openldap-bugs October 2006

openldap-bugs@openldap.org

31 participants
137 discussions

Re: (ITS#4707) patch: option to bind client socket to an address
by hyc＠symas.com 18 Oct '06

18 Oct '06

rtsai(a)ironport.com wrote: > Full_Name: Robert Tsai > Version: 2.3.27 > OS: FreeBSD 6.1-RELEASE > URL: ftp://ftp.openldap.org/incoming/openldap-2.3.27-bindaddr.patch.txt > Submission from: (NULL) (63.251.108.100) > > > This is a patch that provides a mechanism to bind the LDAP client connection to > a desired address via ldap_set_option(..., LDAP_OPT_BINDADDR). This call saves > some state which is then used by ldap_int_prepare_socket to bind the socket > before opening a connection to the LDAP server. I can't think of any good reason to need such a feature. Can you give some background on why anyone would use it? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

1 0

Re: (ITS#4715) proxy retries anonymously
by hyc＠symas.com 18 Oct '06

18 Oct '06

The proxycache has nothing to do with the connections to the remote server. That's handled by the back-ldap or whatever backend you're using. Since you haven't provided any of the relevant config info from your slapd.conf there's no way to tell what you're doing there. In fact your log shows that a Bind was performed on the retry, but it was done anonymously. So it may be something as simple as a missing config keyword (like rebind-as-user in back-ldap). Or it may possibly be related to a bug in back-ldap's retry handling as Pierangelo mentioned in his reply to you. There is no proxycache bug here. At the moment, without further details, it doesn't seem there's any OpenLDAP software bug here at all. Ashish Gawarikar wrote: > > ------------------------------------------------------------------------ > > The problem is that the connection to the backend server drops and the proxy > cache has to reestablish it. Doing this, it doesn't do a BIND again and thus > the query is executed with anonymous privileges and fails. See log file from > the backend server: -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

1 0

Re: (ITS#4715) Proxy cache TTL does not seem to be working as documented
by hyc＠symas.com 18 Oct '06

18 Oct '06

Your log actually indicates that it attempted to re-query the remote server but got an error from the remote server. Sounds like you have other problems, unrelated to the proxycache. (Note that the pcache overlay never returns a NO_SUCH_OBJECT error code itself, that can only happen because the remote server returned that code.) ashish(a)ratboy.net wrote: > Full_Name: Ashish Gawarikar > Version: 2.3.27 > OS: Linux - 2.6 based > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (63.211.143.38) > > > Openldap 2.3.27 configured as proxy cache is behaving erratically. > > Entries being answered from the proxy cache sometimes result with a negative > result, even though the LDAP server has the information. > > It appears like the proxycache "forgets" that it has gotten the answer, but > doesn't re-query the target server to fetch the information again. > > Proxy cache returns 'no such object' for a previously found entry if the ttl > has passed between queries: > > conn=0 op=2 SRCH base="dc=mail,dc=example,dc=com" scope=2 deref=0 > filter="(mailLocalAddress=account1(a)example.com)" > conn=0 op=2 SRCH attr=maillocaladdress > request done: ld 0x83dd3b8 msgid 3 > conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=Search operation > succeeded > > <-- wait "some" time here --> > > conn=0 op=3 SRCH base="dc=mail,dc=example,dc=com" scope=2 deref=0 > filter="(mailLocalAddress=account1(a)example.com)" > conn=0 op=3 SRCH attr=maillocaladdress > conn=0 op=3 ldap_back_retry: retrying URI="ldap://ldap.example.com:389" > DN="cn=admin,dc=example,dc=com" > request done: ld 0x83dd3b8 msgid 1 > request done: ld 0x83dd3b8 msgid 2 > conn=0 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=No such object: > dc=mail,dc=example,dc=com -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

1 0

(ITS#4716) syncrepl - consumer missed some delete
by Paolo.Rossi.con＠h3g.it 18 Oct '06

18 Oct '06

Full_Name: Paolo Rossi Version: 2.3.27 OS: solaris 8 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.149.168.124) Hi, Doing stress test on syncrepl, 1 producer --> 1 consumer, I've found a strange issue: Afer load the openLDAP cluster (1m entry whit random 1,2 or 3 sub dn), I've used a script to make constant random changes on the producer. Meanwhile I've do some test & check on consumer. I've found a issue when, stopping the consumer for some minutes, whit a continuous load versus producer, restarting the consumer it resync itself but some DELETE operation of entire subDN went lost. Doing a search I've noticed on producer: dn: testid=106087406087,ou=profiles,dc=foo,dc=bar structuralObjectClass: profile entryUUID: e2543b6a-559a-1029-82d7-f1c24b7d324b creatorsName: cn=Manager,dc=foo,dc=bar modifiersName: cn=Manager,dc=foo,dc=bar createTimestamp: 20050510122923Z modifyTimestamp: 20050510122923Z entryCSN: 20050510122923Z#000017#00#000000 entryDN: testid=106087406087,ou=profiles,dc=foo,dc=bar subschemaSubentry: cn=Subschema hasSubordinates: FALSE but on consumer: dn: testid=106087406087,ou=profiles,dc=foo,dc=bar structuralObjectClass: profile entryUUID: e2543b6a-559a-1029-82d7-f1c24b7d324b creatorsName: cn=Manager,dc=foo,dc=bar modifiersName: cn=Manager,dc=foo,dc=bar createTimestamp: 20050510122923Z modifyTimestamp: 20050510122923Z entryCSN: 20050510122923Z#000017#00#000000 entryDN: testid=106087406087,ou=profiles,dc=foo,dc=bar subschemaSubentry: cn=Subschema hasSubordinates: TRUE dn: subtestID=106087406087,testid=106087406087,ou=profiles,dc=foo,dc=bar structuralObjectClass: profileAccount entryUUID: e25462d4-559a-1029-82d8-f1c24b7d324b creatorsName: cn=Manager,dc=foo,dc=bar modifiersName: cn=Manager,dc=foo,dc=bar createTimestamp: 20050510122923Z modifyTimestamp: 20050510122923Z entryCSN: 20050510122923Z#000018#00#000000 entryDN: subtestID=106087406087,testid=106087406087,ou=profiles,dc=foo,dc=bar subschemaSubentry: cn=Subschema hasSubordinates: FALSE ----- only on producer: hasSubordinates: FALSE I've "loglevel config acl sync" on consumer, but there is no log of sync operation on that dn. Also restarting the cluster, replica remain desynched on that dn. Solaris 8 sparc openLDAP 2.3.27 (64 bit build) BDB 4.2.52.5 hdb backend Paolo

1 0

(ITS#4715) Proxy cache TTL does not seem to be working as documented
by ashish＠ratboy.net 17 Oct '06

17 Oct '06

Full_Name: Ashish Gawarikar Version: 2.3.27 OS: Linux - 2.6 based URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (63.211.143.38) Openldap 2.3.27 configured as proxy cache is behaving erratically. Entries being answered from the proxy cache sometimes result with a negative result, even though the LDAP server has the information. It appears like the proxycache "forgets" that it has gotten the answer, but doesn't re-query the target server to fetch the information again. Proxy cache returns 'no such object' for a previously found entry if the ttl has passed between queries: conn=0 op=2 SRCH base="dc=mail,dc=example,dc=com" scope=2 deref=0 filter="(mailLocalAddress=account1(a)example.com)" conn=0 op=2 SRCH attr=maillocaladdress request done: ld 0x83dd3b8 msgid 3 conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=Search operation succeeded <-- wait "some" time here --> conn=0 op=3 SRCH base="dc=mail,dc=example,dc=com" scope=2 deref=0 filter="(mailLocalAddress=account1(a)example.com)" conn=0 op=3 SRCH attr=maillocaladdress conn=0 op=3 ldap_back_retry: retrying URI="ldap://ldap.example.com:389" DN="cn=admin,dc=example,dc=com" request done: ld 0x83dd3b8 msgid 1 request done: ld 0x83dd3b8 msgid 2 conn=0 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text=No such object: dc=mail,dc=example,dc=com

1 0

(ITS#4714) 'Connection' object not throwing LDAPException upon sudden server connection loss
by alejandro.robles＠tre.se 16 Oct '06

16 Oct '06

Full_Name: Alejandro Robles Version: n/a OS: Solaris 8 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.182.141.229) SUMMARY This issue relates to JLDAP software package (novell-jldap-devel-2006.06.22-1unix.zip) whereby during a sudden server connection loss the Connection object doesn't through an LDAPException upon an LDAP Search operation. If this situation isn't detectec it causes the running thread to hang where retrieving results by first invoking hasMoreElements() method. DETAILS A client program of the form: 1{ 2 Connect; 3 Bind; 4 5 <being loop> 6 try {Search;} 7 catch (LDAPException) {<do something>} 8 while(hasMoreElements()) { 9 retrieve; 10 } 11 Sleep 10secs; 12 <end loop> 13 14 Unbind; 15 Disconnect; 16} If a connection loss is simulated while the program is sleeping (line 11), when the thread wakes up and invokes the Search method (line 6) is doesn't through an exception and thereafter the thread gets locked when running hasMoreElements() on the results (line 8). SOLUTION The cause of the problem is belived to be within the Connection object in the method 'writeMessage' (below extract from /com/novell/ldap/Connection.java object version 1.88): /* * IOException could be due to a server shutdown notification which * caused our Connection to quit. If so we send back a slightly * different error message. We could have checked this a little * earlier in the method but that would be an expensive check each * time we send out a message. Since this shutdown request is * going to be an infrequent occurence we check for it only when * we get an IOException. shutdown() will do the cleanup. */ if( clientActive) { // We beliefe the connection was alive if (unsolSvrShutDnNotification) { // got server shutdown throw new LDAPException( ExceptionMessages.SERVER_SHUTDOWN_REQ, new Object[] { host, new Integer(port)}, LDAPException.CONNECT_ERROR, null, ioe); } // Other I/O Exceptions on host:port are reported as is throw new LDAPException(ExceptionMessages.IO_EXCEPTION, new Object[] {host, new Integer(port)}, LDAPException.CONNECT_ERROR, null, ioe); } The fact that the Connection has been lost causes prior to issuing a search to the server to set the value of clietActive to false. The latter in turn causes that any IOExceptions within the method not be handled properly (not thrown at all) causing the mentioned problem. PROPOSED FIX To add a default Exception throwing code for the cases where 'clientActive' is false. /* * IOException could be due to a server shutdown notification which * caused our Connection to quit. If so we send back a slightly * different error message. We could have checked this a little * earlier in the method but that would be an expensive check each * time we send out a message. Since this shutdown request is * going to be an infrequent occurence we check for it only when * we get an IOException. shutdown() will do the cleanup. */ if( clientActive) { // We beliefe the connection was alive if (unsolSvrShutDnNotification) { // got server shutdown throw new LDAPException( ExceptionMessages.SERVER_SHUTDOWN_REQ, new Object[] { host, new Integer(port)}, LDAPException.CONNECT_ERROR, null, ioe); } // Other I/O Exceptions on host:port are reported as is throw new LDAPException(ExceptionMessages.IO_EXCEPTION, new Object[] {host, new Integer(port)}, LDAPException.CONNECT_ERROR, null, ioe); } else // Other I/O Exceptions on host:port are reported as is throw new LDAPException(ExceptionMessages.IO_EXCEPTION, new Object[] {host, new Integer(port)}, LDAPException.CONNECT_ERROR, null, ioe); }

1 0

Re: (ITS#4702) out-of-memory on huge DB ?
by paolo.rossi.con＠h3g.it 16 Oct '06

16 Oct '06

Another day, another try. Today I've tried the slapcat (32Bit) a 8 GB RAM solaris/sparc machine. also this time I had: core dumped ch_malloc of 16392 bytes failed ch_malloc.c:57: failed assertion `0' allocation at coredump was PID RSS VSZ %MEM TIME STIME COMMAND 29941 4164952 4168968 51.8 01:15:27 16:03:43 slapcat It seems the famous 4GB allocation limit on 32Bit build ? I will try the last shot, reloading a BD on a 64 Bit build; but seems the 32Bit build, had no hope to finish the task :( Paolo

1 0

Re: (ITS#4713) test030-relay broken in HEAD
by ando＠sys-net.it 15 Oct '06

15 Oct '06

quanah(a)stanford.edu wrote: > --On Monday, October 16, 2006 5:41 AM +0000 quanah(a)stanford.edu wrote: > > > > >> I'll see if I can get a core from it. >> > > Never mind, I found the problem in slapd.1.out: > > /usr/local/build/ldap-head-20061015/servers/slapd/.libs/lt-slapd: > relocation error: ../servers/slapd/back-meta/.libs/back_meta-2-devel.so.0: > undefined symbol: ldap_back_proxy_authz_ctrl > > > Sounds like something isn't being linked right, or something isn't declared > right in the back-meta build. > Right. Back-meta occasionally reuses stuff from back-ldap; apparently I pulled et another function from there, so it seems you need to load back_ldap.la as well to use back_meta.la. I wonder if there's any better solution (e.g. statically link back_meta.la with back_ldap.la, but then there would be duplicates when one loads both?). Too bad I don't routinely check HEAD with all-modules builds, sorry. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4713) test030-relay broken in HEAD
by quanah＠stanford.edu 15 Oct '06

15 Oct '06

--On Monday, October 16, 2006 5:41 AM +0000 quanah(a)stanford.edu wrote: > I'll see if I can get a core from it. Never mind, I found the problem in slapd.1.out: /usr/local/build/ldap-head-20061015/servers/slapd/.libs/lt-slapd: relocation error: ../servers/slapd/back-meta/.libs/back_meta-2-devel.so.0: undefined symbol: ldap_back_proxy_authz_ctrl Sounds like something isn't being linked right, or something isn't declared right in the back-meta build. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4713) test030-relay broken in HEAD
by quanah＠stanford.edu 15 Oct '06

15 Oct '06

--On Monday, October 16, 2006 5:38 AM +0000 ando(a)sys-net.it wrote: > quanah(a)stanford.edu wrote: >> When running test030-relay, I get a failure. >> > works just fine here, on Linux 32 bit and Solaris 64 bit >> Basic output shows: >> >> Using meta backend... >> >> Starting slapd on TCP/IP port 9011... >> Using ldapsearch to check that slapd is running... >> Using ldapadd to populate the database... >> Searching base="dc=example,dc=com"... >> Searching base="o=Example,c=US"... >> Search failed (255)! >> ./scripts/test030-relay: line 79: kill: (20796) - No such process >> > Sounds like slapd either stopped or crashed; anything relevant from > slapd's logs (or any core dump around)? >> The ldapsearch.out file shows: >> > snip... >> # searching base="o=Example,c=US"... >> ldap_result: Can't contact LDAP server (-1) >> > This is not much indicative of the reason of the failure; see above. > Note that Saturday 14 I made sort of a mess in HEAD with daemon.c, which > I only noticed and fixed late Sunday 15; please make sure you're using > the correct files from HEAD. It is HEAD as of now, i.e., I retrieved it this evening. ;) I'll see if I can get a core from it. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

← Newer
1
2
3
4
5
6
7
8
9
...
14
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2006