https://bugs.openldap.org/show_bug.cgi?id=9820
Issue ID: 9820
Summary: v2.5 and 2.6 closed (idletimeout) during ldapsearch
(work fine with v2.4)
Product: OpenLDAP
Version: 2.6.1
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hello,
Please excuse me for my bad English.
Is there a bug with openldap 2.5 and 2.6 ? When I launch a ldapsearch on the
whole directory, the connection is abruptly cut during the search (same problem
with syncrepl).
All work fine with openldap 2.4.48 and 2.4.59.
Tested on Debian 10 buster and openssl 1.1.1n (also tested with openssl 1.1.1d
and 1.1.1k).
The directory contains over one million entries.
OpenLDAP 2.6.1 compiled with the following options
./configure --prefix=/opt/openldap-2.6.1 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.6.1/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
...
# numResponses: 50146
# numEntries: 50146
ldap_result: Can't contact LDAP server (-1)
Apr 8 21:28:37 debian slapd[20880]: @(#) $OpenLDAP: slapd 2.6.1 (Apr 8 2022
20:34:26) $#012#011root@debian:/opt/src/openldap-2.6.1/servers/slapd
Apr 8 21:28:37 debian slapd[20881]: slapd starting
Apr 8 21:29:12 debian slapd[20881]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.6.1/var/run/ldapi (PATH=/opt/openldap-2.6.1/var/run/ldapi)
Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71
Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 RESULT tag=97 err=0
qtime=0.000005 etime=0.000041 text=
Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr 8 21:29:57 debian slapd[20881]: conn=1000 fd=11 closed (idletimeout)
OpenLDAP 2.5.11 compiled with the following options
./configure --prefix=/opt/openldap-2.5.11 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.5.11/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
...
# numResponses: 44638
# numEntries: 44638
ldap_result: Can't contact LDAP server (-1)
Apr 8 21:44:18 debian slapd[21063]: @(#) $OpenLDAP: slapd 2.5.11 (Apr 8 2022
20:55:50) $#012#011root@debian:/opt/src/openldap-2.5.11/servers/slapd
Apr 8 21:44:18 debian slapd[21064]: slapd starting
Apr 8 21:44:45 debian slapd[21064]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.5.11/var/run/ldapi
(PATH=/opt/openldap-2.5.11/var/run/ldapi)
Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71
Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 RESULT tag=97 err=0
qtime=0.000006 etime=0.000045 text=
Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr 8 21:45:30 debian slapd[21064]: conn=1000 fd=11 closed (idletimeout)
OpenLDAP 2.4.59 compiled with the following options
./configure --prefix=/opt/openldap-2.4.59 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.4.59/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
Apr 8 21:53:22 debian slapd[17963]: @(#) $OpenLDAP: slapd 2.4.59 (Apr 8 2022
21:51:41) $#012#011root@debian:/opt/src/openldap-2.4.59/servers/slapd
Apr 8 21:53:22 debian slapd[17964]: slapd starting
Apr 8 21:53:54 debian slapd[17964]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.4.59/var/run/ldapi
(PATH=/opt/openldap-2.4.59/var/run/ldapi)
Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0
Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 RESULT tag=97 err=0 text=
Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=1 SEARCH RESULT tag=101 err=0
nentries=1021397 text=
Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=2 UNBIND
Apr 8 22:06:02 debian slapd[17964]: conn=1000 fd=11 closed
OpenLDAP 2.4.48 compiled with the following options
./configure --prefix=/opt/openldap-2.4.48 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.4.48/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
Apr 8 21:30:44 debian slapd[20942]: @(#) $OpenLDAP: slapd 2.4.48 (Apr 8 2022
20:58:01) $#012#011root@debian:/opt/src/openldap-2.4.48/servers/slapd
Apr 8 21:30:44 debian slapd[20943]: slapd starting
Apr 8 21:31:05 debian slapd[20943]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.4.48/var/run/ldapi
(PATH=/opt/openldap-2.4.48/var/run/ldapi)
Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0
Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 RESULT tag=97 err=0 text=
Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=1 SEARCH RESULT tag=101 err=0
nentries=1021397 text=
Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=2 UNBIND
Apr 8 21:43:15 debian slapd[20943]: conn=1000 fd=11 closed
Content of slapd.conf :
pidfile /opt/openldap/var/run/slapd.pid
argsfile /opt/openldap/var/run/slapd.args
tool-threads 2
require ldapv3 authc
disallow bind_anon
loglevel stats
modulepath /opt/openldap/libexec/openldap
moduleload back_mdb
moduleload syncprov
include /opt/openldap/etc/openldap/schema/core.schema
include /opt/openldap/etc/openldap/schema/cosine.schema
include /opt/openldap/etc/openldap/schema/inetorgperson.schema
include /opt/openldap/etc/openldap/schema/dyngroup_cgi.schema
include /opt/openldap/etc/openldap/schema/qmail_cgi.schema
defaultsearchbase "dc=societe,dc=com"
backend mdb
database mdb
directory "/ldap/base-ldap"
suffix "dc=societe,dc=com"
rootdn "cn=manager,dc=societe,dc=com"
rootpw password
maxsize 12884901888
mode 600
checkpoint 10240 2
dbnosync
lastmod on
include /opt/openldap/etc/openldap/acl.conf
idletimeout 120
reverse-lookup off
sizelimit 100
timelimit unlimited
include /opt/openldap/etc/openldap/index.conf
index_substr_if_minlen 2
index_substr_if_maxlen 4
index_substr_any_len 4
index_substr_any_step 2
When I set loglevel -1 it works correctly (but generates a very huge log file).
It's very strange.
If you need any further information, feel free to contact me.
Jean-Loup Gregoire
--
You are receiving this mail because:
You are on the CC list for the issue.
