Bug 7262 - Unable to maintain users' groups via UsrMgr
Unable to maintain users' groups via UsrMgr
Status: RESOLVED FIXED
Product: Samba 3.5
Classification: Unclassified
Component: Domain Control
3.5.4
Other Linux
: P3 critical
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-18 09:23 UTC by Carlos Eduardo Pedroza Santiviago
Modified: 2012-04-11 09:34 UTC (History)
2 users (show)

See Also:


Attachments
Level 10 log (250.41 KB, application/x-gzip)
2010-03-18 19:00 UTC, Carlos Eduardo Pedroza Santiviago
no flags Details
Proposed patch created by Volker (1.20 KB, patch)
2010-06-10 08:33 UTC, Karolin Seeger
obnox: review+
Details
Patch for master/3.5 (1.05 KB, patch)
2010-07-06 09:58 UTC, Volker Lendecke
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Eduardo Pedroza Santiviago 2010-03-18 09:23:33 UTC
We've just upgraded to Samba 3.5.1 (Samba version 3.5.1-2332-SUSE-CODE10). Our operators use UsrMgr to manage user and groups accounts.

However, after upgrading to 3.5.1, they're unable to manage the user groups when they select the user to be managed.

If they first select the group, and then add the users to it, it works.
Comment 1 Guenther Deschner 2010-03-18 14:17:33 UTC
ok, a bit more information about your config (ldap backend?) would be helpful.
Comment 2 Carlos Eduardo Pedroza Santiviago 2010-03-18 18:59:29 UTC
OK! Sorry for the delay.

I am using OpenLDAP (2.3as backend. I'm attaching here the level 10 output from the moment i select the user, and then click in Groups inside his profile, while using UsrMgr.

Comment 3 Carlos Eduardo Pedroza Santiviago 2010-03-18 19:00:07 UTC
Created attachment 5510 [details]
Level 10 log
Comment 4 Carlos Eduardo Pedroza Santiviago 2010-03-18 19:01:05 UTC
Also, i forgot to mention that i downgraded to 3.4.7, using src rpm from SerNet build, on SLES10. However, the error persists. 
Comment 5 Karolin Seeger 2010-06-10 08:33:14 UTC
Created attachment 5788 [details]
Proposed patch created by Volker
Comment 6 Karolin Seeger 2010-06-10 08:33:46 UTC
Volker's patch fixed this issue in my setup.
Comment 7 Michael Adam 2010-06-10 09:02:45 UTC
Comment on attachment 5788 [details]
Proposed patch created by Volker

This looks good!
Comment 8 Karolin Seeger 2010-06-10 09:13:55 UTC
Pushed to v3-5-test, testing v3-4-test now...
Comment 9 Karolin Seeger 2010-06-10 09:26:29 UTC
Works in v3-4-test also. Pushed.
Closing out bug report.

Thanks!
Comment 10 Björn Jacke 2010-06-30 05:28:14 UTC
probably this patch breaks paged searches from 3.5.3 to 3.5.4. The second ldap search is done with search cookie and new page size size 0.

Noticable is the bug also in "pdbedit -L" which stops after the number of "ldap page size" entries with the message

"no talloc stackframe around, leaking memory"
Comment 11 Karolin Seeger 2010-07-05 00:39:24 UTC
Volker, can you confirm that this issue is caused by the patch?
Should we revert the patch or is an additional patch needed?

Thanks!
Comment 12 Volker Lendecke 2010-07-05 00:43:46 UTC
Karolin, I am very sorry but I can not confirm this at this moment. Björn has promised to install a reproducing environment so that we can both see this. It should be easy to figure out: Just install an LDAP server with a large number of users and try pdbedit -L. Then try to reproduce this bug with and without the patch in question. This should pretty quickly show if that patch is the cause of the bug.

Volker
Comment 13 Björn Jacke 2010-07-05 08:12:00 UTC
the problem is reproduced. The fix from attachment 5788 [details] causes the bug.
Comment 14 Carlos Eduardo Pedroza Santiviago 2010-07-05 08:32:47 UTC
Hi, i'd just like to comment that in my previous setup, the problem was solved after changing the sambaGroupType from "5" to "4" of the builtin groups. 

I wasn't able to issue the command "net sam list bultin" which always gave me errors.

IIRC it was created by an old smbldap-tools package, and after changing that UsrMgr worked like a charm.
Comment 15 Volker Lendecke 2010-07-06 09:58:15 UTC
Created attachment 5829 [details]
Patch for master/3.5
Comment 16 Volker Lendecke 2010-07-06 09:59:07 UTC
Björn, can you test the bug and the paged results are both fixed with this bug? If so, please push to master.

Thanks,

Volker
Comment 17 Björn Jacke 2010-07-06 10:39:44 UTC
Comment on attachment 5829 [details]
Patch for master/3.5

thanks, works for me and pushed to master. Günther, can you please also review for the 3.5 cherry pick?
Comment 18 Guenther Deschner 2010-08-16 06:17:55 UTC
(In reply to comment #17)
> (From update of attachment 5829 [details])
> thanks, works for me and pushed to master. Günther, can you please also review
> for the 3.5 cherry pick?

hm, no actually :)

one thing I notice is that now, with that patch in master, setting for example "ldap page size = 2", will cause pdbedit -L to run into an infinite loop while with 3.5.4 this still works.

I guess we need to investigate further here.
Comment 19 Björn Jacke 2010-08-24 11:53:58 UTC
Günther, this patch fixes paged searches with OpenLDAP libraries and server. Without this patch any setup with LDAP involved and more than 1000 users or groups is broken. We need the fix urgently, as the current stable 3.5 release is affected by that and people keep bumping into it. Can you see what aspect of this patch is breaking your 389 server setup?
Comment 20 Karolin Seeger 2010-10-06 14:33:59 UTC
Günther, is this one a showstopper for Samba 3.5.6 (scheduled for Friday)?
Comment 21 Björn Jacke 2010-10-07 07:42:32 UTC
there is too little progress here, we need a new 3.5 release, this bug may not block it. Lowering severity to critical.

As it seems to be problem with OpenLDAP *without* Volker's patch and according to Günthers tests a problem for DS389 *with* the patch package distributors may or may not apply Volker's fix to their binary packages as an aditional patch.
Comment 22 Guenther Deschner 2010-10-07 13:42:17 UTC
This is weird, when I choose a small "ldap page size" (of num_users - 1), it loops in our smbldap paged results code, while "ldapsearch -Epr" works fine.

I guess fixing the memleak first and looking at the paged results code later is what we should do.
Comment 23 Guenther Deschner 2010-10-07 13:42:44 UTC
Comment on attachment 5829 [details]
Patch for master/3.5

patch looks good
Comment 24 Guenther Deschner 2010-10-07 13:43:30 UTC
Karolin, please pick to 3.5.
Comment 25 Karolin Seeger 2010-12-31 13:09:59 UTC
(In reply to comment #24)
> Karolin, please pick to 3.5.
> 

Pushed.
Comment 26 Karolin Seeger 2010-12-31 13:11:01 UTC
(In reply to comment #22)
> This is weird, when I choose a small "ldap page size" (of num_users - 1), it
> loops in our smbldap paged results code, while "ldapsearch -Epr" works fine.
> 
> I guess fixing the memleak first and looking at the paged results code later is
> what we should do.
> 

Günther, can we close this bug report or is it still an issue?
Comment 27 Maximiliano Kolus 2012-04-10 21:15:55 UTC
> Günther, can we close this bug report or is it still an issue?

Still happening on Samba 3.5.6 (Debian 6.0.4), same symptoms:

* net rpc info showed only 1024 users (there were 1148)
* pdbedit -L crashed with "no talloc stackframe around, leaking memory"
* there were missing users in usrmgr.exe

I added the following line to smb.conf as a workaround:

ldap page size = 8192

And it worked... (let's hope it gets fixed before we have 8192 users :) )
Comment 28 Björn Jacke 2012-04-11 09:34:30 UTC
the fix was pushed with 3.5.8. Günther didn't reply but it worked for me. For the 3.5.6 debian version, please file a bug report @debian.org so that they update their release to get the fix in.