Novell Home

Data leakage in OpenLDAP

Knowledgebase

Concern

You are using SLES9 SP2 and has updated to the latest OpenLDAP version and the SP2 kernel and you recognize that all new entries to the LDAP database are lost after rebooting the server.

Reason

This issue only appears if the used LDAP database backend is bdb, the database is located on a journaling filesystem (e.g. reiserfs or ext3) which is seperately mounted to /var, the used kernel is 2.6.5-7.191 and the server is completely rebooted.

Using ldbm backend or a ext2 filesystem or an earlier kernel, doesn't trigger this issue.

Solution

Until a final fix is available you can set

## Type:        yesno
## Default:     no
#
# If set to "yes" and the "db_recover" utility is available, db_recover
# will be invoked each time the server is started by the init script.
# "db_recover" is part of the db-utils package.
#
OPENLDAP_RUN_DB_RECOVER="yes"

within /etc/sysconfig/openldap. This will recover the database each time before the LDAP service is started, which makes the newly created entries available again.

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.