[GH-ISSUE #51] Start of slapd in Docker image fails with core dump #32

Closed
opened 2026-02-27 16:47:43 +03:00 by kerem · 3 comments
Owner

Originally created by @jbaesner on GitHub (Oct 20, 2023).
Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/51

Today (20.10.2023) I cleaned up my local Docker environment, to have no images containters, etc. anymore locally stored.

Then I pulled the image as describes in the README.md:

me@p1 ~ $ docker pull ghcr.io/rroemhild/docker-test-openldap:master

master: Pulling from rroemhild/docker-test-openldap
b70638ed4228: Pull complete 
96974b0f0ecd: Pull complete 
77383923a5ff: Pull complete 
a779bd113371: Pull complete 
72fd08669cc4: Pull complete 
Digest: sha256:ae2e3337a3f18db89e17c9f0531bbdd8bb91bd0730e8265fa56fbd7d78d4d9e2
Status: Downloaded newer image for ghcr.io/rroemhild/docker-test-openldap:master
ghcr.io/rroemhild/docker-test-openldap:master

After that I started the Container with:

me@p1 ~ $ docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master

The result is that the start of slapd fails with a core dump, see:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 000-slapd-package-config: executing... 
Reconfigure slapd...
+ echo 'Reconfigure slapd...'
+ cat
+ debconf-set-selections
+ DEBIAN_FRONTEND=noninteractive
+ dpkg-reconfigure slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
[cont-init.d] 000-slapd-package-config: exited 0.
[cont-init.d] 010-tls-certificates: executing... 
Make self-signed certificate for planetexpress.com...
+ [[ -f /etc/ldap/ssl/ldap.key ]]
+ echo 'Make self-signed certificate for planetexpress.com...'
+ openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
Generating a RSA private key
...............................................................+++++
..........+++++
writing new private key to '/etc/ldap/ssl/ldap.key'
-----
+ chmod 600 /etc/ldap/ssl/ldap.key
[cont-init.d] 010-tls-certificates: exited 0.
[cont-init.d] 020-filesystem-perms: executing... 
+ chown -R openldap:openldap /etc/ldap
[cont-init.d] 020-filesystem-perms: exited 0.
[cont-init.d] 050-openldap-populate: executing... 
+ slapd -h ldapi:/// -u openldap -g openldap
[cont-init.d] 050-openldap-populate: exited 1.
[cont-init.d] done.
[services.d] starting services
starting slapd
[services.d] done.
653247b6 @(#) $OpenLDAP: slapd  (May 14 2022 18:35:44) $
	Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
653247b8 ch_calloc of 1073741816 elems of 704 bytes failed
slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed.
./run: line 4:   327 Aborted                 (core dumped) /usr/sbin/slapd -h "ldapi:/// ldap://0.0.0.0:10389 ldaps://0.0.0.0:10636" -d 256
starting slapd
653247e6 @(#) $OpenLDAP: slapd  (May 14 2022 18:35:44) $
	Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
653247e8 ch_calloc of 1073741816 elems of 704 bytes failed
slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed.
Originally created by @jbaesner on GitHub (Oct 20, 2023). Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/51 Today (20.10.2023) I cleaned up my local Docker environment, to have no images containters, etc. anymore locally stored. Then I pulled the image as describes in the `README.md`: `me@p1 ~ $ docker pull ghcr.io/rroemhild/docker-test-openldap:master` ``` master: Pulling from rroemhild/docker-test-openldap b70638ed4228: Pull complete 96974b0f0ecd: Pull complete 77383923a5ff: Pull complete a779bd113371: Pull complete 72fd08669cc4: Pull complete Digest: sha256:ae2e3337a3f18db89e17c9f0531bbdd8bb91bd0730e8265fa56fbd7d78d4d9e2 Status: Downloaded newer image for ghcr.io/rroemhild/docker-test-openldap:master ghcr.io/rroemhild/docker-test-openldap:master ``` After that I started the Container with: `me@p1 ~ $ docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master` The result is that the start of `slapd` fails with a _core dump_, see: ``` [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 000-slapd-package-config: executing... Reconfigure slapd... + echo 'Reconfigure slapd...' + cat + debconf-set-selections + DEBIAN_FRONTEND=noninteractive + dpkg-reconfigure slapd Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done. Moving old database directory to /var/backups: - directory unknown... done. Creating initial configuration... done. Creating LDAP directory... done. invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of restart. [cont-init.d] 000-slapd-package-config: exited 0. [cont-init.d] 010-tls-certificates: executing... Make self-signed certificate for planetexpress.com... + [[ -f /etc/ldap/ssl/ldap.key ]] + echo 'Make self-signed certificate for planetexpress.com...' + openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt Generating a RSA private key ...............................................................+++++ ..........+++++ writing new private key to '/etc/ldap/ssl/ldap.key' ----- + chmod 600 /etc/ldap/ssl/ldap.key [cont-init.d] 010-tls-certificates: exited 0. [cont-init.d] 020-filesystem-perms: executing... + chown -R openldap:openldap /etc/ldap [cont-init.d] 020-filesystem-perms: exited 0. [cont-init.d] 050-openldap-populate: executing... + slapd -h ldapi:/// -u openldap -g openldap [cont-init.d] 050-openldap-populate: exited 1. [cont-init.d] done. [services.d] starting services starting slapd [services.d] done. 653247b6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $ Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> 653247b8 ch_calloc of 1073741816 elems of 704 bytes failed slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed. ./run: line 4: 327 Aborted (core dumped) /usr/sbin/slapd -h "ldapi:/// ldap://0.0.0.0:10389 ldaps://0.0.0.0:10636" -d 256 starting slapd 653247e6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $ Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> 653247e8 ch_calloc of 1073741816 elems of 704 bytes failed slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed. ```
kerem closed this issue 2026-02-27 16:47:43 +03:00
Author
Owner

@rroemhild commented on GitHub (Oct 23, 2023):

This looks like a memory problem. Please try add --ulimit nofile=1024:

docker run --rm -p 10389:10389 -p 10636:10636 --ulimit nofile=1024 ghcr.io/rroemhild/docker-test-openldap:master
<!-- gh-comment-id:1774727947 --> @rroemhild commented on GitHub (Oct 23, 2023): This looks like a memory problem. Please try add `--ulimit nofile=1024`: ``` docker run --rm -p 10389:10389 -p 10636:10636 --ulimit nofile=1024 ghcr.io/rroemhild/docker-test-openldap:master ```
Author
Owner

@jbaesner commented on GitHub (Oct 23, 2023):

Thanks a lot, that resolves the issue and the cotainer is starting fine!

<!-- gh-comment-id:1774752461 --> @jbaesner commented on GitHub (Oct 23, 2023): Thanks a lot, that resolves the issue and the cotainer is starting fine!
Author
Owner

@earl-warren commented on GitHub (Oct 11, 2025):

Since slapd allocates ~1K * ulimit -n at startup and the default in a docker container is 1,000,000, that allocates 1GB of resident memory by default, at boot, each time slapd is run. Once for populating and another when running as a daemon.

While this is not usually a problem, it is two order of magnitude more memory than required and can be trivially solved by adding ulimit -n 1024 before each invocation.

Can I suggest re-opening this issue so it can be resolved?

<!-- gh-comment-id:3393240306 --> @earl-warren commented on GitHub (Oct 11, 2025): Since slapd allocates ~1K * ulimit -n at startup and the default in a docker container is 1,000,000, that allocates 1GB of resident memory by default, at boot, each time slapd is run. Once for populating and another when running as a daemon. While this is not usually a problem, it is two order of magnitude more memory than required and can be trivially solved by adding `ulimit -n 1024` before each invocation. Can I suggest re-opening this issue so it can be resolved?
Sign in to join this conversation.
No labels
pull-request
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-test-openldap#32
No description provided.