October 2006 - openldap-bugs

(ITS#4692) ppolicy.c module doesn't respect Draft policy

by alexandrelabiche＠yahoo.com

Full_Name: Alexandre LABICHE Version: 2.3.27 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.120.54.227) Hello, draft-behera-ldap-password-policy-xx.txt says: 5.3.2 pwdChangedTime This attribute specifies the last time the entry's password was changed. This is used by the password expiration policy. If this attribute does not exist, the password will never expire. And ppolicy.c overlay says contrary /* * Hmm. No password changed time on the * entry. This is odd - it should have * been provided when the attribute was added. * * However, it's possible that it could be * missing if the DIT was established via * an import process. */ Debug( LDAP_DEBUG_ANY, "ppolicy_bind: Entry %s does not have valid pwdChangedTime attribute - assuming password expired\n", e->e_name.bv_val, 0, 0); pwExpired = 1; Regards. Alexandre LABICHE

16 years, 7 months

1
0
0 / 0

Re: (ITS#4691) syncrepl in refreshOnly dies when bind to provider fails

by hyc＠symas.com

I don't see any indication of an OpenLDAP software bug here. Use the "retry" parameter if your connections are unreliable. bgmilne(a)staff.telkomsa.net wrote: > Full_Name: Buchan Milne > Version: 2.3.27 > OS: Linux 2.4 (RHEL 3) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (196.15.129.131) > > > One of our replicas sits on the other side of a relatively congested WAN link > (with multiple firewalls in between, which I have no control over). > > Since switching to syncrepl, it has been difficult to achieve a configuration > that supports replication reliably to any extent. > > Using syncrepl consumer configuration with: > > syncrepl rid=124 > provider=ldaps://<master hostname> > type=refreshOnly > interval="00:00:01:00" > searchbase="<suffix>" > scope=sub > attrs="*" > schemachecking=off > bindmethod=simple > binddn="<dn for consumer>" > credentials="<password for consumer>" > > I see replication dies frequently, it seems to occur when (for whatever reason) > the consumer fails to bind: -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

16 years, 7 months

1
0
0 / 0

(ITS#4691) syncrepl in refreshOnly dies when bind to provider gails

by bgmilne＠staff.telkomsa.net

Full_Name: Buchan Milne Version: 2.3.27 OS: Linux 2.4 (RHEL 3) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (196.15.129.131) One of our replicas sits on the other side of a relatively congested WAN link (with multiple firewalls in between, which I have no control over). Since switching to syncrepl, it has been difficult to achieve a configuration that supports replication reliably to any extent. Using syncrepl consumer configuration with: syncrepl rid=124 provider=ldaps://<master hostname> type=refreshOnly interval="00:00:01:00" searchbase="<suffix>" scope=sub attrs="*" schemachecking=off bindmethod=simple binddn="<dn for consumer>" credentials="<password for consumer>" I see replication dies frequently, it seems to occur when (for whatever reason) the consumer fails to bind: ct 2 12:03:36 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:03:36 leda slapd2.3[1332]: syncrepl_entry: uid=lere1 Oct 2 12:03:37 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:03:37 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:03:43 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_INTERMEDIATE - SYNC_ID_SET Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=deleted/telkomsa133309,ou=radius,o=intekom,c=za (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=telkomsa158118 Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online517446 Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: uid=online517446 Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: uid=telkomsa158118 Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: uid=online564666 Oct 2 12:03:46 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:03:46 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:04:25 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:04:25 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:04:37 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_INTERMEDIATE - SYNC_ID_SET Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=telkomsa220585 Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: uid=online188476 Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: uid=mail109585 Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: uid=telkomsa196118 Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: uid=online313812 Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:38 leda slapd2.3[1332]: syncrepl_entry: uid=online519355 Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: uid=online536857 Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:39 leda slapd2.3[1332]: syncrepl_entry: uid=telkomsa233527 Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: uid=mail140571 Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: uid=online564379 Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: uid=online564667 Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: uid=ihatechromium Oct 2 12:04:40 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:04:40 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:04:46 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_INTERMEDIATE - SYNC_ID_SET Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online556601 Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online519355 Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: uid=online519355 Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: uid=online556601 Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: uid=online564667 Oct 2 12:04:47 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:04:47 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:05:25 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:05:25 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:05:40 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_INTERMEDIATE - SYNC_ID_SET Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online534772 Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online18609 Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: uid=online188476 Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: uid=telkomdsl56797 Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:40 leda slapd2.3[1332]: syncrepl_entry: uid=mail140571 Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: be_modify (0) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: uid=hotkaj Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: uid=magda22 Oct 2 12:05:41 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:05:41 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:05:47 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_INTERMEDIATE - SYNC_ID_SET Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online561383 Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_del_nonpresent: be_delete uid=online534772 Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_entry: be_search (0) Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_entry: uid=online561383 Oct 2 12:05:47 leda slapd2.3[1332]: syncrepl_entry: be_add (0) Oct 2 12:05:47 leda slapd2.3[1332]: do_syncrep2: LDAP_RES_SEARCH_RESULT Oct 2 12:06:27 leda slapd2.3[1332]: do_syncrep1: ldap_sasl_bind_s failed (-1)

16 years, 7 months

1
0
0 / 0

Re: (ITS#4690) segfault in ldap_count_values() with PHP

by Kurt＠OpenLDAP.org

At 06:12 PM 10/1/2006, ando(a)sys-net.it wrote: >madcoder(a)gmail.com wrote: >... >You know, what makes me mad about PHP is that it internally uses >something comparable to bervals, since the abstract type they use to >wrap strings takes care of the length of the string itself; but in the >LDAP extension, ldap_get_values() is used everywhere, and then strlen is >run to compute the length of the values! Why on earth don't they get >ldap_get_values_len() should be used instead? Somehow it got hardwired >in people's brain that ldap_get_values_len() is only good for "binary" >(that is, non-printable) stuff, and not for strings as well! Folks also tend to forget that U+0000 is a valid Unicode character, as is ASCII 0... but I digress. Kurt

16 years, 7 months

1
0
0 / 0

Re: (ITS#4690) segfault in ldap_count_values() with PHP

by ando＠sys-net.it

madcoder(a)gmail.com wrote: ... You know, what makes me mad about PHP is that it internally uses something comparable to bervals, since the abstract type they use to wrap strings takes care of the length of the string itself; but in the LDAP extension, ldap_get_values() is used everywhere, and then strlen is run to compute the length of the values! Why on earth don't they get ldap_get_values_len() should be used instead? Somehow it got hardwired in people's brain that ldap_get_values_len() is only good for "binary" (that is, non-printable) stuff, and not for strings as well! p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

16 years, 7 months

1
0
0 / 0

Re: (ITS#4690) segfault in ldap_count_values() with PHP

by ando＠sys-net.it

madcoder(a)gmail.com wrote: > What more can I do to debug this problem? > Well, I've posted a bug to PHP about their using deprecated LDAP code, but it was basically bounced with "mind your own business" or sort of (and this __IS__ my own business, by the way :). You could try rebuilding PHP's LDAP stuff defining -DLDAP_DEPRECATED=1 and see what happens. I've seen similar problems with AMD64 when functions got linked without a prototype, and ldap_get_values does not have a prototype in ldap.h unless the above is defined. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

16 years, 7 months

1
0
0 / 0

(ITS#4690) segfault in ldap_count_values() with PHP

by madcoder＠gmail.com

Full_Name: Joe H Version: 2.3.24 OS: gentoo linux (2.6.17) on amd64 Athlon X2 URL: http://bugs.php.net/bug.php?id=38819 Submission from: (NULL) (70.245.125.224) I'm not certain yet whether this is a bug in openldap, or in PHP, but my bug report with PHP has stalled, so I am hoping that cross-posting it here might garnish some further insight into the problem. The PHP bug report should explain the segfault I'm experiencing, and where the segfault occurs. It can be found at http://bugs.php.net/bug.php?id=38819 The segfault occurs in libraries/libldap/getvalues.c, in the ldap_count_values() function. The value for vals that is passed to the function cannot be read for some reason. At first I thought this might be a PHP problem, since the ldapsearch utility works fine performing the same search. However, it should also be mentioned that the value that is sent to ldap_get_values, is a value returned directly from ldap_get_values(): > ldap_value = ldap_get_values(ldap, ldap_result_entry, attribute); > num_values = ldap_count_values(ldap_value); While in ldap_count_values(), the backtrace shows that the segfault occurs during the first iteration of the for() loop: > Program received signal SIGSEGV, Segmentation fault. > 0x00002b2871ad210b in ldap_count_values (vals=0x55a170c0) at getvalues.c:152 > 152 for ( i = 0; vals[i] != NULL; i++ ) Further investigating the problem shows: > (gdb) p i > $1 = 0 > (gdb) p vals > $2 = (char **) 0x55a170c0 > (gdb) p vals[0] > Cannot access memory at address 0x55a170c0 The memory address changes obviously, but the segfault always occurs at that point. In PHP's ldap_get_entries() function, ldap_values is defined as: > char **ldap_value; which is the data type expected by ldap_count_entries(). Fetching the entry reference itself, or counting the number of entries, does not cause the segfault -- only when getting values from the entry. For example, PHP's ldap_first_entry($result) works fine (as well as iterating over the entries using ldap_next_entry()), but trying to read any of the values within the entry will cause the segfault. Again, the fact that it works fine with ldapsearch, but segfaults in PHP, lead me to believe that it would be a PHP problem, but looking more into the source code of both applications makes me lean more and more to some obscure problem in OpenLDAP's code. The value of 'vals' is declared and returned from this function: > char ** > ldap_get_values( LDAP *ld, LDAPMessage *entry, LDAP_CONST char *target ) > { >>... > char **vals; >>... > if ( (res = ber_scanf( &ber, "[v]", &vals )) == LBER_ERROR ) { > ld->ld_errno = LDAP_DECODING_ERROR; > return( NULL ); > } > return( vals ); The return value of ber_scanf is 4, but I haven't investigated what that value indicates (it is obviously not LBER_ERROR). In any case, that value of 'vals' is allocated inside OpenLDAP's code, and that makes me believe that it is not a problem with PHP's code. The same test script functions properly on a similar 32-bit system (as similar as 32- and 64-bit systems can be). What more can I do to debug this problem?

16 years, 7 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2006