June 2007 - openldap-bugs

by h.b.furuseth＠usit.uio.no

hyc(a)symas.com writes: > steve(a)stevenwills.com wrote: >> The slapcat man page says in the Limitations section: >> >> In general, your slapd(8) should not be running (at least, not in >> read-write mode) when you do this to ensure consistency of the database. >> (...) > Given that back-ldbm has been deleted for 2.4, I guess we can just > delete this sentence. It could produce garbage data with back-ldif, and with some foreign database module. I think it should say it's safe with bdb (and null). Could copy it to the slapd-bdb(5) too. (I don't suggest to make slapcat(8) refer the user to that, since there is only one example anyway.) -- Regards, Hallvard

15 years, 11 months

1
0
0 / 0

Re: (ITS#5029) refint schema unavailable

by hyc＠symas.com

dirk.a.schaefer(a)bluewin.ch wrote: > Full_Name: Dirk Alexander Scheafer > Version: openldap-2.3.35-r1 > OS: gentoo 2007.0 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.3.4.29) > > > i have all my openldap configuration within it's internal cn=config db, > slapd.conf has been removed. i use several overlays where refint is one of them. > after slapd has started, the refint specific attributes and objectclass are not > available, not visible within the schema. > > by this, the refint overlay is not usable for my installation but there is no > error shown anywhere, regardless at which debug/log level the server is beeing > executed. This is a known limitation in 2.3, fixed in 2.4. In fact this condition is logged both to stderr and to syslog: config_build_entry: "olcDatabase={1}bdb" WARNING: No dynamic config support for overlay refint. config_build_entry: "olcOverlay={0}refint" config_build_entry: "olcDatabase={2}monitor" This ITS will be closed. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

15 years, 11 months

1
0
0 / 0

feature --enable-ppolicy

by Philippe Radix

hello I try to test the new feature the new version openldap (openldap-2.3.36) cd /alcatel/PR/ tar xvzf openldap-2.3.36.tgz cd /alcatel/PR/openldap-2.3.36 ./configure --prefix=/opt/ldap/OpenLDAP --with-cyrus-sasl --with-tls --enable-backends --enable-overlays make depend make make install i create slapd.cond --------------- vi slapd.conf include /opt/ldap/OpenLDAP/etc/openldap/schema/core.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/ppolicy.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/cosine.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/inetorgperson.schema overlay ppolicy ppolicy_default "cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com" ppolicy_use_lockout pidfile /alcatel/openldapTest/slapd.pid argsfile /alcatel/openldapTest/slapd.args database bdb suffix "dc=alcatel,dc=com" rootdn "cn=Admin,dc=alcatel,dc=com" directory /alcatel/openldapTest/data by self write by anonymous auth by * none access to * by self write by anonymous auth by * read i create defaultpolicy ------------------ dn: ou=Policies,dc=alcatel,dc=com objectClass: top objectClass: organizationalUnit ou: Policies structuralObjectClass: organizationalUnit dn: cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: StandardPolicy pwdAttribute: userPassword pwdLockoutDuration: 120 pwdInHistory: 5 pwdCheckQuality: 2 pwdExpireWarning: 86400 pwdMaxAge: 864000 pwdMinLength: 5 pwdGraceAuthNLimit: 5 pwdAllowUserChange: TRUE pwdMustChange: FALSE pwdMaxFailure: 3 pwdFailureCountInterval: 120 pwdSafeModify: FALSE structuralObjectClass: device i create user ------------ dn:cn=prtest,dc=alcatel,dc=com sn: prtest userpassword: prtest objectClass: person pwdPolicySubentry: cn=StandardPolicy cn: prtest i thinl all are ok for the policies features but and i run server ldap -------------- and i want to change password with a bad policy password ldappasswd -h 192.200.244.87 -p 389 -x -D cn=prtest,dc=alcatel,dc=com -w prtest -s titi -e ppolicy i have Result: Success (0) as answer i dont arive to see the policyies error with client ldap could you help me regards -- ************************************************************ Philippe Radix Alcatel CIT (philippe.radix(a)alcatel-lucent.fr) Tel.: (33) 01 3077 2829

15 years, 11 months

2
1
0 / 0

Re: (ITS#5028) incomplete slapcat docs

by hyc＠symas.com

steve(a)stevenwills.com wrote: > Full_Name: Steve Wills > Version: 2.3.19 > OS: Fedora > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (65.15.231.202) > > > The slapcat man page says in the Limitations section: > > In general, your slapd(8) should not be running (at least, not in > read-write mode) when you do this to ensure consistency of the database. > > However, I've been told several times that this only applies to ldbm and not > bdb. Not sure about other types, but it would be good to clarify this section. > Given that back-ldbm has been deleted for 2.4, I guess we can just delete this sentence. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

15 years, 11 months

1
0
0 / 0

(ITS#5029) refint schema unavailable

by dirk.a.schaefer＠bluewin.ch

Full_Name: Dirk Alexander Scheafer Version: openldap-2.3.35-r1 OS: gentoo 2007.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.3.4.29) i have all my openldap configuration within it's internal cn=config db, slapd.conf has been removed. i use several overlays where refint is one of them. after slapd has started, the refint specific attributes and objectclass are not available, not visible within the schema. by this, the refint overlay is not usable for my installation but there is no error shown anywhere, regardless at which debug/log level the server is beeing executed. greez d. a. schaefer

15 years, 11 months

1
0
0 / 0

(ITS#5028) incomplete slapcat docs

by steve＠stevenwills.com

Full_Name: Steve Wills Version: 2.3.19 OS: Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.15.231.202) The slapcat man page says in the Limitations section: In general, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency of the database. However, I've been told several times that this only applies to ldbm and not bdb. Not sure about other types, but it would be good to clarify this section.

15 years, 11 months

1
0
0 / 0

(ITS#5027) loglevel if none specified

by steve＠stevenwills.com

Full_Name: Steve Wills Version: 2.3.19 OS: Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.15.231.202) The slapd.conf man page says that if no log level is specified, no logging is done: In fact, if no loglevel (or a 0 level) is defined, no logging occurs, so at least the none level is required to have high priority messages logged. However, in my experience, with this configuration in my syslog: local4.* /var/log/ldap.log a great deal of logging is done. This seems inconsistent. Either the docs or the code are incorrect. Which is right?

15 years, 11 months

1
0
0 / 0

Re: (ITS#4839) syncrepl-related tests fail randomly

by luca＠OpenLDAP.org

hyc(a)symas.com wrote: > h.b.furuseth(a)usit.uio.no wrote: > >> ando(a)sys-net.it writes: >> >>> I'm seeing occasional failures of syncrepl-related tests in HEAD. In >>> case of test043, results differend once, but after repeating the test >>> everything went smoth. >>> >> Six HEAD/test043-delta-syncrepl failures in a row. Producer and >> consumer databases differ. RedHat Linux, i686. Logs etc from testrun: >> ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070621.tgz >> >> > Strange, I saw some failures last week but with current HEAD it just works. > Nevermind. I just checked out a fresh copy from CVS and it works just fine. Maybe something fancy with some modifications I was testing. I'll have to check.

15 years, 11 months

1
0
0 / 0

RE: (ITS#5026) LDAP Search very slow > 2mins

by quanah＠zimbra.com

--On Friday, June 22, 2007 6:55 AM +0000 andy.yip(a)newworldtel.com wrote: > Dear sir, > > We found the ldap search is slow running. Please advise how to fine tune > the database. I am not sure adding cache size or perform db_recover will > solve the problem (a) This is not the place to discuss how to tune openldap (b) You have not indicated a valid OpenLDAP version, and in fact, give the impression that you are using Sun DS not OpenLDAP. That means *we* cannot help you. (c) If you *are* using OpenLDAP, go use openldap-software(a)openldap.org to ask your questions, as you were already told to do. Supply a *valid* OpenLDAP version. Further emails to this ITS will be ignored. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

15 years, 11 months

1
0
0 / 0

Re: (ITS#4839) syncrepl-related tests fail randomly

by luca＠OpenLDAP.org

hyc(a)symas.com wrote: > h.b.furuseth(a)usit.uio.no wrote: > >> ando(a)sys-net.it writes: >> >>> I'm seeing occasional failures of syncrepl-related tests in HEAD. In >>> case of test043, results differend once, but after repeating the test >>> everything went smoth. >>> >> Six HEAD/test043-delta-syncrepl failures in a row. Producer and >> consumer databases differ. RedHat Linux, i686. Logs etc from testrun: >> ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070621.tgz >> >> > Strange, I saw some failures last week but with current HEAD it just works. > > I just uploaded my test files ftp://ftp.openldap.org/incoming/Luca_Scamoni-070622.tgz The difference here is also in the modifyTimestamp and modifiersName...

15 years, 11 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2007