If you use ldapmodify to change errorlog level to 65537 the server will abort just after writing to dse.ldif The bug appears to me only on F14 on a i686 VM. I have tested on F13 on x86_64 and it does not happen there. Using gdb I was able to see that the abort happens once this instruction is called in retrocl_po.c at line 588: LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change if no/cl be");
Further investigation with LD_DEBUG variables turned out a dynamic linking issue in the retrocl plugin. 9300: /usr/lib/dirsrv/plugins/libretrocl-plugin.so: error: symbol lookup error: undefined symbol: ber_err_print (fatal) (Although also note that supposedly that plugin is turned off in dse.ldif)
I also see this issue, but with the replication plug-in. In my test, I set the log level to 65537 in dse.ldif with the server stopped. When I start the server, it aborts when it starts the replication plug-in. Here is the trimmed LD_DEBUG output: 19401: symbol=ber_err_print; lookup in file=/usr/sbin/ns-slapd [0] 19401: symbol=ber_err_print; lookup in file=/usr/lib64/dirsrv/libslapd.so.0 [0] ... 19401: symbol=ber_err_print; lookup in file=/usr/lib64/liblber-2.4.so.2 [0] ... 19401: symbol=ber_err_print; lookup in file=/usr/lib64/liblber-2.4.so.2 [0] ... 19401: /usr/lib64/dirsrv/plugins/libreplication-plugin.so: error: symbol lookup error: undefined symbol: ber_err_print (fatal) What is interesting is that it is checking for the symbol in liblber.so. The ber_err_print() function is not an exposed function.
Created attachment 462441 [details] Patch
Patch looks good to me.
Thanks for the reviews! Pushed to master. Counting objects: 33, done. Delta compression using up to 2 threads. Compressing objects: 100% (17/17), done. Writing objects: 100% (17/17), 1.53 KiB, done. Total 17 (delta 15), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git d38ae06..36dbaf1 master -> master
1. Tested on Replica configuration test machine. 2.[root@rhel61-ds90-amita scripts]# ldapmodify -x -h localhost -p 20100 -D "cn=Directory Manager" -w xxxx << EOF dn: cn=config changetype: modify replace: nsslapd-errorlog-level nsslapd-errorlog-level: 65537 EOF modifying entry "cn=config" 3. Everything is working fine. 1. Add an entry in master and check it should be replicated to slave. ldapmodify -x -h localhost -p 20100 -D "cn=Directory Manager" -w xxxx << EOF dn: uid=amita,ou=people,dc=replsuffix,dc=com changetype: add objectClass: top objectClass: person objectClass: inetorgperson sn: testkrbuser cn: kkk testkrbuser userPassword: redhat EOF [amsharma@rhel61-ds90-amita scripts]$ ldapsearch -h localhost -p 20100 -D "cn=Directory Manager" -w xxxxx -b "dc=replsuffix,dc=com" | grep amita # amita, People, replsuffix.com dn: uid=amita,ou=People,dc=replsuffix,dc=com uid: amita
Added SF 00903054 we ran into an issue where we added error log level 65536 (not 65537) using ldapmodify. Directory server ran until a restart by removing a winsync agreement. Then directory server failed to start. When the errorlog level was removed or changed to 8192, directory server started as expected.
Can this bug be closed?