Bug#1021703: slapd crashes when too many clients connect in a short period of time.
Frank Menzel
menzel at sipgate.de
Thu Oct 13 11:14:28 BST 2022
Package: slapd
Version: 2.4.57+dfsg-3+deb11u1
Severity: important
Dear Maintainer,
When many clients connect to a slapd in a short period of time we
noticed to different versions of a crash:
* slapd crashes with following error:
slapd: ../../../../servers/slapd/daemon.c:1957: slap_listener: \
Assertion `SLAP_SOCK_NOT_ACTIVE( tid, sfd )' failed.
* sometimes slapd does not crash, but transforms into a zombie state:
* New connections are not accepted
* some established connections seem to work, some don't
* when sending a SIGTERM the process prints:
slapd shutdown: waiting for 129 operations/tasks to finish
* ...but it never stops and has to be killed by SIGKILL
We first observed this within our production environment. We created a
python script to stress the slapd and could reproduce the behaviour in
our DEV environment as well.
The script can be found here: https://paste.debian.net/hidden/dbf61b60/
We were able to reliably crash the slapd by running the script from 3 machines at
the same time.
* What led up to the situation?
We installed slapd in the following environment:
* We use cn=config approach
* We are using GSSAPI/kerberos auth with startTLS
* Problem appears both on a slapd master and on a syncrepl host
* Appears both with included init script and custom unitfile
* openfiles limit for slapd has been raised to 16k
* Loaded Modules: syncprov and back_mdb
* We only modified/set the following settings:
* olcSaslHost
* olcSaslRealm
* olcSaslSecProps
* olcTLS*
* Current slapd commandline (through systemd unitfile):
* /usr/sbin/slapd -d0 -h ldap:/// ldapi:/// -g openldap \
-u openldap -F /etc/ldap/slapd.d
* What exactly did you do (or not do) that was effective (or
ineffective)?
* Update to bullseye backports version behaves the same
-- System Information:
Debian Release: 11.5
APT prefers stable-security
APT policy: (550, 'stable-security'), (550, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-18-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages slapd depends on:
ii adduser 3.118
ii coreutils 8.32-4+b1
ii debconf [debconf-2.0] 1.5.77
ii libc6 2.31-13+deb11u4
ii libcrypt1 1:4.4.18-4
ii libdb5.3 5.3.28+dfsg1-0.8
ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1
ii libltdl7 2.4.6-15
ii libodbc1 2.3.6-0.1+b1
ii libperl5.32 5.32.1-4+deb11u2
ii libsasl2-2 2.1.27+dfsg-2.1+deb11u1
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii perl [libmime-base64-perl] 5.32.1-4+deb11u2
ii psmisc 23.4-2
Versions of packages slapd recommends:
ii ldap-utils 2.4.57+dfsg-3+deb11u1
Versions of packages slapd suggests:
ii libsasl2-modules 2.1.27+dfsg-2.1+deb11u1
ii libsasl2-modules-gssapi-heimdal 2.1.27+dfsg-2.1+deb11u1
-- Configuration Files:
/etc/default/slapd changed [not included]
/etc/ldap/schema/nis.ldif changed [not included]
/etc/ldap/schema/nis.schema changed [not included]
-- debconf information excluded
More information about the Pkg-openldap-devel
mailing list