Bug #6780
closedNode not included in dynamic group due to openldap bug with modrdn not showing node children
Description
Some queries are sometimes (seems only on Centos/RedHat) not returning the proper list of nodes
The cause is the idlcache of openldap, which store the cache of ONE and SUB queries for entries. However, if we move an entry (with modrdn) with subchildren, it fails to properly update the subchildren in the cache - hene no result
Deactivating the idlcache, or restarting slapd circumvent the issue
A patch was proposed by Jon (attached), and a ticket opened at on OpenLDAP bug tracker ( http://www.openldap.org/its/index.cgi/Incoming?id=8378 )
Below, old ticket description
Some times a week The Rudder web interface stops working properly. Searching times out and the pie charts on the dashboard don't appear. There is no error in slapd.log, but there is an indication that LDAP is the culprit in the webapp logs:
[2015-06-22 14:59:21] ERROR com.normation.ldap.sdk.ROPooledSimpleAuthConnectionProvider - Can't execute LDAP request com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 3, base DN 'cn=rudder-configuration', scope SUB, and filter '(&(|(objectClass=rudderNode)(&(objectClass=node)(entryDN:dnOneLevelMatch:=ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration)))(modifyTimestamp>=20150622100542.001Z))' from server localhost:389.
As Nicolas Charles suggested on IRC, I stopped rudder-jetty and rudder-slapd. However, rudder-jetty is started automagically within 5 minutes and i had to forcestop slapd. Then i reindexed LDAP and started the services. The problem didn't go away unfortunatly.
Files