Re: [389-users] Announcing 389 Directory Server version 1.2.9.6 Testing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/16/2011 04:40 PM, Rich Megginson wrote:
> On 08/16/2011 03:33 PM, Anthony Messina wrote:
>> On 08/16/2011 03:25 PM, Rich Megginson wrote:
>>>> I havent filed a bug yet as I am working on a virtual environment to
>>>> test, which I'm sure you'll want me to, in order to be able to
>>>> replicate
>>>> the issue ;)
>>> Indeed, yes, please let us know asap.
>> Sure.  If you know the settings I need to enable to increase logging, as
>> well as what you would need for this type of problem, etc., please let
>> me know as this will greatly speed up my ability to provide useful
>> information.  -A
> If it is aci related, there are two:
> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
> 128     Access control list processing (very detailed!)
> 262144     ACI summary information
> 
> probably the latter for starters.  Otherwise, just a way to reproduce
> the problem in a few steps.  If you do get the server to hang, follow
> the steps at
> http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes except
> that, instead of a core file, pass in the process id of the running slapd.

I've tried to reproduce this issue in a virtual host and I can reproduce
it, when logging error logging is basically off.  Using either 128 or
262144 slows things down, but I don't get the server hang.

Steps to reproduce:
1) Install 389-ds-base and admin-serv with setup-ds-admin.pl, option 2.

2) Remove the "Allow anonymous access" ACI from the root entry

3) Starting doing some searches.

Wait for the server to stop accepting requests.  Again, with
nsslapd-errorlog-level set to > 0, I cannot reproduce the problem.

Does anyone else remove the "Allow anonymous" ACI from the root entry?

My goal is to only allow anonymous access to hosts from inside the LAN
using dns= or ip= entries.

-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: signature.asc
Description: OpenPGP digital signature

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux