[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: UNKNOWN attributeDescription "..." inserted.
From: Bastian Tweddell <b.tweddell () fz-juelich ! de>
Date: 2024-01-31 13:58:39
Message-ID: ZbpSDzHY96PWRL3v () fz-juelich ! de
[Download RAW message or body]
Dear all,
We are facing 'UNKNOWN attributeDescription' errors in our
infrastructure, caused by two different reasons. I realized those only
by using `slapcat` which prints the following error/warning message to
STDERR:
```
UNKNOWN attributeDescription "..." inserted.
```
In both cases, this issue does not degrade the production of our system.
All operations including syncreplication are working in normal
parameter.
Case A:
In our production, a dedicated slapd syncrepl consumer has the totp
module from contrib enabled and ldapbind calls against '{TOTP1}' are
performed. This module introduces a new attribute "authTimestamp".
IIUC, `slapcat` cannot know about this attribute, because it is
not in the config. But attributes of that type are stored in the MDB.
I'd like to ask:
- How should we deal with this situation?
- Is it safe to continue as is or should we define the attribute
"authTimestamp" in our schema extension as well?
Case B:
We are about to remove some attribute definitions from our schema
extension. These are obsolete and not in use in the DB anymore. On the
testbed slapd+syncrepl works as expected. But here as well, even though
that the DB does not contain any of the obsolete attributes in any
entry, `slapcat` throws the same error/warning for all removed
attributes from the schema file.
My first approach was to re-index the database (even with truncate
mode), which did not solve the situation. Stopping the consumer slapd,
removing the mdb files and restarting the syncrepl solves it. But on
production I would not want to do re-sync everything unnecessarily (it
would be possible though).
I'd like to ask here:
- Is there a way to cleanup MDB from obsolete attributes?
- Where/how are those attributes referenced in MDB?
- Would it harm to ignore those errors?
- Is the removal of attribute definitions from the schema not
supported/suggested at all?
Btw, we are running slapd 2.6.3 with mdb backend. (Upgrade to 2.6.7 is
in planning now).
During the composition of this mail, further issues came up with
slapd-totp and I would like to add some follow-up questions here. If you
prefer, I'll write another mail or I could open an issue on bugzilla.
1. By reading some code in slapd-totp.c I recognized that the introduced
attribute authTimestamp is SINGLE-VALUE. But slapcat reveals that
entries have multiple values of authTimestamp. This sounds not
correct to me.
2. In slapd-totp.c: line 856 and 873 both call `ch_calloc` for the same
structm, shadowing the same pointer. This looks like a memory leak to
me, because also only one free is called. (I might be wrong though).
Many thanks in advance,
--
Bastian Tweddell Juelich Supercomputing Centre
phone: +49 (2461) 61-6586 High Performance Systems
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Forschungszentrum Jülich GmbH
52425 Jülich
Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
["smime.p7s" (application/x-pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic