Michael. Paul B. Henson wrote: > Our LDAP infrastructure is currently running 2.4.35, and consists of two > read/write masters configured in mirror mode behind the load balancer, with > three additional read-only slaves using syncrepl. We recently decided to add > the memberof overlay to our configuration, due to an application that did > not support querying the groups for members. > > I updated our configuration to load the module, and add the overlay, and > proceeded to rip through all of our groups removing and then re-adding the > members in order to populate the memberOf attribute on the user objects. > > While doing so, there were errors logged on all of the servers: > > Oct 10 04:26:09 fosse slapd[9944]: conn=75373 op=184748: > memberof_value_modify DN="uid=tdnguyen1,ou=user,dc=cs > upomona,dc=edu" delete memberOf="uid=classes,ou=group,dc=csupomona,dc=edu" > failed err=16 > > This was expected, as the memberOf attribute did not exist in our current > directory. However, what was unexpected was that the slapd processes started > to mysteriously die while I was trying to repopulate the groups. No log > messages, or any other indication of the failure, just attribute delete > errors: > > Oct 10 04:29:39 filmore slapd[25526]: conn=-1 op=0: memberof_value_modify > DN="uid=rfu,ou=user,dc=csupomona,dc=edu" delete > memberOf="uid=mhr31806,ou=group,dc=csupomona,dc=edu" failed err=16 > Oct 10 04:29:39 filmore slapd[25526]: conn=-1 op=0: memberof_value_modify > DN="uid=rfu,ou=user,dc=csupomona,dc=edu" delete > memberOf="uid=mhr_classes,ou=group,dc=csupomona,dc=edu" failed err=16 > > Then the process was gone. It was definitely related to mass group updates, > they would run for hours with no problems under general use, but as soon as > I started churning group members, bam, one or two of them would go away. > > I ended up backing out the modification, dumping the database, removing all > of the memberOf attributes, and reloading it. I will try to duplicate this > in a test environment with debugging enabled and see if I can get a better > idea what's going on, but I was just curious if anyone had seen anything > like this or knew of any underlying issues with the memberof overlay. > > Thanks much. > > Beste Grüße, Michael Ströder -- Michael Ströder Klauprechtstr. 11 Dipl.-Inform. D-76137 Karlsruhe, Germany Tel.: +49 721 8304316 Mobil: +49 170 2391920 E-Mail: michael@stroeder.com http://www.stroeder.com
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature