slapd syncrepl failing using SASL

Bug #783836 reported by Serge
26
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Fix Released
High
James Page
Lucid
Fix Released
High
James Page
Maverick
Invalid
High
James Page

Bug Description

SRU INFORMATION:

IMPACT:
Replication failure occurs after some time when using TLS/LDAPS with SASL/GSSAPI; this normally happens when under high throughput.

FIX:
Cherry picked from upstream commit:
  http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=f32f1a45d4e4f3259e33cedc3571c27787add409

Very small change.

This issue has already been fixed in 2.4.24 (.25 in Oneiric) so impacts Lucid and Maverick (and potentially Natty). The upstream bug report contains commentary on the effectiveness of the fix.
  http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6639

TEST CASE:
Two node test rig in ec2 has been setup; trying to find a re-producable test case however this is proving problematic as its hard to generate the required high throughput load that causes the issue.

REGRESSION POTENTIAL:
Bug fix provided by Chief Architect of the OpenLDAP project so should be trustworthy.

>>>>>>>>>>>>>>>>>>>>>>>>>>.

Original Bug Report:

Binary package hint: slapd

Replication fails after a while with

slapd[29003]: Entry reqStart=20110516160335.000018Z,cn=accesslog CSN 20110513192902.055251Z#000000#000#000000 older or equal to ctx 20110513192902.055251Z#000000#000#000000

send_search_entry: conn 17794 ber write failed.
conn=17794 fd=53 closed (connection lost on write)

Same deal with slapd 2.4.23 from maverick

Turns out to be OpenLDAP ITS#6639 and is fixed in the 2.4.24 release
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6639

Applying the fix for this bug http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=f32f1a45d4e4f3259e33cedc3571c27787add409
fixes the issue

Could we have this applied and released in Ubuntu?

Related branches

Revision history for this message
Serge (serge-de-souza) wrote :
Revision history for this message
Serge (serge-de-souza) wrote :

Affects slapd 2.4.21 in Lucid

tags: added: patch-accepted-upstream
Changed in openldap (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → High
Changed in openldap (Ubuntu Maverick):
status: New → Triaged
importance: Undecided → High
Changed in openldap (Ubuntu Lucid):
milestone: none → ubuntu-10.04.3
Changed in openldap (Ubuntu Maverick):
milestone: none → maverick-updates
James Page (james-page)
Changed in openldap (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → James Page (james-page)
Changed in openldap (Ubuntu Lucid):
assignee: nobody → James Page (james-page)
Changed in openldap (Ubuntu Maverick):
assignee: nobody → James Page (james-page)
James Page (james-page)
Changed in openldap (Ubuntu):
importance: Medium → High
James Page (james-page)
description: updated
description: updated
James Page (james-page)
description: updated
James Page (james-page)
description: updated
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

SRU team ACK: I reviewed the merge proposals and they both look good for -proposed. Also since the fix is included in the version that is in Oneiric, I'm marking it as Fix Released.

Changed in openldap (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
emerson (emersonfisicaufs) wrote : Re: [Bug 783836] Re: slapd syncrepl failing using SASL

this bug occurs on my laptop when I use the version of ubuntu 10.04.1,
10.04.2 and 11.04.

Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Accepted openldap into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in openldap (Ubuntu Lucid):
status: Triaged → Fix Committed
tags: added: verification-needed
Changed in openldap (Ubuntu Maverick):
status: Triaged → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Accepted openldap into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
scm (scm) wrote :

We have confirmed this works on Lucid (10.04.2) using the version from -proposed (2.4.21-0ubuntu5.5).

Dave Walker (davewalker)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

There still hasn't been verification on maverick. However, the package has been in lucid-proposed for 7 days now, and lucid has been verified, so I'm copying it to lucid-updates now, and setting back to verification-needed for maverick.

tags: added: verification-needed
removed: verification-done
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.21-0ubuntu5.5

---------------
openldap (2.4.21-0ubuntu5.5) lucid-proposed; urgency=low

  * Fix issue causing replication failures in SASL/GSSAPI configurations
    (LP: #783836).
    - debian/patches/set.sock.err.to.EAGAIN.on.partial.write.patch: upstream
      patch to provide better error handling for partial writes.
 -- James Page <email address hidden> Thu, 02 Jun 2011 09:50:15 -0700

Changed in openldap (Ubuntu Lucid):
status: Fix Committed → Fix Released
tags: added: testcase
Revision history for this message
JC Hulce (soaringsky) wrote :

This bug affects Ubuntu 10.10, Maverick Meerkat. Maverick has reached end-of-life and is no longer supported, so I am closing the bugtask for Maverick. Please upgrade to a newer version of Ubuntu.
More information here: https://lists.ubuntu.com/archives/ubuntu-announce/2012-April/000158.html

Changed in openldap (Ubuntu Maverick):
status: Fix Committed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.