[meta] onerr not working as expected?

Asked by Robin Kluth


My system:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic

slapd: 2.4.45+dfsg-1ubuntu1.10

I've configured slapd to use the meta backend with multiple domains. However, I noticed, that as soon as one uri is down (due to whatever reason) the whole application (that slapd is used in) stop working. Stop working means: no login or ldap searches are possible.

Example: I use this slapd "proxy" in nextcloud. As soon as one uri is down, no one can login anymore (user is stored in another domain which is online).

ldp.exe shows me, that slapd is actually returning all results - except from the one uri which is off.

So I tried to set onerr - its default is continue, which sounds reasonable. However, setting every other option (report, stop) does not step into effect at all.

ldp.exe always return the results alongside with the timeout error. And I believe this is, what the end-application sees: an ldap error. And then their own ldap error handling takes place.

Question: is there an issue with my onerr usage or is it a "bug"?

I tried setting onerr after "database meta" and even tried to set it for every uri-block - no difference.

Current config: https://pastebin.com/VRTJPGQq

Thanks in advance!

Question information

English Edit question
Ubuntu openldap Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Bernard Stafford (bernard010) said (last edit ):

According to slapd-meta manpage:
onerr {CONTINUE|report|stop}
              This directive allows to select the behavior in case an error is returned by one
              target during a search. The default, continue, consists in continuing the
              operation, trying to return as much data as possible. If the value is set to stop,
              the search is terminated as soon as an error is returned by one target, and the
              error is immediately propagated to the client. If the value is set to report, the
              search is continued to the end but, in case at least one target returned an error
              code, the first non-success error code is returned.
This the package you are using for snapd.
In this package list - Recommends: https://packages.ubuntu.com/bionic/libsasl2-modules
     " " - Suggests: https://packages.ubuntu.com/bionic/ldap-utils
May need testing for certain.
Link to file a bug report if not resolved: https://bugs.openldap.org/

Revision history for this message
Robin Kluth (commifreak) said :

How should this help? I already wrote about my `onerr` tests :/

Revision history for this message
Bernard Stafford (bernard010) said :

The package has optional packages you may not have.
Otherwise file a bug report.

Can you help with this problem?

Provide an answer of your own, or ask Robin Kluth for more information if necessary.

To post a message you must log in.