Re: ldapd(8) hangs when receiving large data

Robert Klein Wed, 01 Mar 2017 04:11:46 -0800

Hi,

On Wed,  1 Mar 2017 01:25:20 -0300 (BRT)
Gleydson Soares <[email protected]> wrote:


> Forgot to mention openldap-client version:
> I've installed from OpenBSD ports (-current) 
> 
> % pkg_info openldap-client
> Information for inst:openldap-client-2.4.44p3
> 
> % ldapadd -VV
> ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.44 (Feb 21 2017 14:12:00) $
>       
> @amd64-2.ports.openbsd.org:/usr/obj/ports/openldap-2.4.44/build-amd64/clients/tools
>       (LDAP library: OpenLDAP 20444)


I used 

~> ldapadd -VV
ldapadd: @(#) $OpenLDAP: ldapmodify 2.4.41 $
        [email protected]
        (LDAP library: OpenLDAP 20441)


I'd like to use another client to see, if this crops up there, too,
but there don't seem to be many LDAP client libraries around that don't
depend on openLDAP deep in their bowels, unfortunately (except probably
Java JNDI, but let's not go there).


In reply to your other mail, not every image triggers the issue.  Could
you try this one: http://www.roklein.de/new_theory_logo.jpg  It is 7155
bytes large.


I now tested with a “real” (i.e. not self-certified) certificate, now,
and ldapadd gets stuck, too.


Side note, if you CTRL-C ldapd(8), "ldapadd -v -d7" spits out the
following at the end:

** ld 0x55f6bdcb5770 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x55f6bdcb5770 request count 1 (abandoned 0)
** ld 0x55f6bdcb5770 Response Queue:
   Empty
  ld 0x55f6bdcb5770 response count 0
ldap_chkResponseList ld 0x55f6bdcb5770 msgid 2 all 1
ldap_chkResponseList returns ld 0x55f6bdcb5770 NULL
ldap_int_select
read1msg: ld 0x55f6bdcb5770 msgid 2 all 1
ber_get_next
tls_read: want=5, got=0

ldap_read: want=8, got=0

ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
tls_write: want=31, written=31
  0000:  15 03 03 00 1a 4c 46 29  c5 c3 4a 16 e8 c2 d3
61   .....LF)..J....a 0010:  ef c6 c0 d0 5d a5 40 ad  7b 23 db e2 88 4f
39      ....].@.{#...O9 TLS trace: SSL3 alert write:warning:close notify
ldap_free_connection: actually freed
tls_read: want=5 error=Bad file descriptor
add objectclass:
        inetOrgPerson
add cn:
        Robert Smith
        Robert J Smith
        bob  smith
add sn:
        smith
add uid:
        rjsmith
add jpegPhoto:
        NOT ASCII (7155 bytes)
add userpassword:
        rJsmitH
add carlicense:
        HISCAR 123
add homephone:
        555-111-2222
add mail:
        [email protected]
        [email protected]
        [email protected]
add description:
        swell guy
add ou:
        Human Resources
adding new entry "cn=Robert Smith,ou=people,dc=example,dc=com"



Best regards
Robert




> 
> Gleydson Soares <[email protected]> writes:
> > Hi,
> > 
> > I can't reproduce... this just works fine here without hangs, 
> > I'm using OpenBSD -current, ldapd(as of today) + TLS (self-signed
> > TLS certificate). 
> > 
> > The ldifs and image(54.7K) are available at:
> > http://shutupandhack.org/~gsoares/tmp/1.ldif
> > http://shutupandhack.org/~gsoares/tmp/2.ldif
> > http://shutupandhack.org/~gsoares/tmp/sample.jpeg
> > 
> > could you try to reproduce using the files above? 
> > let me know if I missed anything. 
> > following more details about my tests:
> > 
> > *ldif*
> > 
> > dn: cn=Robert1 Smith,ou=people,dc=example,dc=com
> > objectclass: inetOrgPerson
> > cn: Robert1 Smith
> > cn: Robert1 J Smith
> > cn: bob  smith
> > sn: smith
> > uid: rjsmith
> > ## Please specify a file that would cause conn_read() to be called
> > ## multiple times. I tried around 2KB, 3KB, 5KB and 13KB files for
> > ## jpegPhoto attribute.
> > jpegPhoto:< file:///home/gsoares/sample.jpeg
> > userpassword: rJsmitH
> > carlicense: HISCAR 123
> > homephone: 555-111-2222
> > mail: [email protected]
> > mail: [email protected]
> > mail: [email protected]
> > description: swell guy
> > ou: Human Resources
> > 
> > *Adding(no hangs)*
> > 
> > % ldapadd -vv -H ldaps://127.0.0.1 -x -D
> > 'cn=admin,dc=example,dc=com' -w secret -f ./2.ldif
> > ldap_initialize( ldaps://127.0.0.1:636/??base ) add objectclass:
> >     inetOrgPerson
> > add cn:
> >     Robert1 Smith
> >     Robert1 J Smith
> >     bob  smith
> > add sn:
> >     smith
> > add uid:
> >     rjsmith
> > add jpegPhoto:
> >     NOT ASCII (56060 bytes)
> > add userpassword:
> >     rJsmitH
> > add carlicense:
> >     HISCAR 123
> > add homephone:
> >     555-111-2222
> > add mail:
> >     [email protected]
> >     [email protected]
> >     [email protected]
> > add description:
> >     swell guy
> > add ou:
> >     Human Resources
> > adding new entry "cn=Robert1 Smith,ou=people,dc=example,dc=com"
> > modify complete
> > 
> > *Searching*
> > 
> > % ldapsearch -tt -T ./ -LLL -H ldaps://127.0.0.1 -x -D
> > 'cn=admin,dc=example,dc=com' -w secret -b 'cn=Robert1
> > Smith,ou=people,dc=example,dc=com' jpegPhoto dn: cn=robert1
> > smith,ou=people,dc=example,dc=com jpegPhoto:<
> > file:///.//ldapsearch-jpegPhoto-38ROnW
> > 
> > 
> > *ldapd debug*
> > 
> > Mar  1 00:11:30.650 [6247] accepted connection from 127.0.0.1 on fd
> > 11 Mar  1 00:11:30.650 [6247] conn_tls_init: switching to TLS
> > Mar  1 00:11:30.683 [6247] consumed 46 bytes
> > Mar  1 00:11:30.683 [6247] got request type 0, id 1
> > Mar  1 00:11:30.683 [6247] bind dn = cn=admin,dc=example,dc=com
> > Mar  1 00:11:30.683 [6247] successfully authenticated as
> > cn=admin,dc=example,dc=com Mar  1 00:11:30.683 [6247] sending
> > response 1 with result 0 Mar  1 00:11:30.684 [6247] consumed 43997
> > bytes Mar  1 00:11:30.684 [6247] got request type 8, id 2
> > Mar  1 00:11:30.684 [6247] adding entry cn=robert
> > smith,ou=people,dc=example,dc=com Mar  1 00:11:30.685 [6247]
> > indexing cn=robert smith,ou=people,dc=example,dc=com on objectClass
> > Mar  1 00:11:30.685 [6247] indexing cn=robert
> > smith,ou=people,dc=example,dc=com on cn Mar  1 00:11:30.685 [6247]
> > indexing cn=robert smith,ou=people,dc=example,dc=com on ou Mar  1
> > 00:11:30.685 [6247] indexing cn=robert
> > smith,ou=people,dc=example,dc=com on uid Mar  1 00:11:30.685 [6247]
> > indexing cn=robert smith,ou=people,dc=example,dc=com on mail Mar  1
> > 00:11:30.685 [6247] indexing cn=robert
> > smith,ou=people,dc=example,dc=com on sn Mar  1 00:11:30.685 [6247]
> > indexing rdn on @ou=people,cn=robert smith Mar  1 00:11:30.697
> > [6247] sending response 9 with result 0 Mar  1 00:11:30.698 [6247]
> > consumed 7 bytes Mar  1 00:11:30.698 [6247] got request type 2, id
> > 3 Mar  1 00:11:30.698 [6247] current bind dn =
> > cn=admin,dc=example,dc=com Mar  1 00:11:30.698 [6247] end-of-file
> > on connection 11 Mar  1 00:11:30.698 [6247] closing connection 11
> > Mar  1 00:16:11.313 [6247] accepted connection from 127.0.0.1 on fd
> > 11 Mar  1 00:16:11.313 [6247] conn_tls_init: switching to TLS Mar
> > 1 00:16:11.346 [6247] consumed 46 bytes Mar  1 00:16:11.346 [6247]
> > got request type 0, id 1 Mar  1 00:16:11.346 [6247] bind dn =
> > cn=admin,dc=example,dc=com Mar  1 00:16:11.346 [6247] successfully
> > authenticated as cn=admin,dc=example,dc=com Mar  1 00:16:11.346
> > [6247] sending response 1 with result 0 Mar  1 00:16:11.347 [6247]
> > consumed 56469 bytes Mar  1 00:16:11.347 [6247] got request type 8,
> > id 2 Mar  1 00:16:11.347 [6247] adding entry cn=robert
> > smith,ou=people,dc=example,dc=com Mar  1 00:16:11.347 [6247]
> > cn=robert smith,ou=people,dc=example,dc=com: already exists Mar  1
> > 00:16:11.347 [6247] sending response 9 with result 68 Mar  1
> > 00:16:11.348 [6247] consumed 7 bytes Mar  1 00:16:11.348 [6247] got
> > request type 2, id 3 Mar  1 00:16:11.348 [6247] current bind dn =
> > cn=admin,dc=example,dc=com Mar  1 00:16:11.348 [6247] end-of-file
> > on connection 11 Mar  1 00:16:11.348 [6247] closing connection 11
> > Mar  1 00:16:35.836 [6247] accepted connection from 127.0.0.1 on fd
> > 11 Mar  1 00:16:35.836 [6247] conn_tls_init: switching to TLS Mar
> > 1 00:16:35.872 [6247] consumed 46 bytes Mar  1 00:16:35.872 [6247]
> > got request type 0, id 1 Mar  1 00:16:35.873 [6247] bind dn =
> > cn=admin,dc=example,dc=com Mar  1 00:16:35.873 [6247] successfully
> > authenticated as cn=admin,dc=example,dc=com Mar  1 00:16:35.873
> > [6247] sending response 1 with result 0 Mar  1 00:16:35.874 [6247]
> > consumed 56472 bytes Mar  1 00:16:35.874 [6247] got request type 8,
> > id 2 Mar  1 00:16:35.874 [6247] adding entry cn=robert1
> > smith,ou=people,dc=example,dc=com Mar  1 00:16:35.874 [6247]
> > indexing cn=robert1 smith,ou=people,dc=example,dc=com on
> > objectClass Mar  1 00:16:35.874 [6247] indexing cn=robert1
> > smith,ou=people,dc=example,dc=com on cn Mar  1 00:16:35.874 [6247]
> > indexing cn=robert1 smith,ou=people,dc=example,dc=com on ou Mar  1
> > 00:16:35.874 [6247] indexing cn=robert1
> > smith,ou=people,dc=example,dc=com on uid Mar  1 00:16:35.874 [6247]
> > indexing cn=robert1 smith,ou=people,dc=example,dc=com on mail Mar
> > 1 00:16:35.874 [6247] indexing cn=robert1
> > smith,ou=people,dc=example,dc=com on sn Mar  1 00:16:35.874 [6247]
> > indexing rdn on @ou=people,cn=robert1 smith Mar  1 00:16:35.876
> > [6247] sending response 9 with result 0 Mar  1 00:16:35.876 [6247]
> > consumed 7 bytes Mar  1 00:16:35.877 [6247] got request type 2, id
> > 3 Mar  1 00:16:35.877 [6247] current bind dn =
> > cn=admin,dc=example,dc=com Mar  1 00:16:35.877 [6247] closing
> > connection 11 Mar  1 00:19:29.363 [6247] accepted connection from
> > 127.0.0.1 on fd 11 Mar  1 00:19:29.363 [6247] conn_tls_init:
> > switching to TLS Mar  1 00:19:29.408 [6247] consumed 46 bytes Mar
> > 1 00:19:29.408 [6247] got request type 0, id 1 Mar  1 00:19:29.408
> > [6247] bind dn = cn=admin,dc=example,dc=com Mar  1 00:19:29.408
> > [6247] successfully authenticated as cn=admin,dc=example,dc=com
> > Mar  1 00:19:29.408 [6247] sending response 1 with result 0 Mar  1
> > 00:19:29.409 [6247] consumed 94 bytes Mar  1 00:19:29.409 [6247]
> > got request type 3, id 2 Mar  1 00:19:29.409 [6247] base dn =
> > cn=robert1 smith,ou=people,dc=example,dc=com, scope = 2 Mar  1
> > 00:19:29.409 [6247] init full scan Mar  1 00:19:29.409 [6247] found
> > dn cn=robert1 smith,ou=people,dc=example,dc=com Mar  1 00:19:29.410
> > [6247] found dn cn=robert smith,ou=people,dc=example,dc=com Mar  1
> > 00:19:29.410 [6247] scanned past basedn suffix Mar  1 00:19:29.410
> > [6247] 2 scanned, 1 matched, 0 dups Mar  1 00:19:29.410 [6247]
> > sending response 5 with result 0 Mar  1 00:19:29.410 [6247] search
> > failed: Invalid argument Mar  1 00:19:29.410 [6247] finished search
> > on msgid 2 Mar  1 00:19:29.412 [6247] consumed 7 bytes Mar  1
> > 00:19:29.412 [6247] got request type 2, id 3 Mar  1 00:19:29.412
> > [6247] current bind dn = cn=admin,dc=example,dc=com Mar  1
> > 00:19:29.412 [6247] end-of-file on connection 11 Mar  1
> > 00:19:29.412 [6247] closing connection 11
>

Re: ldapd(8) hangs when receiving large data

Reply via email to