[389-users] Announcing 389 Directory Server version 1.2.9.6 Testing
Anthony Messina
amessina at messinet.com
Mon Aug 22 20:51:11 UTC 2011
On 08/16/2011 04:40 PM, Rich Megginson wrote:
> On 08/16/2011 03:33 PM, Anthony Messina wrote:
>> On 08/16/2011 03:25 PM, Rich Megginson wrote:
>>>> I havent filed a bug yet as I am working on a virtual environment to
>>>> test, which I'm sure you'll want me to, in order to be able to
>>>> replicate
>>>> the issue ;)
>>> Indeed, yes, please let us know asap.
>> Sure. If you know the settings I need to enable to increase logging, as
>> well as what you would need for this type of problem, etc., please let
>> me know as this will greatly speed up my ability to provide useful
>> information. -A
> If it is aci related, there are two:
> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
> 128 Access control list processing (very detailed!)
> 262144 ACI summary information
>
> probably the latter for starters. Otherwise, just a way to reproduce
> the problem in a few steps. If you do get the server to hang, follow
> the steps at
> http://directory.fedoraproject.org/wiki/FAQ#Debugging_Crashes except
> that, instead of a core file, pass in the process id of the running slapd.
I've tried to reproduce this issue in a virtual host and I can reproduce
it, when logging error logging is basically off. Using either 128 or
262144 slows things down, but I don't get the server hang.
Steps to reproduce:
1) Install 389-ds-base and admin-serv with setup-ds-admin.pl, option 2.
2) Remove the "Allow anonymous access" ACI from the root entry
3) Starting doing some searches.
Wait for the server to stop accepting requests. Again, with
nsslapd-errorlog-level set to > 0, I cannot reproduce the problem.
Does anyone else remove the "Allow anonymous" ACI from the root entry?
My goal is to only allow anonymous access to hosts from inside the LAN
using dns= or ip= entries.
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110822/4104a1bf/attachment.sig>
More information about the 389-users
mailing list