Project

General

Profile

Actions

Bug #6780

closed

Node not included in dynamic group due to openldap bug with modrdn not showing node children

Added by Dennis Cabooter almost 9 years ago. Updated about 8 years ago.

Status:
Released
Priority:
N/A
Category:
Server components
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Some queries are sometimes (seems only on Centos/RedHat) not returning the proper list of nodes
The cause is the idlcache of openldap, which store the cache of ONE and SUB queries for entries. However, if we move an entry (with modrdn) with subchildren, it fails to properly update the subchildren in the cache - hene no result
Deactivating the idlcache, or restarting slapd circumvent the issue

A patch was proposed by Jon (attached), and a ticket opened at on OpenLDAP bug tracker ( http://www.openldap.org/its/index.cgi/Incoming?id=8378 )

Below, old ticket description

Some times a week The Rudder web interface stops working properly. Searching times out and the pie charts on the dashboard don't appear. There is no error in slapd.log, but there is an indication that LDAP is the culprit in the webapp logs:

[2015-06-22 14:59:21] ERROR com.normation.ldap.sdk.ROPooledSimpleAuthConnectionProvider - Can't execute LDAP request
com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 3, base DN 'cn=rudder-configuration', scope SUB, and filter '(&(|(objectClass=rudderNode)(&(objectClass=node)(entryDN:dnOneLevelMatch:=ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration)))(modifyTimestamp>=20150622100542.001Z))' from server localhost:389.

As Nicolas Charles suggested on IRC, I stopped rudder-jetty and rudder-slapd. However, rudder-jetty is started automagically within 5 minutes and i had to forcestop slapd. Then i reindexed LDAP and started the services. The problem didn't go away unfortunatly.


Files

slapd.conf (2.89 KB) slapd.conf slapd Nicolas CHARLES, 2015-06-30 10:13
DB_CONFIG (580 Bytes) DB_CONFIG db_config Nicolas CHARLES, 2015-06-30 10:13
networkInterface (8.22 KB) networkInterface Nicolas CHARLES, 2015-06-30 10:14
openldap-dn2id-modrdn-idlcache-sub.patch (1.27 KB) openldap-dn2id-modrdn-idlcache-sub.patch Nicolas CHARLES, 2016-02-23 08:38

Subtasks 2 (0 open2 closed)

Bug #7965: Apply patches on openldap in Rudder >= 3.0ReleasedJonathan CLARKE2016-02-23Actions
Bug #8000: Broken LDAP on Rudder nightlyReleasedAlexis Mousset2016-02-29Actions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #6931: Update OpenLDAP to 2.4.41ReleasedVincent MEMBRÉ2015-07-06Actions
Actions

Also available in: Atom PDF