[Bug 1185908] [NEW] slapd: slapcat output truncated every now and then

Launchpad Bug Tracker 1185908 at bugs.launchpad.net
Tue Jun 4 16:36:52 UTC 2013


You have been subscribed to a public bug by Ryan Tandy (rtandy):

SRU justification:

[Impact]

The slapd tools (slapcat, slapadd, et al) don't retry after failing to
acquire a BDB read lock, and on a busy LDAP server can sometimes return
incomplete data. This could result in data loss, for example when
slapcat is used to take a hot backup.

Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673038
OpenLDAP thread: http://www.openldap.org/lists/openldap-technical/201301/msg00195.html
OpenLDAP ITS:
 - http://www.openldap.org/its/index.cgi?findid=6365
 - http://www.openldap.org/its/index.cgi?findid=7503

The impact is limited to slapd servers with a write load high enough to
generate lock contention. It's been present at least since 2.4.17 and
maybe longer, and at least some people got used to working around it,
e.g. [1], but not everyone is aware that the problem exists.

The fix is minimal and has been tested in OpenLDAP upstream and Debian
wheezy.

[1] https://github.com/elmar/ldap-git-backup/blob/master/README.mdown
#safe-ldif

[Test Case]

# apt-get install ldap-utils slapd
<configure admin password>
# ldapadd -D cn=admin,dc=nodomain -w adminpw <<end
dn: cn=test,dc=nodomain
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: test
userPassword: test

end
# while true; do slapcat | wc -l; done

and in another terminal...

$ while true; do ldappasswd -H ldap:// -D cn=admin,dc=nodomain -w
adminpw cn=test,dc=nodomain; done

In the first terminal, note that the output from wc is usually 41 but
sometimes smaller. It should be the same line count every time.

[Regression Potential]

The regression risk should be small. The change is minimal, was authored
by upstream, and has been accepted and released in Debian wheezy. I
admit to not being familiar enough with the code to comment in detail on
what regressions might be possible. If the fix were faulty wrt locking,
I would hope for it to turn up during verification since the test case
involves inducing a heavy write load on the server.

original description:

Debian #673038 was fixed in wheezy but the fix has never been merged to
Ubuntu. I verified the existence of this bug in precise, quantal,
raring, and saucy using more or less the procedure from
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673038#111:

# apt-get install ldap-utils slapd
<configure admin password>
# ldapadd -D cn=admin,dc=nodomain -w adminpw <<end
dn: cn=test,dc=nodomain
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: test
userPassword: test

end
# while true; do slapcat | wc -l; done

and in another terminal...

$ while true; do ldappasswd -H ldap:// -D cn=admin,dc=nodomain -w
adminpw cn=test,dc=nodomain; done

In the first terminal, note that the output from wc is usually 41 but
sometimes smaller. It should be the same line count every time.

I'm building and testing patched packages now and will post debdiffs
shortly.

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: openldap (Ubuntu Precise)
     Importance: Medium
         Status: Triaged

** Affects: openldap (Ubuntu Quantal)
     Importance: Medium
         Status: Triaged

** Affects: openldap (Ubuntu Raring)
     Importance: Medium
         Status: Triaged

** Affects: openldap (Debian)
     Importance: Unknown
         Status: Fix Released


** Tags: patch precise quantal raring
-- 
slapd: slapcat output truncated every now and then
https://bugs.launchpad.net/bugs/1185908
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list