openldap-bugs November 2007

openldap-bugs@openldap.org

44 participants
170 discussions

Start a nNew thread

Re: (ITS#5214) Compilation error with a non C++ compiler
by h.b.furuseth＠usit.uio.no 06 Nov '07

06 Nov '07

It has been fixed in OpenLDAP 2.3.39. -- Hallvard

1 0

(ITS#5215) Use of ln is hardcoded in some files
by emmanuel.duru＠atosorigin.com 06 Nov '07

06 Nov '07

Full_Name: Emmanuel Duru Version: 2.3.38 OS: Windows URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.68.44.148) configure allows the use of "cp" instead of "ln", but the build/shtool tool uses a hardcoded "ln" (line 1266). Some makefiles (libraries/liblunicode, libraries/libldap_r and servers/slapd/back-hdb) use a hardcoded "-s" option. This is a problem on Windows because in cygwin environment "cp -s" behaves the same way as "ln -s". The use of "ln" is not welcome here because it creates a Windows shortcut, which is not understood by mingw compiler.

1 0

(ITS#5214) Compilation error with a non C++ compiler
by emmanuel.duru＠atosorigin.com 06 Nov '07

06 Nov '07

Full_Name: Emmanuel Duru Version: 2.3.38 OS: Solaris 8 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.68.44.148) There is a compilation error in servers/slapd/backglue.c: line 624 : "int rc" should be before line 623 : "op->o_bd = glue_back_select( b0, dn );"

1 0

UNBINDINGS and CRASH
by Antonio Guirado Puerta 05 Nov '07

05 Nov '07

Hello, We are testing openldap-2.3.38 with db-4.5.20. Our tests are oriented to measure capacity and stability of LDAP daemon. 3 clients machines perform search queries against the ldap server. We have used two types of clients: library NET::LDAP in perl, and C LDAP library directly. The problem is reproduced whit both types of clients We are observed that the ldap server crash after 24-48 hours after working with high load (1000-2000 searches/second). In log file there is the following message: connection_read(24): no connection! connection_read(18): no connection! connection_read(20): no connection! connection_read(19): no connection! connection_read(23): no connection! connection_read(18): no connection! connection_read(16): no connection! connection_read(22): no connection! connection_read(19): no connection! Using TCPDump we have observed that clients do not finish the search witch an unbind operation. Simply TCP connection is closed by a FIN packet. We suppose that this is the cause than produces the message in the LDAP log. The main issue is than after 24-48 hours the LDAP daemon dies. We have also tested openldap-2.3.30. Our configures are: Berkeley DB config.status 4.5.20 configured by ../dist/configure, generated by GNU Autoconf 2.60, with options \"'--prefix=/opt/lib/db-4.5.20' '--enable-compat185' '--enable-cxx'\" configured by ./configure, generated by GNU Autoconf 2.59, with options \"'--prefix=/opt/openldap-2.3.38' '--exec-prefix=/opt/openldap-2.3.38' '--disable-syslog' '--disable-ipv6' '--enable-slapd' '--enable-crypt' '--enable-bdb' '--enable-syncprov' '--with-threads' '--with-tls' 'CPPFLAGS=-I/opt/lib/db/include -I/opt/lib/openssl/include' 'LDFLAGS=-L/opt/lib/db/lib -L/opt/lib/openssl/lib The machine is a linux Redhat Enterprise 4.5. -- ___________________________________________ Antonio M. Guirado Puerta Sistemas de Información y Comunicaciones Fundación Integra. http://www.f-integra.org Teléfono: +34 968 355161 Fax: +34 968 355131 Correo: antonio.guirado(a)f-integra.org ___________________________________________ Este mensaje y los posibles documentos adjuntos al mismo son confidenciales y dirigidos exclusivamente a los destinatarios de los mismos. Si por un error de transmisión, o equivocación en la dirección de envío, usted ha recibido este mensaje y no es el destinatario de la información, por favor, notifíqueselo al remitente y borre este mensaje, sin usar, informar, distribuir, imprimir, copiar o difundir el mensaje, total o parcialmente, por ningún medio. Gracias.

2 1

(ITS#5213) LDAP detection failed
by harij2007＠gmail.com 05 Nov '07

05 Nov '07

Full_Name: harikrishna jalamanchili Version: 2.3.39 OS: rhel4 ws URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.57.245.11) i have configured the ldap server2.3.39. i could be able to create the user accounts using the ldapadd command. but i am having Google Search Appliance which in turn contains thE AIX server. i am connected to the internet. my ldap server is thrown with a dynamic ip address. now what is the problem is when i am trying to access the ldap server through the internet "LDAP detection failed" which is the message i am getting. step wise i display the configuration: step1: installed the RPM's - openldap-servers/openldap-server-sql/openldap-clients/openldap step2: extracted the openldap<version>.tgz from the net step3: cd openldap<version>/ ./configure step4: make depend step5: make step6: make test step7: su root -c 'make install' step8: then /usr/local/etc/openldap/sladp.conf file configured step9: then i edited /etc/openldap/slapd.conf file step10: then i edited /etc/openldap/ldap.conf file step11: i have created ldif file step12: according to the database i created ldif file format step13: i have edited ldap.conf file where i specified the URI i could be able to search the ldapaccounts but i was not been able to access it from the internet and as well as from gsa

1 0

ITS#5212 command that caused the crash
by tonni＠hetnet.nl 05 Nov '07

05 Nov '07

> That's all very interesting, but you haven't provided the standard > items needed in a crash report - a stack trace from the crash, Yes I have, but later than your reply on the ITS site. > and the actual client command that caused the crash. Also, the slapd > configuration, plus any relevant schema if you've used any custom > schema in relation to this failing command. Other details: Command: ldapsearch2.4 -x -D "cn=admin,dc=billy,dc=demon,dc=nl" -w secret 'facsimileTelephoneNumber=+4753491111' facsimile TelephoneNumber slapd.conf: 1386 [root:tru.leerlingen] /etc/openldap2.4 # grep '^[^#]' slapd.conf include /etc/openldap2.4/schema/core.schema include /etc/openldap2.4/schema/cosine.schema include /etc/openldap2.4/schema/corba.schema include /etc/openldap2.4/schema/inetorgperson.schema include /etc/openldap2.4/schema/java.schema include /etc/openldap2.4/schema/krb5-kdc.schema include /etc/openldap2.4/schema/kerberosobject.schema include /etc/openldap2.4/schema/misc.schema include /etc/openldap2.4/schema/nis.schema include /etc/openldap2.4/schema/nitrobit-ads.schema include /etc/openldap2.4/schema/openldap.schema include /etc/openldap2.4/schema/samba.schema include /etc/openldap2.4/schema/evolutionperson.schema include /etc/openldap2.4/schema/calendar.schema include /etc/openldap2.4/schema/qmail.schema include /etc/openldap2.4/schema/authldap.schema include /etc/openldap2.4/schema/dhcp.schema include /etc/openldap2.4/schema/pykota.schema include /etc/openldap2.4/schema/ppolicy.schema include /etc/openldap2.4/schema/DUAConfigProfile.schema include /etc/openldap2.4/schema/local.schema pidfile /var/run/ldap2.4/slapd.pid argsfile /var/run/ldap2.4/slapd.args allow bind_v2 password-hash {CLEARTEXT} TLSCACertificateFile /etc/certs/CA/CA.pem TLSCertificateFile /etc/certs/slapd/servercert.pem TLSCertificateKeyFile /etc/certs/slapd/serverkey.pem TLSVerifyClient never sasl-authz-policy to authz-regexp uid=(.*),cn=digest-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1" authz-regexp uid=(.*),cn=cram-md5,cn=auth "ldap:///dc=billy,dc=demon,dc=nl??sub?uid=$1" include /etc/openldap2.4/slapd.access modulepath /usr/lib/openldap2.4 moduleload back_ldap.la moduleload back_monitor.la moduleload accesslog.la moduleload ppolicy.so moduleload smbk5pwd.so plugin preoperation libaddrdnvalues-plugin.so addrdnvalues_preop_init backend monitor database monitor database config rootdn "cn=admin,dc=billy,dc=demon,dc=nl" database bdb suffix "dc=billy,dc=demon,dc=nl" directory /var/lib/ldap2.4/ rootdn "cn=admin,dc=billy,dc=demon,dc=nl" rootpw kopjekoffie overlay ppolicy ppolicy_default "cn=Standard,ou=Policies,dc=billy,dc=demon,dc=nl" ppolicy_use_lockout overlay smbk5pwd cachesize 1000 checkpoint 250 240 loglevel stats dbconfig set_cachesize 0 10240000 1 dbconfig set_lg_regionmax 2048000 dbconfig set_lg_bsize 2048000 dbconfig set_lk_max_locks 2000 dbconfig set_lk_max_lockers 2000 dbconfig set_lk_max_objects 2000 index entryCSN,entryUUID eq include /etc/openldap2.4/indices.conf indices.conf: 1385 [root:tru.leerlingen] /etc/openldap2.4 # grep '^[^#]' indices.conf index accountstatus pres,eq index anniversary pres,eq index assistantName pres,eq index assistantPhone pres,eq index birthDate pres,eq index businessRole pres,eq index calCalURI pres,eq index calFBURL pres,eq index callbackPhone pres,eq index carPhone pres,eq index category pres,eq index cn pres,eq,sub index companyPhone pres,eq index description pres,eq,sub index destinationIndicator pres,eq,sub index dhcpClassData pres,eq index dhcpHWAddress pres,eq index dhcpPrimaryDN pres,eq index dhcpRange pres,eq index displayName pres,eq,sub index fileAs pres,eq,sub index filtermember pres,eq,sub index gidNumber pres,eq index givenName pres,eq index homePhone pres,eq index homePostalAddress pres index krb5PrincipalName eq index labeledURI pres,eq index mail pres,eq,sub index mailer pres,eq index maillocaladdress pres,eq index mailroutingaddress pres,eq index mailsource pres,eq index managerName pres,eq index memberuid pres,eq index mobile pres,eq index note pres,eq index o pres,eq index objectClass pres,eq index otherPhone pres,eq index otherPostalAddress pres index ou pres,eq index pager pres,eq index postalAddress pres index primaryPhone pres,eq index pykotaUserName pres,eq,sub index pykotaGroupName pres,eq,sub index pykotaPrinterName pres,eq,sub index pykotaBillingCode pres,eq,sub index pykotaLastJobIdent eq index quota pres,eq index radio pres,eq index rfc822mailmember pres,eq index roomNumber pres,eq index sn pres,eq,sub index spouseName pres,eq index telephoneNumber pres,eq index facsimileTelephoneNumber pres index telex pres,eq index title pres,eq index tty pres,eq index uid pres,eq index uidNumber pres,eq index uniqueMember pres index userPassword pres,eq index sambaAcctFlags pres,eq index sambaAlgorithmicRidBase pres,eq index sambaDomainName pres,eq index sambaGroupType pres,eq index sambaHomeDrive pres,eq index sambaHomePath pres,eq index sambaKickoffTime pres,eq index sambaLMPassword pres,eq index sambaLogoffTime pres,eq index sambaLogonScript pres,eq index sambaLogonTime pres,eq index sambaNextGroupRid pres,eq index sambaNextRid pres,eq index sambaNextUserRid pres,eq index sambaNTPassword pres,eq index sambaPrimaryGroupSID pres,eq index sambaProfilePath pres,eq index sambaPwdCanChange pres,eq index sambaPwdLastSet pres,eq index sambaPwdMustChange pres,eq index sambaSID pres,eq,sub index sambaUserWorkstations pres,eq slapd.access: 1388 [root:tru.leerlingen] /etc/openldap2.4 # grep '^[^#]' slapd.access access to dn="cn=config" by dn=cn=admin,dc=billy,dc=demon,dc=nl write by * none access to dn.subtree="cn=config" by dn=cn=admin,dc=billy,dc=demon,dc=nl write by * none access to dn.subtree="cn=monitor" by dn.exact=cn=admin,dc=billy,dc=demon,dc=nl write by * read access to dn.subtree=dc=billy,dc=demon,dc=nl attrs=userPassword,sambaLMPassword,sambaNTPassword,accountStatus by dn=cn=admin,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by self write by * auth access to dn.subtree=dc=billy,dc=demon,dc=nl attrs=registeredAddress,street,postalCode,postalAddress,localityName,homePhone attrs=mail,mobile,birthDate by dn=cn=admin,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by self write access to dn.subtree=ou=contacts,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by * read access to dn.subtree=ou=pykota,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by dn=cn=pykotaadmin,ou=pykota,dc=billy,dc=demon,dc=nl write by dn=cn=pykotauser,ou=pykota,dc=billy,dc=demon,dc=nl read by * none access to dn.subtree=dc=billy,dc=demon,dc=nl attrs=pykotaLimitBy,pykotaUserName,pykotaOverCharge,pykotaLifeTimePaid,pykotaBalance,pykotaLifeTimePaid,pykotaPayments by dn=cn=admin,dc=billy,dc=demon,dc=nl write by dn=cn=pykotaadmin,ou=pykota,dc=billy,dc=demon,dc=nl write by dn=cn=pykotauser,ou=pykota,dc=billy,dc=demon,dc=nl read by * none access to dn=cn=admin,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by dn=cn=pykotaadmin,ou=pykota,dc=billy,dc=demon,dc=nl write by * search access to dn.subtree=dc=billy,dc=demon,dc=nl attrs=postalAddress,title,fileAs,telephoneNumber,description,homePhone,mobile,birthDate,mail attrs=accountstatus,confirmtext,maildrop,mailbox,mailMessageStore,homepostaladdress attrs=shadowLastChange,shadowMin,shadowMax,shadowWarning,shadowInactive,shadowFlag,shadowExpire attrs=sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,sambaPwdLastSet attrs=sambaSID,sambaPrimaryGroupSID,sambaPasswordHistory,sambaKickoffTime attrs=sambaPwdMustChange,sambaAcctFlags,sambaPasswordHistory,sambaKickoffTime,sambaLogonHours attrs=sambaPwdCanChange,sambaPwdLastSet,sambaSID,sambaPrimaryGroupSID,sambaBadPasswordCount,sambaBadPasswordTime attrs=sambaLogonHours,sambaLogonScript,sambaHomeDrive,sambaDomainName attrs=mailhost,quota,member by dn=cn=admin,dc=billy,dc=demon,dc=nl write by dn=cn=pykotaadmin,ou=pykota,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by self write by * none access to dn.base=cn=tru.leerlingen,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by dn=cn=pykotaadmin,ou=pykota,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by * none access to dn.subtree=cn=System,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by * none access to dn.subtree=ou=mailaliases,ou=groups,dc=billy,dc=demon,dc=nl by dn=cn=admin,dc=billy,dc=demon,dc=nl write by group=cn=peoplemanagers,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl write by * read access to dn.subtree="" by dn=cn=admin,dc=billy,dc=demon,dc=nl write by * read access to dn.subtree="dc=billy,dc=demon,dc=nl" by * read Relevant schema: core.schema --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl

1 0

Re: (ITS#5209) Setting sasl-host in slapd.conf fails
by hyc＠symas.com 05 Nov '07

05 Nov '07

arjones(a)simultan.dyndns.org wrote: > Full_Name: Andrew Rucker Jones > Version: 2.4.6 > OS: Linux > URL: > Submission from: (NULL) (87.165.239.200) > > > I just upgraded from a working 2.3.39 installation to 2.4.6 without making > changes, but slapd does not start. Upon further investigation, i found that > slaptest claims my slapd.conf is clean, but slapd -d 100 says that sasl-host is > already set. That is, in my slapd.conf, i set sasl-host once and only once, but > slapd comes across that lines and claims that sasl-host had already been set > before that. Looking at the code, it seems that lines 354-358 in config.c > (servers/slapd/) fails to accurately check whether or not something with the > ARG_UNIQUE flag has really already been set from the configuration file. > > Commenting out the sasl-host line in slapd.conf lets slapd start, but i assume > from looking at bconfig.c that the value of sasl-host is wrong. Thanks for the report, this is now fixed in HEAD. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5212) OL 2.4.6 slapd crashes on ?undefined search string
by hyc＠symas.com 05 Nov '07

05 Nov '07

tonni(a)hetnet.nl wrote: > Full_Name: Tonni Earnshaw > Version: 2.4.6 > OS: Fedora FC6 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.10.163.78) > > > slapd built on FC6 from Buchan Milne's openldap2.4-2.4.6-1mdv2008.1.src.rpm > available on Mandriva Cooker mirrors and specifically composed to recognize Red > Hat-derived systems. Building the source results in a number of rpms, one of > which is openldap2.4-servers-2.4.6-1.fc6.i386.rpm and contains slapd2.4. > Running 'make test' in the rpm BUILD folder after the build resulted in all > (52?) tests passing. > > slapd2.4 normally runs stably and well. Although FC6 has native BDB 4.3.29, > Buchan has created slapds to use a discrete patched 4.2.52. Whilst checking a > question on the ML and searching on the rfc2256 core.schema attribute > facsimileTelephoneNumber slapd crashed repeatedly. Increasing log level output > to 1 and parsing slaps's log showed it doing this on returning a value of > ?undefined for the search. That's all very interesting, but you haven't provided the standard items needed in a crash report - a stack trace from the crash, and the actual client command that caused the crash. Also, the slapd configuration, plus any relevant schema if you've used any custom schema in relation to this failing command. - -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

ITS#5212 stack trace on unstripped slapd binary
by tonni＠hetnet.nl 05 Nov '07

05 Nov '07

(gdb) continue Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1237890160 (LWP 3221)] 0x080774fb in filter2bv_x (op=0x9f3eea0, f=0xb58731dc, fstr=0x9f3eee4) at filter.c:610 610 if ( f->f_av_desc->ad_type->sat_equality->smr_usage & SLAP_MR_MUTATION_NORMALIZER ) { (gdb) bt #0 0x080774fb in filter2bv_x (op=0x9f3eea0, f=0xb58731dc, fstr=0x9f3eee4) at filter.c:610 #1 0x08074afb in do_search (op=0x9f3eea0, rs=0xb6374144) at search.c:138 #2 0x0807240c in connection_operation (ctx=0xb6374238, arg_v=0x9f3eea0) at connection.c:1145 #3 0x08072981 in connection_read_thread (ctx=0xb6374238, argv=0x13) at connection.c:1271 #4 0x00d4ee07 in ldap_int_thread_pool_wrapper (xpool=0x9dd9540) at tpool.c:619 #5 0x00be245b in start_thread () from /lib/libpthread.so.0 #6 0x00b2523e in clone () from /lib/libc.so.6 (gdb) quit --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl

1 0

(ITS#5212) OL 2.4.6 slapd crashes on ?undefined search string
by tonni＠hetnet.nl 04 Nov '07

04 Nov '07

Full_Name: Tonni Earnshaw Version: 2.4.6 OS: Fedora FC6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.10.163.78) slapd built on FC6 from Buchan Milne's openldap2.4-2.4.6-1mdv2008.1.src.rpm available on Mandriva Cooker mirrors and specifically composed to recognize Red Hat-derived systems. Building the source results in a number of rpms, one of which is openldap2.4-servers-2.4.6-1.fc6.i386.rpm and contains slapd2.4. Running 'make test' in the rpm BUILD folder after the build resulted in all (52?) tests passing. slapd2.4 normally runs stably and well. Although FC6 has native BDB 4.3.29, Buchan has created slapds to use a discrete patched 4.2.52. Whilst checking a question on the ML and searching on the rfc2256 core.schema attribute facsimileTelephoneNumber slapd crashed repeatedly. Increasing log level output to 1 and parsing slaps's log showed it doing this on returning a value of ?undefined for the search. Because Buchan's builds install discrete OL versions, OL 2.3.39 and 2.4.6 both exist on my system and can be run independently. Sopping slapd2.4 and starting slapd2.3 proved that this problem doees not exist with 2.3.39. An ldd on the slapd binary shows it uses its own libraries, not those of slapd2.3: linux-gate.so.1 => (0x00110000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00d43000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00b99000) libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00d3a000) libslapd24_db-4.2.so => /usr/lib/libslapd24_db-4.2.so (0x00bf6000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x00cc9000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x041f5000) libdl.so.2 => /lib/libdl.so.2 (0x00bc2000) libssl.so.6 => /lib/libssl.so.6 (0x0073c000) libcrypto.so.6 => /lib/libcrypto.so.6 (0x0353c000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x05599000) libresolv.so.2 => /lib/libresolv.so.2 (0x003da000) libwrap.so.0 => /usr/lib/libwrap.so.0 (0x001c1000) libpthread.so.0 => /lib/libpthread.so.0 (0x00bdd000) libc.so.6 => /lib/libc.so.6 (0x00a57000) /lib/ld-linux.so.2 (0x00a3a000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x0045d000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00943000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x00a2a000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x007b4000) libz.so.1 => /usr/lib/libz.so.1 (0x00bc8000) libnsl.so.1 => /lib/libnsl.so.1 (0x0036e000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x007aa000)

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2007