openldap-bugs November 2007

openldap-bugs@openldap.org

44 participants
170 discussions

Can't compile OpenLDAP with Berkekey DB: File format not recognized
by ben＠fallinganvils.com 06 Dec '07

06 Dec '07

This is my first openldap install. I am installing by compiling from source on a debian box logged in as myself in my home directory. Berkeley DB is not installed systemwide. LDAP libraries are installed systemwide, but I want to install the whole openldap tarball in my home directory and use that/run an ldap server etc. Only libraries are installed systemwide. No ldap server software is installed systemwide. I do have root access, but I don't think I should need it. If I can get it installed under /home/ben, after some experimentation, I'll install it in /home/openldap after creating an openldap user. I don't know what the debian system uses the ldap libraries it came with for, but I should be able to use my own local version without dealing with that I would think. This is what I do : 1) Install Berkeley DB 4.6.21 in /home/ben/opt/bdb $ cd db-4.6.21/build_unix $ ../dist/configure --prefix=/home/ben/opt/bdb $ make && make install $ export LD_RUN_PATH=/home/ben/opt/bdb/lib $ export CPPFLAGS='-I /home/ben/opt/bdb/include' $ export LDFLAGS='-L /home/ben/opt/bdb/lib' $ cd 2) Install OpenLDAP $ cd openldap-2.4.6 $ ./configure --prefix=/home/ben/opt/openldap $ make depend $ make Making all in /home/ben/src/openldap/openldap-2.4.6 Entering subdirectory include make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/include' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/include' Entering subdirectory libraries make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries' Making all in /home/ben/src/openldap/openldap-2.4.6/libraries Entering subdirectory liblutil make[2]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil' Entering subdirectory liblber make[2]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblber' /bin/sh ../..//libtool --mode=link cc -static -g -O2 -L /home/ben/opt/bdb/lib -o dtest dtest.o liblber.la ../../libraries/liblutil/liblutil.a -lresolv cc -g -O2 /home/ben/opt/bdb/lib -o dtest dtest.o -L/home/ben/src/openldap/openldap-2.4.6/libraries/liblber ./.libs/liblber.a ../../libraries/liblutil/liblutil.a -lresolv /usr/bin/ld: /home/ben/opt/bdb/lib: No such file: File format not recognized collect2: ld returned 1 exit status make[2]: *** [dtest] Error 1 make[2]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblber' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries' make: *** [all-common] Error 1 3) Let's investigate: $ ls /home/ben/opt/bdb bin docs include lib $ ls -l /home/ben/opt/bdb/lib -rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb-4.6.a -rw-r--r-- 1 ben ben 813 Nov 28 21:44 libdb-4.6.la -rwxr-xr-x 1 ben ben 1248813 Nov 28 21:44 libdb-4.6.so lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb-4.so -> libdb-4.6.so -rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb.a lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb.so -> libdb-4.6.so $ vi libdb-4.6.a The first bit looks like: !<arch> / 1196286289 0 0 0 27970 ` ^@^@^E0^@^@m\xea^@^@m\xea^@^@m\xea^@^@m\xea^@^@u"^@^@ Not sure what that means, but someone might... $ vi libdb-4.so The first bit looks like: ^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^C^@^C^@^A^@^@^@\xf0i^A^@4^@^@^@x\xde^Q^@^@^@^@^@4^ @ ^@^D^@(^@^_^@^\^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@\xe8\x85^Q^@\xe8 Hey! more nonsense, but ELF is familiar and seems like a plausable for a linux library... I also get this error with openldap-2.3.39 and db-4.5.20 I could not use openldap-2.3.39 with db-4.6.21 because I get incompatible version. The configure scripts looks for db versions 4.2 though 4.5 and spits out that error otherwise. Anyway, thanks for any help.

2 1

(ITS#5252) Several SQL Bugs in back-sql
by h.goebel＠goebel-consult.de 30 Nov '07

30 Nov '07

Full_Name: Version: 2.3.38 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (79.207.201.247) Debugging marks in sql-statement may lead to wrong results. The interface I implemented yields statements like this when using Thunderbird for searching for 'Klaus'. Thunderbird tries to look up in email, name and given name. Ans in my setup, search is restricted to "(objectclass=evolutionPerson)". SELECT DISTINCT ldap_entries.id,res_partner_address.id, text('evolutionPerson') AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,res_partner_address,ldap_entry_objclasses WHERE res_partner_address.id=ldap_entries.keyval AND ldap_entries.oc_map_id=1 AND 9=9 AND ((2=2 OR ( ldap_entries.id=ldap_entry_objclasses.entry_id AND ldap_entry_objclasses.oc_name='evolutionPerson')) AND (( upper(email) LIKE '%KLAUS%') OR (upper(name) LIKE '%KLAUS%') OR 7=7 OR (upper(substring(name from '\\S+..$')) LIKE '%KLAUS%'))) 1) "OR 7=7 OR" renders the whole last AND-clause useless: No selection is done on email, name or givenname. Thus all records are returned. 2) "2=2 OR" renders the restriction to a specific objectclass useless. In Bug 5198 Pierangelo Masarati say, that a good RDBMs is optimizing this part away. And exactly this is the problem.

1 0

Re: (ITS#5251) getaddrinfo might return duplicate results
by hyc＠symas.com 29 Nov '07

29 Nov '07

Ralf Haferkamp wrote: > On Donnerstag, 29. November 2007, hyc(a)symas.com wrote: >> rhafer(a)suse.de wrote: >>> Full_Name: Ralf Haferkamp >>> Version: All >>> OS: Linux, glibc 2.7 >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (89.166.161.148) >>> >>> >>> Newer versions of glibc (2.7) in my case might return duplicate addrinfo >>> structs in the results under certain circumstances. According to the >>> friendly glibc maintainer ;) this is not a bug: >>> http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 >>> Unfortunately he doesn't give a reason for this change in behavior. >> Interesting. In that bug report the /etc/hosts file has 127.0.0.1 once and >> ::1 once, so why is 127.0.0.1 being returned twice? That is clearly bogus. > The glibc code explicitly checks the /etc/hosts entry for IN6_IS_ADDR_LOOPBACK > and returns the the in_attr_t for INADDR_LOOPBACK in that case. For reasons > that the glibc author seemingly doesn't want to share with the outer world. We're calling getaddrinfo with hints.ai_family = AF_UNSPEC, so we should be getting both IPv4 and IPv6 addresses back. In this case, converting the V6 address to V4 format is obviously not desired. Also RFC2553 pretty much forbids this: (Page 25) Also note that the IPv6 hex addresses "::" and "::1" MUST NOT be treated as IPv4- compatible addresses, and if the address is "::", HOST_NOT_FOUND MUST be returned and a query of the address not performed. Also for the macro in section 6.7 IN6_IS_ADDR_V4COMPAT MUST return false for "::" and "::1". >>> BTW, I didn't find any reference in the related RFCs that state that the >>> getaddrinfo results need to be unique (nor the opposite). >>> In my current builds I simply patched slapd to check the getaddrinfo() >>> results for uniqueness in the slap_get_listner_addresses() function. Has >>> anybody a better idea how to fix this? >> I'm sure there's nothing that states that the returned info is required to >> be unique. The returned data must accurately reflect the host databases >> being queried though. If you put "127.0.0.1 localhost" twice in /etc/hosts, >> then it's reasonable to get it returned twice. But if it's only in there >> once, then returning it twice is a bug. > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5251) getaddrinfo might return duplicate results
by rhafer＠suse.de 29 Nov '07

29 Nov '07

On Donnerstag, 29. November 2007, hyc(a)symas.com wrote: > rhafer(a)suse.de wrote: > > Full_Name: Ralf Haferkamp > > Version: All > > OS: Linux, glibc 2.7 > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (89.166.161.148) > > > > > > Newer versions of glibc (2.7) in my case might return duplicate addrinfo > > structs in the results under certain circumstances. According to the > > friendly glibc maintainer ;) this is not a bug: > > http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 > > Unfortunately he doesn't give a reason for this change in behavior. > > Interesting. In that bug report the /etc/hosts file has 127.0.0.1 once and > ::1 once, so why is 127.0.0.1 being returned twice? That is clearly bogus. The glibc code explicitly checks the /etc/hosts entry for IN6_IS_ADDR_LOOPBACK and returns the the in_attr_t for INADDR_LOOPBACK in that case. For reasons that the glibc author seemingly doesn't want to share with the outer world. > > BTW, I didn't find any reference in the related RFCs that state that the > > getaddrinfo results need to be unique (nor the opposite). > > In my current builds I simply patched slapd to check the getaddrinfo() > > results for uniqueness in the slap_get_listner_addresses() function. Has > > anybody a better idea how to fix this? > > I'm sure there's nothing that states that the returned info is required to > be unique. The returned data must accurately reflect the host databases > being queried though. If you put "127.0.0.1 localhost" twice in /etc/hosts, > then it's reasonable to get it returned twice. But if it's only in there > once, then returning it twice is a bug. -- Ralf

1 0

Re: (ITS#5251) getaddrinfo might return duplicate results
by hyc＠symas.com 29 Nov '07

29 Nov '07

rhafer(a)suse.de wrote: > Full_Name: Ralf Haferkamp > Version: All > OS: Linux, glibc 2.7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (89.166.161.148) > > > Newer versions of glibc (2.7) in my case might return duplicate addrinfo structs > in the results under certain circumstances. According to the friendly glibc > maintainer ;) this is not a bug: > http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 > Unfortunately he doesn't give a reason for this change in behavior. Interesting. In that bug report the /etc/hosts file has 127.0.0.1 once and ::1 once, so why is 127.0.0.1 being returned twice? That is clearly bogus. > BTW, I didn't find any reference in the related RFCs that state that the > getaddrinfo results need to be unique (nor the opposite). > In my current builds I simply patched slapd to check the getaddrinfo() results > for uniqueness in the slap_get_listner_addresses() function. Has anybody a > better idea how to fix this? I'm sure there's nothing that states that the returned info is required to be unique. The returned data must accurately reflect the host databases being queried though. If you put "127.0.0.1 localhost" twice in /etc/hosts, then it's reasonable to get it returned twice. But if it's only in there once, then returning it twice is a bug. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5248) non-atomic signal variables
by h.b.furuseth＠usit.uio.no 29 Nov '07

29 Nov '07

Howard Chu writes: > OK, you're right, it's trivial, and I see that the configure script > already #defines sig_atomic_t to int if the system doesn't already > define it. So your suggested changes are harmless, go ahead and make > them. If you're going to that trouble, you should change gotintr to > use an explicitly defined contiguous range of values. OK, later.. that's why I filed an its first (in particular, need to look at WAKE_LISTENER first.) Which makes the rest of this reply irrelevant to the ITS, so skip it if that helps your blood pressure: > Backward compatibility only reinforces my point, since int has always > been atomic in the past. Where do you get that from? A brief search find nothing like that in the draft and standard versions I've lying around. It would also mean that sig_atomic_t would be a pointless type. >> Otherwise the standard would not have needed to define sig_atomic_t. > > Note that sig_atomic_t is an *optional* part of the standard; > implementations are not required to provide it. Irrelevant. Freestanding implementations need not provide it (nor most of the rest of the C library), but <signal.h> requires it. > The standard says it is impossible for arithmetic operations on valid > values to generate trap representations. Think about it - if it were > *possible* for intermediate states to be invalid, (...) A signal breaks the rest of the execution model. A variable need not be in an "intermediate state" according to that model when a signal arrives. Otherwise C could not use *any* inherently non-atomic types, which would rather limit which CPUs could support C. That's why the standard says signal handlers can do so aburdly few things in the first place. > Nobody is stupid enough to design a machine like that, and the > standard guarantees that programmers never have to worry about such a > stupidity ever existing. > (...) > Not on any machine ever built (for which a C translator exists). On the countrary, the existence of such hosts is precicely why the section about signal handlers explicitly contradicts you. And as Doug Gwyn said, even the little part it does guarantee was hard to get agreement for. -- Regards, Hallvard

1 0

(ITS#5251) getaddrinfo might return duplicate results
by rhafer＠suse.de 29 Nov '07

29 Nov '07

Full_Name: Ralf Haferkamp Version: All OS: Linux, glibc 2.7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.161.148) Newer versions of glibc (2.7) in my case might return duplicate addrinfo structs in the results under certain circumstances. According to the friendly glibc maintainer ;) this is not a bug: http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 Unfortunately he doesn't give a reason for this change in behavior. BTW, I didn't find any reference in the related RFCs that state that the getaddrinfo results need to be unique (nor the opposite). In my current builds I simply patched slapd to check the getaddrinfo() results for uniqueness in the slap_get_listner_addresses() function. Has anybody a better idea how to fix this?

1 0

Re: (ITS#5248) non-atomic signal variables
by hyc＠symas.com 28 Nov '07

28 Nov '07

Hallvard B Furuseth wrote: > [rearranging] > Howard Chu writes: > >> The C standard defines "int" to be the most efficient machine word, >> and that is always atomic. > > It does neither, that I can see. Among other things because "most > efficient" is not well-defined. E.g. by space or time? Efficient with > which operations? It's the recommended intent somewhere (the > Rationale?), but that must be subject to whatever other restrictions an > implementor faces. (16+ bits, backwards compatibility, etc.) Backward compatibility only reinforces my point, since int has always been atomic in the past. Likewise when migrating old code to new hardware, machine word sizes only grow if they change at all, so any word small enough to be atomic on old hardware is also atomic on new. > And the compiler can choose between an atomic and non-atomic operation, > even with volatile. Volatile guarantees a change is complete at a > sequence point. Signals need not arrive at sequence points. (C99 > 5.1.2.3p2,4. You can download the standard with amendments free at > <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf>.) Hm, seems I have a much older draft, this language in 6.2.5 Types has changed. > Otherwise the standard would not have needed to define sig_atomic_t. Note that sig_atomic_t is an *optional* part of the standard; implementations are not required to provide it. >> sig_atomic_t is irrelevant in slapcat. Whether we detect zero/non-zero >> immediately, one entry, or two entries after the signal occurs isn't >> going to make any difference. > > Well, I don't see any reason not to use it when the standard says so and > the change is trivial, even if we don't know of a real-life failure. > (E.g. if the compiler detects that the variable will not legally change > and optimizes it away, or if it is being read during a signal which > changes it so the result of the non-atomic read is a trap > representation.) The standard says it is impossible for arithmetic operations on valid values to generate trap representations. Think about it - if it were *possible* for intermediate states to be invalid, then it would be *inevitable* that they occur in normal code and you'd be producing traps practically all the time, at which point the only way to get useful work out of the hardware would be to disable the trap mechanism completely (e.g. mask off parity error exception generation). Nobody is stupid enough to design a machine like that, and the standard guarantees that programmers never have to worry about such a stupidity ever existing. >> Likewise, there's no issue with gotintr/abcan. The signal handler >> isn't armed until the writes are complete. Therefore whether it can be >> read atomically or not inside the handler is irrelevant, the value is >> constant. > So reading abcan is safe, but reading gotintr is not. Read first half > before signal as 0, last half as -1. Then the switch on it fails. Not on any machine ever built (for which a C translator exists). OK, you're right, it's trivial, and I see that the configure script already #defines sig_atomic_t to int if the system doesn't already define it. So your suggested changes are harmless, go ahead and make them. If you're going to that trouble, you should change gotintr to use an explicitly defined contiguous range of values. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5248) non-atomic signal variables
by h.b.furuseth＠usit.uio.no 28 Nov '07

28 Nov '07

[rearranging] Howard Chu writes: > The C standard defines "int" to be the most efficient machine word, > and that is always atomic. It does neither, that I can see. Among other things because "most efficient" is not well-defined. E.g. by space or time? Efficient with which operations? It's the recommended intent somewhere (the Rationale?), but that must be subject to whatever other restrictions an implementor faces. (16+ bits, backwards compatibility, etc.) And the compiler can choose between an atomic and non-atomic operation, even with volatile. Volatile guarantees a change is complete at a sequence point. Signals need not arrive at sequence points. (C99 5.1.2.3p2,4. You can download the standard with amendments free at <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf>.) Otherwise the standard would not have needed to define sig_atomic_t. > sig_atomic_t is irrelevant in slapcat. Whether we detect zero/non-zero > immediately, one entry, or two entries after the signal occurs isn't > going to make any difference. Well, I don't see any reason not to use it when the standard says so and the change is trivial, even if we don't know of a real-life failure. (E.g. if the compiler detects that the variable will not legally change and optimizes it away, or if it is being read during a signal which changes it so the result of the non-atomic read is a trap representation.) > Likewise, there's no issue with gotintr/abcan. The signal handler > isn't armed until the writes are complete. Therefore whether it can be > read atomically or not inside the handler is irrelevant, the value is > constant. So reading abcan is safe, but reading gotintr is not. Read first half before signal as 0, last half as -1. Then the switch on it fails. -- Hallvard

1 0

Re: (ITS#5248) non-atomic signal variables
by hyc＠symas.com 28 Nov '07

28 Nov '07

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD > OS: > URL: > Submission from: (NULL) (129.240.6.233) > Submitted by: hallvard > > > Some non-atomic variables are used both outside and inside signal handlers: > > clients/tools/common.c: > static int gotintr; > static int abcan; > servers/slapd/daemon.c: > static volatile int waking; > (used via WAKE_LISTENER in signal handler) > slapd/slapcat.c: > static int gotsig; > > They need to be volatile sig_atomic_t. > That can be signed or unsigned char, so abcan must be set to some > #define in range 0..127 instead of -1. > > Two more problems: > > WAKE_LISTENER will not be correct anyway since it does '++waking' (not > atomic) and is called both inside and outside a signal handler. > The !NO_THREADS version is OK. > > For that matter, behavior is only defined when the signal handler > _writes_ a volatile sig_atomic_t, not when it _reads_ it: > http://groups.google.no/group/comp.std.c/msg/d01196111ce93615 > Dunno what the problem is, or if it is worse than variables > accessed by threads. I don't see anything to do about it either. No. volatile is used in daemon.c, yes. It is not needed in clients/tools or slapcat. sig_atomic_t is irrelevant in slapcat. Whether we detect zero/non-zero immediately, one entry, or two entries after the signal occurs isn't going to make any difference. Likewise, there's no issue with gotintr/abcan. The signal handler isn't armed until the writes are complete. Therefore whether it can be read atomically or not inside the handler is irrelevant, the value is constant. And of course... http://www.gnu.org/software/libc/manual/html_node/Atomic-Types.html#Atomic-… The C standard defines "int" to be the most efficient machine word, and that is always atomic. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2007