openldap-bugs March 2007

openldap-bugs@openldap.org

42 participants
123 discussions

Re: (ITS#4898) slapd crashes when no structural object class provided
by quanah＠stanford.edu 29 Mar '07

29 Mar '07

--On Wednesday, March 28, 2007 8:45 PM +0000 blentz(a)channing-bete.com wrote: > Full_Name: Ben Lentz > Version: 2.3.34 > OS: Fedora Core 3 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (12.169.82.130) > > > Background: > This is a heavily modified RPM build of the 2.2.17 release which came > standard with Fedora Core 3. ldbm is deprecated, and it is highly advised that it not be used. Bugs with LDBM are unlikely to be fixed, and it has already been removed from the 2.4 release. If you can reproduce this issue with back-bdb, please follow up. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

(ITS#4898) slapd crashes when no structural object class provided
by blentz＠channing-bete.com 29 Mar '07

29 Mar '07

Full_Name: Ben Lentz Version: 2.3.34 OS: Fedora Core 3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (12.169.82.130) Background: This is a heavily modified RPM build of the 2.2.17 release which came standard with Fedora Core 3. Versions: OpenLDAP 2.3.34, gcc-3.4.4, glibc-2.3.6, db4-4.2.52 Build: ./configure --enable-ldbm -with-ldbm-api=berkeley --enable-bdb --enable-ldap --enable-meta --enable-monitor --enable-null --enable-rewrite --disable-shared --with-kerberos=k5only --with-cyrus-sasl Configuration: /etc/openldap/slapd.conf: database ldbm /usr/sbin/slapd -u ldap -h "ldap:///" -d 1 & Issue: Client executes something dumb, causing a "No structural object class" error: ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret dn: dc=my-domain,dc=com objectClass: top objectClass: dcObject dc: my-domain ^D slapd output (crash): connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 79 contents: ber_get_next do_add ber_scanf fmt ({m) ber: >>> dnPrettyNormal: <dc=my-domain,dc=com> <<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com> ber_scanf fmt ({m{W}}) ber: ber_scanf fmt ({m{W}}) ber: ber_scanf fmt (}) ber: dn2entry_r: dn: "dc=my-domain,dc=com" => dn2id( "dc=my-domain,dc=com" ) => ldbm_cache_open( "dn2id.dbb", 73, 600 ) <= ldbm_cache_open (opened 0) <= dn2id NOID entry failed op attrs add: no structural object class provided (65) slapd: ../../../../servers/slapd/back-ldbm/cache.c:111: cache_return_entry_rw: Assertion `e->e_private != ((void *)0)' failed. [1]+ Aborted /usr/sbin/slapd -u ldap -h "ldap:///" -d 1 ldapadd output: adding new entry "dc=my-domain,dc=com" ldap_result: Can't contact LDAP server (-1) Is there something wrong with my build or runtime environment that would cause this? I am mostly concerned that this is a "minor security issue", e.g. server bugs which clients can use to deny services to others. I am looking to upgrade several production servers from 2.2.17 to 2.3.34 and need to ensure that things are as stable as possible beforehand. I can provide more detailed information (versions, straces, cores, etc.) upon request. Thanks for any insight you can provide.

1 0

(ITS#4897) admin-guide 11.3.3.2. Policy Configuration confuses "from" and "to"
by mb＠computer-leipzig.com 28 Mar '07

28 Mar '07

Full_Name: Michael Bunk Version: 2.3.30 OS: Linux URL: Submission from: (NULL) (84.185.166.80) Wrong: "This directive can be set to none for no rules (the default), from for source rules, to for destination rules, or both for both source and destination rules." Correct: "This directive can be set to none for no rules (the default), to for source rules, from for destination rules, or both for both source and destination rules." This bug is present in http://www.openldap.org/doc/admin23/sasl.html and in revision 1.34.2.2 (HEAD at this moment) of admin/sasl.sdf.

1 0

Re: (ITS#4892) slapd HEAD crashes with ldapi:// and SASL EXTERNAL
by ando＠sys-net.it 28 Mar '07

28 Mar '07

Michael Ströder wrote: > Pierangelo Masarati wrote: >> michael(a)stroeder.com wrote: >> >>> bdb_idl_fetch_key: [5941c014] >>> <= bdb_index_read: failed (-30989) >> ^^^ >> >> $ grep 30989 dn.h >> #define DB_OLD_VERSION (-30989)/* Out-of-date version. */ >> >> I guess something strange is going on with libdb run-time loading... > > Well, it seems you were right. Strange that make test did not reveal any > problems (AFAICS). You can close that for now. I guess it's mostly because make test never uses SASL (the only case I know of is test028 if you explicitly force it by setting SLAPD_USE_SASL). Cheers, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4892) slapd HEAD crashes with ldapi:// and SASL EXTERNAL
by michael＠stroeder.com 28 Mar '07

28 Mar '07

Pierangelo Masarati wrote: > michael(a)stroeder.com wrote: > >> bdb_idl_fetch_key: [5941c014] >> <= bdb_index_read: failed (-30989) > > ^^^ > > $ grep 30989 dn.h > #define DB_OLD_VERSION (-30989)/* Out-of-date version. */ > > I guess something strange is going on with libdb run-time loading... Well, it seems you were right. Strange that make test did not reveal any problems (AFAICS). You can close that for now. Ciao, Michael.

1 0

Re: (ITS#4894) Connection refused
by bgmilne＠staff.telkomsa.net 27 Mar '07

27 Mar '07

--nextPart1606934.cSND5gyAuy Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 26 March 2007, mcar_bhim(a)rediffmail.com wrote: > Full_Name: Mukesh > Version: v 1.8.8.7 > OS: Microsoft Windows XP Profesional Version 2002 Service Pack 2 > URL: > Submission from: (NULL) (164.151.129.37) > > > When authenticating user through LDAP "Connection to LDAP could not be > opened. Login of user failed:" appears suddenly. This doesnot happen > regularly but suddenly slapd crash down. To avoid this we open 30 in a day > and at the end of the day we see that only 5 instances are only running. You need to provide a lot more information on this. We are doing millions of authentications per day without any problems. You should provide at least: 1)What software you are reporting this on (I am not aware of a version 1.8.= 8.7=20 of OpenLDAP) 2)Some configuration details, e.g. a sanitized slapd.conf 3)Some means of reproducing the problem with a generic (e.g. OpenLDAP=20 commandline) client =2D-=20 Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592) --nextPart1606934.cSND5gyAuy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBGCQ31rJK6UGDSBKcRAnZAAJ9YPnPpJewNa4xNZNWaFCbIExTB4ACfUSud +If/rn2ZlB9kj3nh7nEbE88= =HnKz -----END PGP SIGNATURE----- --nextPart1606934.cSND5gyAuy--

1 0

Re: (ITS#4896) overlay auditlog not working in 2.3.34
by bgmilne＠staff.telkomsa.net 27 Mar '07

27 Mar '07

--nextPart1454941.Kjy3Wla0Ym Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 27 March 2007, atmp(a)yandex.ru wrote: > Full_Name: Artyom > Version: 2.3.34 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (195.234.190.5) > > > In 2.3.34 overlay auditlog command is not working. > Sample slapd.conf: > ------ > loglevel any > database dbd > suffix ... > overlay auditlog /tmp/audit.log > ------- > Log file records > ------- > line XX: <overlay> extra cruft after <overlay> ignored. > ------- > > No any records will be placed in /tmp/audit.log file in case of > append/modify operations. Please see the man page for slapo-auditlog. Then, correct your configuratio= n.=20 E.g.: database dbd suffix ... overlay auditlog auditlog /tmp/audit.log I am using auditlog in production with 2.3.34. I am sure someone with sufficient rights will close this ITS. Please use th= e=20 OpenLDAP-software mailing list for configuration finger-trouble. Regards, Buchan =2D-=20 Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592) --nextPart1454941.Kjy3Wla0Ym Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBGCQCurJK6UGDSBKcRAiLHAKDIrC1WGqNud9iaeRgYy+iespmy5wCgqaN5 YdTAysCusHYIcCuPRzq2mWQ= =92Px -----END PGP SIGNATURE----- --nextPart1454941.Kjy3Wla0Ym--

1 0

(ITS#4896) overlay auditlog not working in 2.3.34
by atmp＠yandex.ru 27 Mar '07

27 Mar '07

Full_Name: Artyom Version: 2.3.34 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.234.190.5) In 2.3.34 overlay auditlog command is not working. Sample slapd.conf: ------ loglevel any database dbd suffix ... overlay auditlog /tmp/audit.log ------- Log file records ------- line XX: <overlay> extra cruft after <overlay> ignored. ------- No any records will be placed in /tmp/audit.log file in case of append/modify operations.

1 0

(ITS#4895) overlay auditlog not working in 2.3.34
by atmp＠yandex.ru 27 Mar '07

27 Mar '07

Full_Name: Version: 2.3.34 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.234.190.5) In 2.3.34 overlay auditlog command is not working. Sample slapd.conf: ------ loglevel any database dbd suffix ... overlay auditlog /tmp/audit.log ------- Log file records ------- line XX: <overlay> extra cruft after <overlay> ignored. ------- No any records will be placed in /tmp/audit.log file in case of append/modify operations.

1 0

(ITS#4894) Connection refused
by mcar_bhim＠rediffmail.com 27 Mar '07

27 Mar '07

Full_Name: Mukesh Version: v 1.8.8.7 OS: Microsoft Windows XP Profesional Version 2002 Service Pack 2 URL: Submission from: (NULL) (164.151.129.37) When authenticating user through LDAP "Connection to LDAP could not be opened. Login of user failed:" appears suddenly. This doesnot happen regularly but suddenly slapd crash down. To avoid this we open 30 in a day and at the end of the day we see that only 5 instances are only running.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2007