Bug#673038: marked as done (slapd: slapcat output truncated every now and then)

Debian Bug Tracking System Sat, 20 Apr 2013 17:36:16 -0700

Your message dated Sun, 21 Apr 2013 00:32:49 +0000
with message-id <e1utid3-00019f...@franck.debian.org>
and subject line Bug#673038: fixed in openldap 2.4.31-1+nmu1
has caused the Debian Bug report #673038,
regarding slapd: slapcat output truncated every now and then
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
673038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673038
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: slapd
Severity: grave
Version: 2.4.23-7.2
Justification: Causes data loss

Every now and then slapcat's output does not contain the whole content
of the LDAP but is truncated at some LDIF entry border (i.e. all printed
LDIF records seem complete).

To reproduce run "while sleep 1; do slapcat | wc; done" on a moderately
busy LDAP server (writes every few seconds to minutes; about 10000
entries) while slapd is running and notice the occasionally occurring
huge change in wc's printed values, e.g.:

# while sleep 1; do slapcat | wc; done
 471698 1015498 15336677
 471698 1015498 15336677
 471698 1015498 15336677
 471698 1015498 15336677
 471698 1015498 15336677
 471698 1015497 15336630
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015497 15336634
 471698 1015498 15336677
 471698 1015497 15336635
 471698 1015497 15336635
 471698 1015497 15336635
 281829  606820 8632165  <--
 471698 1015497 15336635
 471698 1015497 15336635
 471698 1015497 15336635
 308627  664573 9476751  <--
 471698 1015497 15336635
 471698 1015497 15336635
 471698 1015497 15336637
 471698 1015497 15336637
 471698 1015497 15336637
 471698 1015497 15336637
 471698 1015497 15336631
 471698 1015497 15336631
 471698 1015498 15336673
 471698 1015498 15336673
 471698 1015498 15336725
 471698 1015498 15336725
 471698 1015497 15336682
 471698 1015498 15336725
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015497 15336683
 471698 1015498 15336719
 471698 1015497 15336680
 471698 1015497 15336682
 471698 1015497 15336682
 471698 1015497 15336742
 471698 1015497 15336742
 471698 1015497 15336742
 471698 1015497 15336742
 471698 1015497 15336742
 471698 1015498 15336781
 471698 1015498 15336781
 471698 1015498 15336781
 471698 1015498 15336781
 471698 1015498 15336781
 471698 1015498 15336779
 471698 1015498 15336779
 471698 1015497 15336740
 471698 1015497 15336740
 471698 1015497 15336740
 471698 1015497 15336740
 471698 1015496 15336724
 471698 1015496 15336724
 471698 1015496 15336724
 471698 1015496 15336724
 471698 1015496 15336724
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015496 15336727
 471698 1015497 15336763
 471698 1015497 15336763

According to the slapcat man page it should be "always safe to run
slapcat with the slapd-bdb(5) ... backends" even if slapd runs. We do
use a BDB backend.

Using "slapcat -c" instead of just "slapcat" seems only to lower the
error rate a little bit, but it may also be that we just haven't tested
an significant amount of slapcat calls.

Even running "slapcat -d -1" gives no error message and it always exits
with exit code zero, so except checking the output's length there seems
no chance of catching a truncated output.

As slapcat is used to make backups of LDAP database, having an
unreliable slapcat means to have unreliable backups, too. Seems to have
happened with Lenny back then, too:

[...]
-rw-r--r-- 1 root root  1397053 Jul 17  2010 ldif.2010-07-17.gz
-rw-r--r-- 1 root root  1397255 Jul 18  2010 ldif.2010-07-18.gz
-rw-r--r-- 1 root root  1397523 Jul 19  2010 ldif.2010-07-19.gz
-rw-r--r-- 1 root root    89419 Jul 20  2010 ldif.2010-07-20.gz
-rw-r--r-- 1 root root  1398508 Jul 21  2010 ldif.2010-07-21.gz
-rw-r--r-- 1 root root  1397746 Jul 22  2010 ldif.2010-07-22.gz
-rw-r--r-- 1 root root  1398243 Jul 23  2010 ldif.2010-07-23.gz
[...]

Same counts for cases where the slapcat output is used to export the
LDAP content to other database formats like NIS.

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                3.112+nmu2        add and remove users and groups
ii  coreutils              8.5-1             GNU core utilities
ii  debconf [debconf-2.0]  1.5.36.1          Debian configuration management sy
ii  libc6                  2.11.3-3          Embedded GNU C Library: Shared lib
ii  libdb4.8               4.8.30-2          Berkeley v4.8 Database Libraries [
ii  libgnutls26            2.8.6-1+squeeze2  the GNU TLS library - runtime libr
ii  libldap-2.4-2          2.4.23-7.2        OpenLDAP libraries
ii  libltdl7               2.2.6b-2          A system independent dlopen wrappe
ii  libperl5.10            5.10.1-17squeeze3 shared Perl library
ii  libsasl2-2             2.1.23.dfsg1-7    Cyrus SASL - authentication abstra
ii  libslp1                1.2.1-7.8         OpenSLP libraries
ii  libwrap0               7.6.q-19          Wietse Venema's TCP wrappers libra
ii  lsb-base               3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  perl [libmime-base64-p 5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  psmisc                 22.11-1           utilities that use the proc file s
ii  unixodbc               2.2.14p2-1        ODBC tools libraries

Versions of packages slapd recommends:
pn  libsasl2-modules              <none>     (no description available)

Versions of packages slapd suggests:
ii  ldap-utils                    2.4.23-7.2 OpenLDAP utilities

-- Configuration Files:
/etc/default/slapd changed:
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLURPD_START=auto
SLAPD_SERVICES="ldap:// ldap://<someip>:<someport>/ ldaps:///"
SLAPD_OPTIONS=""
SLURPD_OPTIONS=""


-- debconf information:
  slapd/allow_ldap_v2: false
  slapd/password_mismatch:
  slapd/tlsciphersuite:
  slapd/fix_directory: true
  slapd/invalid_config: true
  shared/organization: ethz.ch
  slapd/upgrade_slapcat_failure:
  slapd/slurpd_obsolete:
  slapd/no_configuration: false
  slapd/migrate_ldbm_to_bdb: false
  slapd/move_old_database: true
  slapd/upgrade_slapadd_failure:
  slapd/suffix_change: false
  slapd/slave_databases_require_updateref:
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/autoconf_modules: true
  slapd/purge_database: false
  slapd/domain: ethz.ch
  slapd/backend: BDB
  slapd/dump_database: when needed

--- End Message ---

--- Begin Message ---

Source: openldap
Source-Version: 2.4.31-1+nmu1

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 673...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 16 Apr 2013 03:35:31 +0000
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg 
libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.31-1+nmu1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers 
<pkg-openldap-de...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 673038
Changes: 
 openldap (2.4.31-1+nmu1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
Checksums-Sha1: 
 2ef007b480a44b751596aea8ff11c8ec7859f7c8 3441 openldap_2.4.31-1+nmu1.dsc
 c2d2f92570f007604bf6a147dbb30adb42bd5adc 161504 openldap_2.4.31-1+nmu1.diff.gz
 ba0a6c436c3cbe467388d37e9620c02b89927dff 1776646 slapd_2.4.31-1+nmu1_amd64.deb
 80f0e19537e7bf611693558619da354412fb3f06 79274 
slapd-smbk5pwd_2.4.31-1+nmu1_amd64.deb
 673ce0f93df7fb782df3da72060c97ee59063a62 344302 
ldap-utils_2.4.31-1+nmu1_amd64.deb
 996744efc296299618fea676fb3184be74422eca 242492 
libldap-2.4-2_2.4.31-1+nmu1_amd64.deb
 8f9dd74e198ec7575154a8c118696f3437312f77 474500 
libldap-2.4-2-dbg_2.4.31-1+nmu1_amd64.deb
 eb5e8622839be9d487ce261808eb16edff40f91c 554994 
libldap2-dev_2.4.31-1+nmu1_amd64.deb
 2729a5a77744cf16d9c27c3a6e36b51862a23061 5520892 
slapd-dbg_2.4.31-1+nmu1_amd64.deb
Checksums-Sha256: 
 e5aae6f95e59806cd231309f83c8308c7a5f734af429998c0c0212cd2c661d4f 3441 
openldap_2.4.31-1+nmu1.dsc
 f2f2a8d21cba6ca15f90f29ddd4d92fe88a497b2b9d1d4980d7aa9b7737cecd6 161504 
openldap_2.4.31-1+nmu1.diff.gz
 48de4ad94d33e18584d8c33790ebd7f834c9279d30159e7c5ab7bcb5667d63af 1776646 
slapd_2.4.31-1+nmu1_amd64.deb
 33cbca3d83d4313c8808e0814677da501035a15f6be46caa92953abaf078446f 79274 
slapd-smbk5pwd_2.4.31-1+nmu1_amd64.deb
 b03b95b402e82d53c455f0203dc5c1ef0ab5974e6b3c9eb16a9319bf3a5985f6 344302 
ldap-utils_2.4.31-1+nmu1_amd64.deb
 ada3ffd135b2c0fb42b8563c3b4e380a80e37f58825df1bc091e73eac854035b 242492 
libldap-2.4-2_2.4.31-1+nmu1_amd64.deb
 c6535de348de35acb550a882fdc07e0464ded43d8632cd07774d2246792a20e6 474500 
libldap-2.4-2-dbg_2.4.31-1+nmu1_amd64.deb
 6b1c710b1ef7af829d9501411c80b23113dd296fa61bd07f92edd31029532b48 554994 
libldap2-dev_2.4.31-1+nmu1_amd64.deb
 af23c24c471958bba626ae1aa39f5acf3fb626ccc228282ed5f18fbda8151096 5520892 
slapd-dbg_2.4.31-1+nmu1_amd64.deb
Files: 
 df74d45dbc5e202f75007288c4657bbf 3441 net optional openldap_2.4.31-1+nmu1.dsc
 7173b719cbf35a9fe7d7d5733eaaa6c5 161504 net optional 
openldap_2.4.31-1+nmu1.diff.gz
 cb195bc8aa062dc3022467f4ea3f4def 1776646 net optional 
slapd_2.4.31-1+nmu1_amd64.deb
 54e027716788f93934ca24d56bbebdcd 79274 net extra 
slapd-smbk5pwd_2.4.31-1+nmu1_amd64.deb
 4f8fa7f8066493c2db826e7702afbede 344302 net optional 
ldap-utils_2.4.31-1+nmu1_amd64.deb
 33cf08ccb0f9cc5c9e1924de84c35811 242492 libs standard 
libldap-2.4-2_2.4.31-1+nmu1_amd64.deb
 5de5b869556194eee26819a75a9bb867 474500 debug extra 
libldap-2.4-2-dbg_2.4.31-1+nmu1_amd64.deb
 76f9c93c577372359e61ccda7e154556 554994 libdevel extra 
libldap2-dev_2.4.31-1+nmu1_amd64.deb
 0bf7a0a71166da33025453477d95332c 5520892 debug extra 
slapd-dbg_2.4.31-1+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJRb1dMAAoJELjWss0C1vRzFJQf/3lzigE1P5mMRDZ8Kk+1yg/p
IX0HCn3NzrgVTjXzytq8lSh4GD3IcN7EcjzTwjac5y9NzfMjpaf3OheTIGxCZRL2
0T1iIPpVre3KeroDWCwLlo3mijMHbbsUc41DGYJqSZlqEsJukxR05CXjVNMlGJuY
1zeyaKfV3b5cYKdthQDgquFc7TdZw34boeWnmP48lYHnoDafF75Ql9Zt+CyNUacr
4CPngSa3GW2Y9ujHsZ7SYkl41ijKXIInMO/1U5gkqEFqgt2o1gn30P+GR1qm91Be
dTN0AYmvd+UUk5Cf9YIysFG6un/S8JevZryEY3Nrt96AS9/gDLTADKblNRCSRx2e
WcSASDYFdHfWvRV+ZB625dJbOjIURNQiXYcV/FFRTV+ZMzJm0r1qaUzQ0JsRnoGV
Ierzgnus4z5/AS5dhxT1WgCcicaieHPdU8+9tZ/bTUb+sxfsgtRBc4pEIryt7wc1
lLFB6PPaEP7uM0wClMgDmy3bRfQtgWHzM5ZQ5aYwaoRDA5GrjsKi6VFiXB823med
QRoWZ03cVB3nKyT9x2AY8uSgCETAXc5T9+jFliLFbw/t+K7DuZKl9jk4LQYj2GsM
0r9uHZvPQs1aJ0VNg/yCJVElCQMb85xDPMTISgZ/q8iLmIIxnaGwjEwUTSydSSXn
IvVFp5kGo3ApgtStoyWaoaCq9rgiDU9DZ993VwMbPpI0K3VGqLczexoWy8fHuqYg
JLPbxomq7YCQGu+1firpgTURW96Vdi25+FoolnFb67hBQMMojmmnGO1q5zoc+Fkk
ZO7ERE8P6sizt6g8FpUyCxVLVFa6fX9c57Xvl0FGAxSIrVaH3iJGqnIpmIFbSnI1
n5O66SE2vs2vZX+pZJ0MMWlK9BbyZuO7vUutj5IHARpzPzn3Zv3R1sLX2Ua2sLSC
xVXTNWbn21zfpnytvQiCwPfzbVTC0XRgE+H8bb2KNnoM6XoMs2SbZtnwLjxwzixx
2HWI2cTvUbO2WUF3i+3w1Sv151SOK//TjmwSa+BFDJBJnmcoRZ9JgHGvIyy4sScb
xiXPAfv8AWO+12wVuOphIhDrY0A/GmSbqPVv+FufMC55iLDZKvd5lY5kUfDjp9qb
9dFro6PfS6YwYI04zrIaglin3sPjD8iKjDAthSw3hm94anHV0pLFaZsHa5YsF3d/
RxIm66gaSR5LywWQWbRGhB+GzyXNHBqeYuYxR3UCt7A8QZotBuvxC7mFTiCrcbfS
vqn7kKT4J6k0zsY0MLfYQvYL817VI+FbFDjAOFaccfeGtSysiwYOWH3Ro07FmFlj
n5HcxCdpuvEuaXVAaktsUqgfBRF6mZEEkVcD9DOrKlmGdhMR3izIKfmI3Fl4sN8=
=Ad3x
-----END PGP SIGNATURE-----

--- End Message ---

Bug#673038: marked as done (slapd: slapcat output truncated every now and then)

Reply via email to