[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#248271: marked as done (nscd freezes when used with libnss-ldap on busy server.)

Your message dated Fri, 05 Aug 2005 19:15:42 +0900
with message-id <[🔎] 81psssu1td.wl%gotom@debian.or.jp>
and subject line Close bugs tagged as woody
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 10 May 2004 08:22:18 +0000
>From donatini@dm.unibo.it Mon May 10 01:22:18 2004
Return-path: <donatini@dm.unibo.it>
Received: from morgana.dm.unibo.it (mailhost.dm.unibo.it) [137.204.134.1] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BN63G-0003b2-00; Mon, 10 May 2004 01:22:18 -0700
Received: from truffaut.dm.unibo.it (truffaut.dm.unibo.it [137.204.134.32])
	by mailhost.dm.unibo.it (Postfix) with ESMTP id 335D394BE3
	for <submit@bugs.debian.org>; Mon, 10 May 2004 10:22:14 +0200 (CEST)
Received: by truffaut.dm.unibo.it (Postfix, from userid 1000)
	id 790713B444; Mon, 10 May 2004 10:22:14 +0200 (CEST)
Date: Mon, 10 May 2004 10:22:14 +0200
To: submit@bugs.debian.org
Subject: nscd freezes when used with libnss-ldap on busy server.
Message-ID: <20040510082214.GC399@dm.unibo.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
From: donatini@dm.unibo.it (Pietro Donatini)
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 1

Subject: nscd freezes when used with libnss-ldap on busy server.
Package: nscd
Version: N/A; reported 2004-05-10
Severity: critical
Justification: breaks the whole system

IMHO what I describe here is a bug in nscd when using 
libnss-ldap. 
I've seen some old bug reports on debian and redhat 
with similar problems and some suggestions to not 
use nscd and libnss-ldap together.

We have a mail (postfix 2.1.0) server using debian 
Woody (all security updates made), kernel 2.4.26 
(but had the same problem with kernel 2.4.25).

We use libnss-ldap with local slapd server
(a replication of our primary ldap server)
for users' accounts.

so:

test: ~$head -3 /etc/nsswitch.conf 
passwd: 	ldap files
group: 		ldap files
shadow: 	ldap files

and 

test: ~$cat /etc/libnss-ldap.conf 
host 127.0.0.1
base ....
ldap_version 3

The problem is that, using nscd for password caching 
(default configuration) everything works fine, 
but the machine sometimes hangs.

Tests on another test-server have shown that
it can happen (randomly) when postfix has to deliver mail
to aliases with many (more than 100) local users.

The server then hangs (no connection possible even locally) 
but, if we were already logged, we can see the following behaviour:

Everything is fine with the exception of name resolving.
No respons from ls -l or ps -ef or any program
that needs accounts information.

test: ~$strace ls -l
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
write(1, "total 12\n", 9total 12
)               = 9
socket(PF_UNIX, SOCK_STREAM, 0)         = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
write(3, "\2\0\0\0\1\0\0\0\2\0\0\0", 12) = 12
write(3, "0\0", 2)                      = 2
read(3,

and nothing until Ctrl+C.

With options -b -l -n lsof works and 
lsof -b -l -n | grep .nscd_socket | wc -l

gives 121 opened files and 

test: ~$cat /proc/sys/fs/file-nr                       
4931	2562	52425

so the number of opened files should not be the problem.
( for  i in `pgrep nscd` ; do ls /proc/$i/fd/ | wc -l ; done
or for  i in `pgrep slapd` ; do ls /proc/$i/fd/ | wc -l ; done
show not too many files and this is not related to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=246057).

The only way to restore the machine is to kill nscd or slapd.

Our only way to have a stable (up to now) server is NOT to use
nscd. 

I think this bug could also be considered a security problem
since it may lead to a local DoS.

	Ciao and thanks.

		Pietro

	
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux test 2.4.26 #3 SMP Tue Apr 27 15:53:14 CEST 2004 i686 unknown
Locale: LANG=POSIX, LC_CTYPE=POSIX

---------------------------------------
Received: (at 248271-done) by bugs.debian.org; 5 Aug 2005 10:15:49 +0000
>From gotom@debian.or.jp Fri Aug 05 03:15:49 2005
Return-path: <gotom@debian.or.jp>
Received: from omega.webmasters.gr.jp (webmasters.gr.jp) [218.44.239.78] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E0zEy-0001Gb-00; Fri, 05 Aug 2005 03:15:49 -0700
Received: from omega.webmasters.gr.jp (localhost [127.0.0.1])
	by webmasters.gr.jp (Postfix) with ESMTP id B0A5CDEB83;
	Fri,  5 Aug 2005 19:15:42 +0900 (JST)
Date: Fri, 05 Aug 2005 19:15:42 +0900
Message-ID: <[🔎] 81psssu1td.wl%gotom@debian.or.jp>
From: GOTO Masanori <gotom@debian.org>
To: 153263-done@bugs.debian.org, 121396-done@bugs.debian.org,
	142379-done@bugs.debian.org, 153762-done@bugs.debian.org,
	159411-done@bugs.debian.org, 165760-done@bugs.debian.org,
	169758-done@bugs.debian.org, 173486-done@bugs.debian.org,
	194339-done@bugs.debian.org, 196291-done@bugs.debian.org,
	248271-done@bugs.debian.org, 294903-done@bugs.debian.org,
	165921-done@bugs.debian.org, 205039-done@bugs.debian.org,
	294483-done@bugs.debian.org, 240608-done@bugs.debian.org,
	245029-done@bugs.debian.org, 295618-done@bugs.debian.org,
	156937-done@bugs.debian.org, 161515-done@bugs.debian.org,
	188843-done@bugs.debian.org, 212697-done@bugs.debian.org,
	247223-done@bugs.debian.org, 250055-done@bugs.debian.org,
	262162-done@bugs.debian.org, 290518-done@bugs.debian.org,
	188589-done@bugs.debian.org, 209095-done@bugs.debian.org,
	debian-glibc@lists.debian.org
Subject: Close bugs tagged as woody
User-Agent: Wanderlust/2.11.30 (Wonderwall) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Delivered-To: 248271-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 22

These bugs are tagged as woody, because they're well-known problems
and for keeping open to come to light what the problem is.  However,
as you know, sarge was released.  Our stable version was moved from
woody to sarge.  It's high time to close old woody's bugs that are
still open.  Now I close these bugs.  If you have any objections to
close them, please reopen and let us know your trouble.

Regards,
-- gotom
Reply to: