Re: (ITS#4898) slapd crashes when no structural object class provided
by quanah@stanford.edu
--On Wednesday, March 28, 2007 8:45 PM +0000 blentz(a)channing-bete.com wrote:
> Full_Name: Ben Lentz
> Version: 2.3.34
> OS: Fedora Core 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (12.169.82.130)
>
>
> Background:
> This is a heavily modified RPM build of the 2.2.17 release which came
> standard with Fedora Core 3.
ldbm is deprecated, and it is highly advised that it not be used. Bugs
with LDBM are unlikely to be fixed, and it has already been removed from
the 2.4 release. If you can reproduce this issue with back-bdb, please
follow up.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
16 years, 6 months
(ITS#4898) slapd crashes when no structural object class provided
by blentz@channing-bete.com
Full_Name: Ben Lentz
Version: 2.3.34
OS: Fedora Core 3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (12.169.82.130)
Background:
This is a heavily modified RPM build of the 2.2.17 release which came standard
with Fedora Core 3.
Versions:
OpenLDAP 2.3.34, gcc-3.4.4, glibc-2.3.6, db4-4.2.52
Build:
./configure --enable-ldbm -with-ldbm-api=berkeley --enable-bdb --enable-ldap
--enable-meta --enable-monitor --enable-null --enable-rewrite --disable-shared
--with-kerberos=k5only --with-cyrus-sasl
Configuration:
/etc/openldap/slapd.conf: database ldbm
/usr/sbin/slapd -u ldap -h "ldap:///" -d 1 &
Issue:
Client executes something dumb, causing a "No structural object class" error:
ldapadd -x -D "cn=Manager,dc=my-domain,dc=com" -w secret
dn: dc=my-domain,dc=com
objectClass: top
objectClass: dcObject
dc: my-domain
^D
slapd output (crash):
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 79 contents:
ber_get_next
do_add
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <dc=my-domain,dc=com>
<<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com>
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
dn2entry_r: dn: "dc=my-domain,dc=com"
=> dn2id( "dc=my-domain,dc=com" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
<= ldbm_cache_open (opened 0)
<= dn2id NOID
entry failed op attrs add: no structural object class provided (65)
slapd: ../../../../servers/slapd/back-ldbm/cache.c:111: cache_return_entry_rw:
Assertion `e->e_private != ((void *)0)' failed.
[1]+ Aborted /usr/sbin/slapd -u ldap -h "ldap:///" -d 1
ldapadd output:
adding new entry "dc=my-domain,dc=com"
ldap_result: Can't contact LDAP server (-1)
Is there something wrong with my build or runtime environment that would cause
this? I am mostly concerned that this is a "minor security issue", e.g. server
bugs which clients can use to deny services to others. I am looking to upgrade
several production servers from 2.2.17 to 2.3.34 and need to ensure that things
are as stable as possible beforehand.
I can provide more detailed information (versions, straces, cores, etc.) upon
request.
Thanks for any insight you can provide.
16 years, 6 months
(ITS#4897) admin-guide 11.3.3.2. Policy Configuration confuses "from" and "to"
by mb@computer-leipzig.com
Full_Name: Michael Bunk
Version: 2.3.30
OS: Linux
URL:
Submission from: (NULL) (84.185.166.80)
Wrong:
"This directive can be set to none for no rules (the default), from for source
rules, to for destination rules, or both for both source and destination
rules."
Correct:
"This directive can be set to none for no rules (the default), to for source
rules, from for destination rules, or both for both source and destination
rules."
This bug is present in http://www.openldap.org/doc/admin23/sasl.html and in
revision 1.34.2.2 (HEAD at this moment) of admin/sasl.sdf.
16 years, 6 months
Re: (ITS#4892) slapd HEAD crashes with ldapi:// and SASL EXTERNAL
by ando@sys-net.it
Michael Ströder wrote:
> Pierangelo Masarati wrote:
>> michael(a)stroeder.com wrote:
>>
>>> bdb_idl_fetch_key: [5941c014]
>>> <= bdb_index_read: failed (-30989)
>> ^^^
>>
>> $ grep 30989 dn.h
>> #define DB_OLD_VERSION (-30989)/* Out-of-date version. */
>>
>> I guess something strange is going on with libdb run-time loading...
>
> Well, it seems you were right. Strange that make test did not reveal any
> problems (AFAICS). You can close that for now.
I guess it's mostly because make test never uses SASL (the only case I
know of is test028 if you explicitly force it by setting SLAPD_USE_SASL).
Cheers, p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
16 years, 6 months
Re: (ITS#4892) slapd HEAD crashes with ldapi:// and SASL EXTERNAL
by michael@stroeder.com
Pierangelo Masarati wrote:
> michael(a)stroeder.com wrote:
>
>> bdb_idl_fetch_key: [5941c014]
>> <= bdb_index_read: failed (-30989)
>
> ^^^
>
> $ grep 30989 dn.h
> #define DB_OLD_VERSION (-30989)/* Out-of-date version. */
>
> I guess something strange is going on with libdb run-time loading...
Well, it seems you were right. Strange that make test did not reveal any
problems (AFAICS). You can close that for now.
Ciao, Michael.
16 years, 6 months
Re: (ITS#4894) Connection refused
by bgmilne@staff.telkomsa.net
--nextPart1606934.cSND5gyAuy
Content-Type: text/plain;
charset="iso-8859-6"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Monday 26 March 2007, mcar_bhim(a)rediffmail.com wrote:
> Full_Name: Mukesh
> Version: v 1.8.8.7
> OS: Microsoft Windows XP Profesional Version 2002 Service Pack 2
> URL:
> Submission from: (NULL) (164.151.129.37)
>
>
> When authenticating user through LDAP "Connection to LDAP could not be
> opened. Login of user failed:" appears suddenly. This doesnot happen
> regularly but suddenly slapd crash down. To avoid this we open 30 in a day
> and at the end of the day we see that only 5 instances are only running.
You need to provide a lot more information on this.
We are doing millions of authentications per day without any problems.
You should provide at least:
1)What software you are reporting this on (I am not aware of a version 1.8.=
8.7=20
of OpenLDAP)
2)Some configuration details, e.g. a sanitized slapd.conf
3)Some means of reproducing the problem with a generic (e.g. OpenLDAP=20
commandline) client
=2D-=20
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
--nextPart1606934.cSND5gyAuy
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBGCQ31rJK6UGDSBKcRAnZAAJ9YPnPpJewNa4xNZNWaFCbIExTB4ACfUSud
+If/rn2ZlB9kj3nh7nEbE88=
=HnKz
-----END PGP SIGNATURE-----
--nextPart1606934.cSND5gyAuy--
16 years, 6 months
Re: (ITS#4896) overlay auditlog not working in 2.3.34
by bgmilne@staff.telkomsa.net
--nextPart1454941.Kjy3Wla0Ym
Content-Type: text/plain;
charset="iso-8859-6"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 27 March 2007, atmp(a)yandex.ru wrote:
> Full_Name: Artyom
> Version: 2.3.34
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (195.234.190.5)
>
>
> In 2.3.34 overlay auditlog command is not working.
> Sample slapd.conf:
> ------
> loglevel any
> database dbd
> suffix ...
> overlay auditlog /tmp/audit.log
> -------
> Log file records
> -------
> line XX: <overlay> extra cruft after <overlay> ignored.
> -------
>
> No any records will be placed in /tmp/audit.log file in case of
> append/modify operations.
Please see the man page for slapo-auditlog. Then, correct your configuratio=
n.=20
E.g.:
database dbd
suffix ...
overlay auditlog
auditlog /tmp/audit.log
I am using auditlog in production with 2.3.34.
I am sure someone with sufficient rights will close this ITS. Please use th=
e=20
OpenLDAP-software mailing list for configuration finger-trouble.
Regards,
Buchan
=2D-=20
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
--nextPart1454941.Kjy3Wla0Ym
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBGCQCurJK6UGDSBKcRAiLHAKDIrC1WGqNud9iaeRgYy+iespmy5wCgqaN5
YdTAysCusHYIcCuPRzq2mWQ=
=92Px
-----END PGP SIGNATURE-----
--nextPart1454941.Kjy3Wla0Ym--
16 years, 6 months
(ITS#4896) overlay auditlog not working in 2.3.34
by atmp@yandex.ru
Full_Name: Artyom
Version: 2.3.34
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.234.190.5)
In 2.3.34 overlay auditlog command is not working.
Sample slapd.conf:
------
loglevel any
database dbd
suffix ...
overlay auditlog /tmp/audit.log
-------
Log file records
-------
line XX: <overlay> extra cruft after <overlay> ignored.
-------
No any records will be placed in /tmp/audit.log file in case of append/modify
operations.
16 years, 6 months
(ITS#4895) overlay auditlog not working in 2.3.34
by atmp@yandex.ru
Full_Name:
Version: 2.3.34
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (195.234.190.5)
In 2.3.34 overlay auditlog command is not working.
Sample slapd.conf:
------
loglevel any
database dbd
suffix ...
overlay auditlog /tmp/audit.log
-------
Log file records
-------
line XX: <overlay> extra cruft after <overlay> ignored.
-------
No any records will be placed in /tmp/audit.log file in case of append/modify
operations.
16 years, 6 months
(ITS#4894) Connection refused
by mcar_bhim@rediffmail.com
Full_Name: Mukesh
Version: v 1.8.8.7
OS: Microsoft Windows XP Profesional Version 2002 Service Pack 2
URL:
Submission from: (NULL) (164.151.129.37)
When authenticating user through LDAP "Connection to LDAP could not be opened.
Login of user failed:" appears suddenly. This doesnot happen regularly but
suddenly slapd crash down. To avoid this we open 30 in a day and at the end of
the day we see that only 5 instances are only running.
16 years, 6 months
