openldap-bugs April 2007

openldap-bugs@openldap.org

38 participants
126 discussions

Re: (ITS#4881) ldapsearch, SSL and segmentation fault
by hyc＠symas.com 02 Apr '07

02 Apr '07

andrej.groups(a)gmail.com wrote: > Full_Name: Andrej Ricnik > Version: ldapsearch 2.3.21 > OS: Slackware 11 > URL: > Submission from: (NULL) (138.235.105.2) > > > I'm trying to use ldapsearch against Novell eDir 8.7.3.9 (on Solaris) which > works fine when used w/o encryption. If I use the self-signed Cert created on > the eDir server ldapsearch segfaults. > > This works fine (returns the expected 46 DNs): > ldapsearch -D cn=wpsbind,ou=wcm,ou=systemusers,ou=users,o=myorg -W -h > dev4.kdc.myorg.org -x -s sub -LLL '(cn=*)' > > This one segfaults after the 45th DN: > ldapsearch -ZZ -D cn=wpsbind,ou=wcm,ou=systemusers,ou=users,o=myorg -W -h > dev4.kdc.myorg.org -x -s sub -LLL '(cn=*)' > > It looks similar to ITN# 889 ... Not likely, since that involved SASL and this does not. There's not enough info here. Please provide a stack trace of the crash in the client. Also see the FAQ http://www.openldap.org/faq/index.cgi?file=59 -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: slapd+pcache keeps crashing on FreeBSD 6.2 (ITS#4841)
by hyc＠symas.com 02 Apr '07

02 Apr '07

imriz(a)co.zahav.net.il wrote: > Sure. New core dumps and binary file is at > http://mariska.inter.net.il/~imriz/slapd-core.tar.gz The slapd in this snapshot was stripped so no debug symbols are present. Please be sure to use an unstripped binary. Also, since you're also loading libldap_r, liblber, back-ldap, back-bdb, back-meta, and back-ldbm dynamically, you'll need to include those modules in the tarball. (Also with debug and unstripped.) Although at this point I'm wondering why you're using back-ldbm, which has been deprecated for quite a long time. > Please notice that the previous dump was from FreeBSD ports (OpenLDAP > version 2.3.33). > > This one was fetched from the CVS (OPENLDAP_REL_ENG_2_3), with the > following configure options: > > ./configure --with-threads=posix --with-tls=openssl --enable-dynamic > --without-cyrus-sasl --enable-modules --localstatedir=/var/ > db --enable-ldbm=mod --enable-crypt --enable-lmpasswd --enable-ldap=mod > --enable-meta=mod --enable-rewrite --enable-null=mod --enabl > e-monitor=mod --enable-proxycache --disable-syncprov --enable-bdb=mod > --enable-hdb=mod --enable-dbm-api=berkeley --disable-slurpd -- > prefix=/usr/local --enable-debug > > > -----Original Message----- > From: Howard Chu [mailto:openldap-its@OpenLDAP.org] > Sent: Tuesday, February 13, 2007 1:14 AM > To: Imri Zvik > Subject: Re: slapd+pcache keeps crashing on FreeBSD 6.2 (ITS#4841) > > It looks like this core is from a binary without debug symbols present, > can you > recompile with debugging enabled and get a new stack trace and core > file? > > > . > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 7:44 PM +0000 quanah(a)stanford.edu wrote: > > > --On Monday, April 02, 2007 9:42 PM +0200 Pierangelo Masarati > <ando(a)sys-net.it> wrote: > >> quanah(a)stanford.edu wrote: >> >>> database hdb >>> suffix "dc=stanford,dc=edu" >>> rootdn "cn=manager,dc=stanford,dc=edu" >>> >>> overlay valsort >>> valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted >>> valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted >>> >>> overlay dynlist >>> dynlist-attrset groupOfURLS memberURL member >>> >>> limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" >>> time.soft=unlimited time.hard=unlimited size.soft=unlimited >>> size.hard=unlimited >> >> There it is: "limits" is a database specific directive appearing >> __after__ overlay instantiation. Try moving all database-specific >> directives __before__ any overlay instantiation. > > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. In any case, reordering the slapd.conf files so the overlay stuff all appears last has definitely fixed it. Yeah, and thanks. :) There's a lot I'm looking forward to in 2.4. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 12:42 PM -0700 Quanah Gibson-Mount <quanah(a)stanford.edu> wrote: > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. That doesn't seem to be it either. For example, on my master, I have: database hdb suffix "dc=stanford,dc=edu" rootdn "cn=manager,dc=stanford,dc=edu" # Syncrepl Provider overlay syncprov syncprov-checkpoint 1000 60 # Dynamic Group Overlay overlay dyngroup # Uniqueness Overlay overlay unique unique_base cn=people,dc=stanford,dc=edu unique_attributes suunivid suproxycardnumber sucardnumber suuniqueidentifier # Valsort Overlay overlay valsort valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted #valsort-attr ou cn=people,dc=stanford,dc=edu weighted #valsort-attr suAffiliation cn=people,dc=stanford,dc=edu weighted #valsort-attr suDisplayAffiliation cn=people,dc=stanford,dc=edu weighted overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 07+00:00 01+00:00 # Let ldapadmin have limitless searches limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits group="cn=ldapreplica,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # Save the time that the entry gets modified lastmod on # Set the location of where the database storage files go. directory /var/lib/ldap dbconfig set_cachesize 3 536870912 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log/bdb dbconfig set_lk_max_locks 3000 # # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resource contention from multiple clients on systems with multiple CPU's. dbconfig set_tas_spins 1 # Checkpoint the database to prevent transaction loss in unclean shutdowns, and speed up slapd shutdowns. checkpoint 1024 5 # Indices to maintain index default eq index cn index dc index entryCSN index entryUUID index objectClass index krb5PrincipalName index suCardNumber index suGeneralID index suProxyCardNumber index suRegID index suUniqueIdentifier index suUnivID index uid ####################################################################### # back-monitor database definitions ####################################################################### database monitor As you can see, *multiple* overlay statements and directives, prior to the "limits" command. It does not exhibit the problems I see on my replica. The issue only arises once dynlist is enabled. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by ando＠sys-net.it 02 Apr '07

02 Apr '07

Quanah Gibson-Mount wrote: > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. Well, the issue is subtle. You risk inconsistency whenever an overlay supports back-config __and__ the out-of-order directive uses some special back-config feature, like the possibility to directly write a value to the database/overlay structure. The way back-config statement/data structure resolution is designed in re23, the out-of-order directive will use the wrong data structure, thus resulting at least in breaking the configuration but, in some cases, in breaking the consistency of the process, by randomly writing, for example, on the stack or on the heap. This should be now fixed in HEAD, but the fix was not so easy to backport because back-config significantly changed in the meanwhile. So, since usually there is no need to write out-of-order statements (back-meta could be an exception, but fortunately enough it doesn't support back-config yet :), there is no pressure for fixing this issue in re23. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 9:42 PM +0200 Pierangelo Masarati <ando(a)sys-net.it> wrote: > quanah(a)stanford.edu wrote: > >> database hdb >> suffix "dc=stanford,dc=edu" >> rootdn "cn=manager,dc=stanford,dc=edu" >> >> overlay valsort >> valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted >> valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted >> >> overlay dynlist >> dynlist-attrset groupOfURLS memberURL member >> >> limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" >> time.soft=unlimited time.hard=unlimited size.soft=unlimited >> size.hard=unlimited > > There it is: "limits" is a database specific directive appearing > __after__ overlay instantiation. Try moving all database-specific > directives __before__ any overlay instantiation. Ah, I see... So its not just global/db. So all overlay bits should be listed last? And I assume this only happens when you have more than one overlay in use? Because it only happens once both valsort and dynlist are enabled. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by ando＠sys-net.it 02 Apr '07

02 Apr '07

quanah(a)stanford.edu wrote: > database hdb > suffix "dc=stanford,dc=edu" > rootdn "cn=manager,dc=stanford,dc=edu" > > overlay valsort > valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted > valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted > > overlay dynlist > dynlist-attrset groupOfURLS memberURL member > > limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" > time.soft=unlimited time.hard=unlimited size.soft=unlimited > size.hard=unlimited There it is: "limits" is a database specific directive appearing __after__ overlay instantiation. Try moving all database-specific directives __before__ any overlay instantiation. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4902) ManPage in 2.3.19 RPM is completely screwed up
by ando＠sys-net.it 02 Apr '07

02 Apr '07

Please keep replies on the ITS: the "T" stands for "tracking". Wei Weng wrote: > I just installed 2.3.34 version that was found to be the latest > "Release" from openLDAP. Not only there isn't any mention of > LDAP_DEPRECATED, in OpenLDAP 2.3 source tree: bash-3.00$ grep LDAP_DEPRECATED -rI include/ include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED > but there isn't manpage for the new ldap_initialize > function either. You're right, it's only been released starting with 2.4. > I am just very surprised that a quite mature openLDAP open source > projects can be this careless about the documentation. I already explained the reason in my previous posting. It's not lack of care, it's optimization of resources. The code works fine also without documentation, which eventually will converge (and it __is__ converging, in OpenLDAP 2.4). > There is (only > place) mention of ldap_initialize function in ldap.3: "A session handle > is created using ldap_initialize(3)". Naturally you want to do a man > ldap_initialize but there is nothing. ITS#3947 addresses this issue. > I was reporting this bug so that the "newbies" (new to openLDAP APIs) > won't be stuck like I was for a few hours. Then you probably should have entitled your posting "some C API man pages seem to be missing from OpenLDAP 2.3 code", or even better "this is a duplicate of ITS#2240". > Isn't the "Documentation" > supposed to help you to understand the APIs? This is not a bug. This is missing documentation, which is different. It is a known issue (ITS#2240), so your post is only adding noise. A non-noisy posting would have been accompanied by a patch fixing the issue, which is however already fixed in re24 (that's why ITS#2240 is now closed). > By the way, if you guys ask me to supply patch for the ldap_initialize, > sorry, I was just maintaining the old code to try to compile it on a > Fedora 5 box. The details about ldap APIs is above my ability. > > PS: ldap_initialize is just an example, there are also a bunch of other > functions that seemed to have been deprecated. Please check OpenLDAP 2.4. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4902) ManPage in 2.3.19 RPM is completely screwed up
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 10:59 AM -0700 Quanah Gibson-Mount <quanah(a)stanford.edu> wrote: > > I.e., ldap_init is a deprecated function, and ldap_initialize should be > used instead. However, there are many programs out there that still use > the old API, so the old functions are maintained for backwards > compatibility purposes. Hence the man page. I will also note that ldap_initialize has a man page in the 2.4 release: <http://www.openldap.org/software/man.cgi?query=ldap_initialize&apropos=0&se…> --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 9:09 PM +0200 Pierangelo Masarati <ando(a)sys-net.it> wrote: >> It looks like there's soemthing incorrect in the way it is allocating >> memory on startup. > > Apparently, there's nothing directly related to dynlist; can you post > the entire slapd.conf? I suspect something like ITS#4848, which is NOT > fixed in re23 (and likely won't). I've looked at the ITS, and I don't think it is related. As far as I know, everything in it is specifically located where it should be (global bits in the global area, database specific bits in the database areas): My slapd.conf is: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/dyngroup.schema include /usr/local/etc/openldap/schema/krb5-kdc.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/eduperson.schema include /usr/local/etc/openldap/schema/stanford-oids.schema include /usr/local/etc/openldap/schema/suacct.schema include /usr/local/etc/openldap/schema/superson.schema include /usr/local/etc/openldap/schema/suapplication.schema include /usr/local/etc/openldap/schema/suorg.schema include /usr/local/etc/openldap/schema/eduorg.schema include /usr/local/etc/openldap/schema/suworkgroup.schema allow bind_v2 TLSCertificateFile /usr/local/etc/openldap/stardomain.crt TLSCertificateKeyFile /usr/local/etc/openldap/stardomain.key TLSCACertificateFile /usr/local/etc/openldap/comodo.pem include /usr/local/etc/openldap/slapd.acl pidfile /var/run/slapd.pid argsfile /var/run/slapd.args defaultsearchbase "dc=stanford,dc=edu" gentlehup off loglevel 256 threads 8 tool-threads 2 sasl-realm stanford.edu sasl-authz-policy both sasl-regexp uid=(.*)/cgi,cn=stanford.edu,cn=gssapi,cn=auth ldap:///cn=cgi,cn=applications,dc=stanford,dc=edu??sub?krb5PrincipalName=$1/cgi@stanford.edu sasl-regexp uid=service/(.*),cn=stanford.edu,cn=gssapi,cn=auth ldap:///cn=Service,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=service/$1@stanford.edu sasl-regexp uid=webauth/(.*),cn=stanford.edu,cn=gssapi,cn=auth ldap:///cn=Webauth,cn=Applications,dc=stanford,dc=edu??sub?krb5PrincipalName=webauth/$1@stanford.edu sasl-regexp uid=(.*),cn=stanford.edu,cn=gssapi,cn=auth ldap:///uid=$1,cn=Accounts,dc=stanford,dc=edu??sub?suSeasStatus=active reverse-lookup on modulepath /usr/local/lib/openldap moduleload back_hdb.la moduleload back_monitor.la moduleload valsort.la moduleload dynlist.la database hdb suffix "dc=stanford,dc=edu" rootdn "cn=manager,dc=stanford,dc=edu" overlay valsort valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted overlay dynlist dynlist-attrset groupOfURLS memberURL member limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits dn.exact="cn=athletics,cn=service,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits dn.exact="cn=workgroup-audit,cn=service,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits dn.exact="cn=RegistryDataAuditor,cn=Service,cn=Applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits dn.exact="cn=ispace,cn=Service,cn=Applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=5000 size.hard=5000 limits dn.exact="cn=gsb-person,cn=service,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited lastmod on syncrepl rid=0 provider=ldap://ldap-devmaster.stanford.edu:389 bindmethod=sasl saslmech=gssapi realm=stanford.edu searchbase="dc=stanford,dc=edu" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog # Replica Directives updateref ldap://ldap-devmaster.stanford.edu directory /var/lib/ldap dbconfig set_cachesize 3 536870912 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log/bdb dbconfig set_lk_max_locks 3000 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_flags DB_LOG_AUTOREMOVE dbconfig set_tas_spins 1 checkpoint 1024 5 cachesize 50000 idlcachesize 50000 cachefree 1000 index_substr_any_len 3 index default eq (Long list of indices) database monitor -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2007