Discussion:
dnMatch flooding logs and access blocked
Al Dispennette
2012-12-03 22:35:47 UTC
Permalink
Hello,

I am seeing the following get repeated in my slapd logs for hundreds of line. I know it is due to the logging level.

However, when this starts happening no one can access the server because what ever is logging this is blocking.

Can anyone tell me what is causing this log entry?


slapd[20616]: dnMatch -1#012#011"uid=item1,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item2,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item3,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item4,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -1#012#011"uid=item5,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item6,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"


Al Dispennette
Sr. Software Engineer

t: 415 526 7206
m: 309 868 1401
***@monitise.com<mailto:***@monitise.com>

[Description: Description: Description: Loading Image...]
www.monitisegroup.com<http://www.monitisegroup.com/>
[Description: Description: Description: Loading Image...]<http://www.linkedin.com/company/monitise>[Description: Description: Description: Loading Image...]<http://twitter.com/#!/MonitiseGroup>
Al Dispennette
2012-12-04 18:32:43 UTC
Permalink
So I downloaded the openldap source and looked at the places where the debug output logs the message below.
That being said it looks like it is happening during some group entry modification.

I am not that knowledgeable with ldap so I have another question related to the blocking that is occurring.
So the situation is this, in my application I allow users to update their usernames and password.
For the username update I copy the user into a cloned object delete the entry from ldap and then add the cloned object with the new username to ldap.
As for the password I simply update the password attribute.

Is there something in the removal and addition of the user object that is causing the group to need to be reindexed or the cache to be reloaded or anything that may cause the blocking that I am seeing?

I changed the log level from 255 to 3 so I should see some different debug output, but until this occurs again does anyone have any insight or knowledge that could help me.

Thanks,


Al Dispennette


From: Al Dispennette <***@clairmail.com<mailto:***@clairmail.com>>
Date: Mon, 3 Dec 2012 14:35:44 -0800
To: <openldap-***@openldap.org<mailto:openldap-***@openldap.org>>
Subject: dnMatch flooding logs and access blocked


Hello,

I am seeing the following get repeated in my slapd logs for hundreds of line. I know it is due to the logging level.

However, when this starts happening no one can access the server because what ever is logging this is blocking.

Can anyone tell me what is causing this log entry?


slapd[20616]: dnMatch -1#012#011"uid=item1,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item2,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item3,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item4,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -1#012#011"uid=item5,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item6,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"


Al Dispennette
Al Dispennette
2012-12-05 15:00:07 UTC
Permalink
Seriously, I need help.
Can anyone help me?

None of the avenues I have looked into have amounted to anything.
The logging is not helping. I believe whatever is happening is supposed to be happening but when it does blocking occurs.
I have commented out all of the syncing properties in slapd.conf
I do still have "checkpoint 1024 15" enabled.

I am pretty desperate for help and I have not had a response from anyone on any site I have posted this.
I have been searching for an direction for a couple weeks now, I'm not asking for an answer just a direction on where I maybe should look.

Thanks,


From: Al Dispennette <***@clairmail.com<mailto:***@clairmail.com>>
Date: Tue, 4 Dec 2012 10:32:40 -0800
To: <openldap-***@openldap.org<mailto:openldap-***@openldap.org>>
Subject: Re: dnMatch flooding logs and access blocked

So I downloaded the openldap source and looked at the places where the debug output logs the message below.
That being said it looks like it is happening during some group entry modification.

I am not that knowledgeable with ldap so I have another question related to the blocking that is occurring.
So the situation is this, in my application I allow users to update their usernames and password.
For the username update I copy the user into a cloned object delete the entry from ldap and then add the cloned object with the new username to ldap.
As for the password I simply update the password attribute.

Is there something in the removal and addition of the user object that is causing the group to need to be reindexed or the cache to be reloaded or anything that may cause the blocking that I am seeing?

I changed the log level from 255 to 3 so I should see some different debug output, but until this occurs again does anyone have any insight or knowledge that could help me.

Thanks,


Al Dispennette


From: Al Dispennette <***@clairmail.com<mailto:***@clairmail.com>>
Date: Mon, 3 Dec 2012 14:35:44 -0800
To: <openldap-***@openldap.org<mailto:openldap-***@openldap.org>>
Subject: dnMatch flooding logs and access blocked


Hello,

I am seeing the following get repeated in my slapd logs for hundreds of line. I know it is due to the logging level.

However, when this starts happening no one can access the server because what ever is logging this is blocking.

Can anyone tell me what is causing this log entry?


slapd[20616]: dnMatch -1#012#011"uid=item1,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item2,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch 2#012#011"uid=item3,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item4,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -1#012#011"uid=item5,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"

slapd[20616]: dnMatch -2#012#011"uid=item6,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"


Al Dispennette
Howard Chu
2012-12-05 15:28:39 UTC
Permalink
Post by Al Dispennette
Seriously, I need help.
Can anyone help me?
None of the avenues I have looked into have amounted to anything.
The logging is not helping. I believe whatever is happening is supposed to be
happening but when it does blocking occurs.
I have commented out all of the syncing properties in slapd.conf
I do still have "checkpoint 1024 15" enabled.
I am pretty desperate for help and I have not had a response from anyone on
any site I have posted this.
I have been searching for an direction for a couple weeks now, I'm not asking
for an answer just a direction on where I maybe should look.
Why are you using loglevel 3? or 255? What do those loglevels mean, do you
know? Have you read the slapd.conf(5) or slapd-config(5) manpages?

Give some more information on the actual operations involved. Use a loglevel
that's actually useful. If you don't know what operations are occurring, then
clearly the loglevel you've chosen isn't helping.
Post by Al Dispennette
Thanks,
Date: Tue, 4 Dec 2012 10:32:40 -0800
Subject: Re: dnMatch flooding logs and access blocked
So I downloaded the openldap source and looked at the places where the debug
output logs the message below.
That being said it looks like it is happening during some group entry modification.
I am not that knowledgeable with ldap so I have another question related to
the blocking that is occurring.
So the situation is this, in my application I allow users to update their
usernames and password.
For the username update I copy the user into a cloned object delete the entry
from ldap and then add the cloned object with the new username to ldap.
As for the password I simply update the password attribute.
Is there something in the removal and addition of the user object that is
causing the group to need to be reindexed or the cache to be reloaded or
anything that may cause the blocking that I am seeing?
I changed the log level from 255 to 3 so I should see some different debug
output, but until this occurs again does anyone have any insight or knowledge
that could help me.
Thanks,
*
*
*Al Dispennette*
*
*
Date: Mon, 3 Dec 2012 14:35:44 -0800
Subject: dnMatch flooding logs and access blocked
Hello,
I am seeing the following get repeated in my slapd logs for hundreds of line.
I know it is due to the logging level.
However, when this starts happening no one can access the server because what
ever is logging this is blocking.
Can anyone tell me what is causing this log entry?
slapd[20616]: dnMatch
-1#012#011"uid=item1,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
slapd[20616]: dnMatch
2#012#011"uid=item2,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
slapd[20616]: dnMatch
2#012#011"uid=item3,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
slapd[20616]: dnMatch
-2#012#011"uid=item4,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
slapd[20616]: dnMatch
-1#012#011"uid=item5,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
slapd[20616]: dnMatch
-2#012#011"uid=item6,ou=users,dc=example,dc=com"#012#011"uid=user,ou=users,dc=example,dc=com"
*
*
*Al Dispennette*
*
*
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Patrick Lists
2012-12-05 15:43:46 UTC
Permalink
Post by Al Dispennette
Seriously, I need help.
Can anyone help me?
None of the avenues I have looked into have amounted to anything.
The logging is not helping. I believe whatever is happening is supposed
to be happening but when it does blocking occurs.
I have commented out all of the syncing properties in slapd.conf
I do still have "checkpoint 1024 15" enabled.
I am pretty desperate for help and I have not had a response from anyone
on any site I have posted this.
I have been searching for an direction for a couple weeks now, I'm not
asking for an answer just a direction on where I maybe should look.
I'm afraid I can't be of any help but maybe you should hire a consultant
to fix the problem for you? You can find an overview of the (core)
developers here:

http://www.openldap.org/project/

And here is a list with 3rd party technical support services here:

http://www.openldap.org/support/

Regards,
Patrick

Loading...