RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 923799 - if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error message.
Summary: if nsslapd-cachememsize set to the number larger than the RAM available, shou...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.1
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: 7.1
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-20 13:19 UTC by Amita Sharma
Modified: 2020-09-13 20:44 UTC (History)
3 users (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:30:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 836 0 None closed [ RFE ] :: if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error messag... 2020-11-12 19:16:52 UTC
Red Hat Product Errata RHSA-2015:0416 0 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Amita Sharma 2013-03-20 13:19:01 UTC 
Description of problem:
if nsslapd-cachememsize set to the number larger than the RAM available, should result in proper error message. 

Steps to Reproduce:
I tried giving a higher value of 1000GB to dn: cn=userRoot,cn=ldbm
database,cn=plugins,cn=config's nsslapd-cachememsize from console,
and the server crashed.

Error ::
>>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>> < - deleted
>>> > - added
>>> 1,28d0
>>> < # extended LDIF
>>> < #
>>> < # LDAPv3
>>> < # base <cn=userRoot,cn=ldbm database,cn=plugins,cn=config> with
>>> scope baseObject
>>> < # filter: objectclass=*
>>> < # requesting: ALL
>>> < #
>>> <
>>> < # userRoot, ldbm database, plugins, config
>>> < dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
>>> < objectClass: top
>>> < objectClass: extensibleObject
>>> < objectClass: nsBackendInstance
>>> < cn: userRoot
>>> < nsslapd-suffix: dc=example,dc=com
>>> < nsslapd-cachesize: -1
>>> < nsslapd-cachememsize: 1073741824
>>> < nsslapd-readonly: off
>>> < nsslapd-require-index: off
>>> < nsslapd-directory: /var/lib/dirsrv/slapd-mgmt12/db/userRoot
>>> < nsslapd-dncachememsize: 10485760
>>> <
>>> < # search result
>>> < search: 2
>>> < result: 0 Success
>>> <
>>> < # numResponses: 2
>>> < # numEntries: 1
>>>
>>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>>
>>>
>>> [root@mgmt12 scripts]# service dirsrv status
>>> dirsrv mgmt12 dead but pid file exists
>>>
>>> [root@mgmt12 scripts]# tail -f /var/log/dirsrv/slapd-mgmt12/errors
>>> [19/Mar/2013:07:22:31 -0400] memory allocator - calloc of 1 elems of
>>> 268435664 bytes failed; OS error 12 (Cannot allocate memory)
>>> The server has probably allocated all available virtual memory. To solve
>>> this problem, make more virtual memory available to your server, or
>>> reduce
>>> one or more of the following server configuration settings:
>>>   nsslapd-cachesize        (Database Settings - Maximum entries in
>>> cache)
>>>   nsslapd-cachememsize     (Database Settings - Memory available for
>>> cache)
>>>   nsslapd-dbcachesize      (LDBM Plug-in Settings - Maximum cache size)
>>>   nsslapd-import-cachesize (LDBM Plug-in Settings - Import cache size).
>>> Can't recover; calling exit(1).
>>>
>>>
>>> [root@mgmt12 scripts]# cat /proc/meminfo
>>> MemTotal:       16396852 kB
>>> MemFree:        13973916 kB
>>> Buffers:          211892 kB
>>> Cached:          1460572 kB
>>> SwapCached:            0 kB
>>>
>>> #free -m
>>>              total       used       free     shared    buffers    
>>> cached
>>> Mem:         16012       2366      13646          0        206      
>>> 1426
>>> -/+ buffers/cache:        732      15279
>>> Swap:         8071          0       8071
>>>

===>>>It says "Can't contact LDAP server" ..we should display a better
error message on console?
 
Actual results:
Error message says :: "Can't contact LDAP server"

Expected results:
we should display a better error message on console which indicates that RAM is not enough.
Comment 1 Noriko Hosoi 2013-05-20 16:56:28 UTC 
"the server crashed" means the server does not restart, right?  And the cause is clear in the error log.

I agree it'd be nice if the Console could reject the cache size larger than available memory size.  But there is no such ldap query that Console could send to the server to get the available memory size.  Also, please note that the direct local query to the OS/system is not good enough since Console should be able to manage remote servers.

I'd think the server not restarting due to the too large cache size is the second best solution...
Comment 2 Rich Megginson 2013-08-29 18:36:06 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/47499
Comment 3 Jenny Severance 2013-09-09 16:23:57 UTC 
validation has to occur in 389-ds-base to be able to return proper error message to the console - changing product and component
Comment 5 Amita Sharma 2015-01-27 08:14:53 UTC 
[root@dhcp201-126 export]# rpm -qa | grep 389
389-ds-base-libs-1.3.3.1-13.el7.x86_64
389-ds-base-1.3.3.1-13.el7.x86_64
389-ds-base-debuginfo-1.3.3.1-13.el7.x86_64


[root@dhcp201-126 export]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-dncachememsize
nsslapd-dncachememsize: 10000000000
EOF

modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
ldap_modify: Server is unwilling to perform (53)
	additional info: Error: dncachememsize value is too large.


[root@dhcp201-126 export]# ldapmodify -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-dncachememsize
nsslapd-dncachememsize: 10485760000000000000000000000000
EOF

modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
ldap_modify: Server is unwilling to perform (53)
	additional info: Error: value 10485760000000000000000000000000 for attr nsslapd-dncachememsize is outside the range of representable values

Marking bug as VERIFIED as per patch studies https://fedorahosted.org/389/attachment/ticket/47499/0001-Ticket-47499-if-nsslapd-cachememsize-set-to-the-numb.patch, fix is tested.
Comment 7 errata-xmlrpc 2015-03-05 09:30:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html
Note You need to log in before you can comment on or make changes to this bug.