On Thu, Feb 12, 2026 at 12:09:50PM +0100, Ondřej Kuzník wrote: > On Thu, Feb 12, 2026 at 10:31:41AM +0100, Bastian Tweddell wrote: >> The cn=config db is modified through an ldap connection. I use ansible >> to deploy a container (podman/k8s) which runs slapd, and when in >> bootstrap mode, ansible also deploys the cn=config in a second step. The >> connections and ops are logged: >> [...] >> Ansible uses python-ldap on the target system. > > Interesting, what if you up the loglevel then (at least add sync into > the mix, but more the better)? Also when it's not doing anything, can > you attach gdb to it and see what it's doing whether it's truly idle? > And it's happily handling other traffic just fine in the meantime? > [...] > Possibly, if you can set up something reproducible, as I said it > shouldn't happen so smells like a bug worth investigating.
Also smells like ITS#9878, especially if things clear up after any new traffic comes in. Unfortunately this one couldn't be fixed in 2.6 but 2.7 handles these properly. If it indeed is ITS#9878, just using cn=monitor which you want to interact with in production deployments will probably make sure you never get stuck like this. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
