We've just upgraded to Samba 3.5.1 (Samba version 3.5.1-2332-SUSE-CODE10). Our operators use UsrMgr to manage user and groups accounts. However, after upgrading to 3.5.1, they're unable to manage the user groups when they select the user to be managed. If they first select the group, and then add the users to it, it works.
ok, a bit more information about your config (ldap backend?) would be helpful.
OK! Sorry for the delay. I am using OpenLDAP (2.3as backend. I'm attaching here the level 10 output from the moment i select the user, and then click in Groups inside his profile, while using UsrMgr.
Created attachment 5510 [details] Level 10 log
Also, i forgot to mention that i downgraded to 3.4.7, using src rpm from SerNet build, on SLES10. However, the error persists.
Created attachment 5788 [details] Proposed patch created by Volker
Volker's patch fixed this issue in my setup.
Comment on attachment 5788 [details] Proposed patch created by Volker This looks good!
Pushed to v3-5-test, testing v3-4-test now...
Works in v3-4-test also. Pushed. Closing out bug report. Thanks!
probably this patch breaks paged searches from 3.5.3 to 3.5.4. The second ldap search is done with search cookie and new page size size 0. Noticable is the bug also in "pdbedit -L" which stops after the number of "ldap page size" entries with the message "no talloc stackframe around, leaking memory"
Volker, can you confirm that this issue is caused by the patch? Should we revert the patch or is an additional patch needed? Thanks!
Karolin, I am very sorry but I can not confirm this at this moment. Björn has promised to install a reproducing environment so that we can both see this. It should be easy to figure out: Just install an LDAP server with a large number of users and try pdbedit -L. Then try to reproduce this bug with and without the patch in question. This should pretty quickly show if that patch is the cause of the bug. Volker
the problem is reproduced. The fix from attachment 5788 [details] causes the bug.
Hi, i'd just like to comment that in my previous setup, the problem was solved after changing the sambaGroupType from "5" to "4" of the builtin groups. I wasn't able to issue the command "net sam list bultin" which always gave me errors. IIRC it was created by an old smbldap-tools package, and after changing that UsrMgr worked like a charm.
Created attachment 5829 [details] Patch for master/3.5
Björn, can you test the bug and the paged results are both fixed with this bug? If so, please push to master. Thanks, Volker
Comment on attachment 5829 [details] Patch for master/3.5 thanks, works for me and pushed to master. Günther, can you please also review for the 3.5 cherry pick?
(In reply to comment #17) > (From update of attachment 5829 [details]) > thanks, works for me and pushed to master. Günther, can you please also review > for the 3.5 cherry pick? hm, no actually :) one thing I notice is that now, with that patch in master, setting for example "ldap page size = 2", will cause pdbedit -L to run into an infinite loop while with 3.5.4 this still works. I guess we need to investigate further here.
Günther, this patch fixes paged searches with OpenLDAP libraries and server. Without this patch any setup with LDAP involved and more than 1000 users or groups is broken. We need the fix urgently, as the current stable 3.5 release is affected by that and people keep bumping into it. Can you see what aspect of this patch is breaking your 389 server setup?
Günther, is this one a showstopper for Samba 3.5.6 (scheduled for Friday)?
there is too little progress here, we need a new 3.5 release, this bug may not block it. Lowering severity to critical. As it seems to be problem with OpenLDAP *without* Volker's patch and according to Günthers tests a problem for DS389 *with* the patch package distributors may or may not apply Volker's fix to their binary packages as an aditional patch.
This is weird, when I choose a small "ldap page size" (of num_users - 1), it loops in our smbldap paged results code, while "ldapsearch -Epr" works fine. I guess fixing the memleak first and looking at the paged results code later is what we should do.
Comment on attachment 5829 [details] Patch for master/3.5 patch looks good
Karolin, please pick to 3.5.
(In reply to comment #24) > Karolin, please pick to 3.5. > Pushed.
(In reply to comment #22) > This is weird, when I choose a small "ldap page size" (of num_users - 1), it > loops in our smbldap paged results code, while "ldapsearch -Epr" works fine. > > I guess fixing the memleak first and looking at the paged results code later is > what we should do. > Günther, can we close this bug report or is it still an issue?
> Günther, can we close this bug report or is it still an issue? Still happening on Samba 3.5.6 (Debian 6.0.4), same symptoms: * net rpc info showed only 1024 users (there were 1148) * pdbedit -L crashed with "no talloc stackframe around, leaking memory" * there were missing users in usrmgr.exe I added the following line to smb.conf as a workaround: ldap page size = 8192 And it worked... (let's hope it gets fixed before we have 8192 users :) )
the fix was pushed with 3.5.8. Günther didn't reply but it worked for me. For the 3.5.6 debian version, please file a bug report @debian.org so that they update their release to get the fix in.