Re: (ITS#5021) test021-certificate fails on HP-UX
by h.b.furuseth@usit.uio.no
Bug in OpenSSL 0.9.7d - unless it's with how OpenLDAP uses it, I don't
know.
The offending operation (on Jennifer Smith) adds one certificate and
deletes the old one. However the added and the old certificate compare
equal because certificateExactNormalize() produces the same string for
both:
0$email=ca(a)example.com,cn=example ca,
o=openldap example\2C ltd.,st=california,c=us
That's because i2s_ASN1_INTEGER(0, sn ) in certificateExactNormalize()
returns serial number "0". The inputs to that function are
(gdb) p *sn
$6 = {length = 1, type = 2, data = 0x402e5278 "\003", flags = 0}
and
(gdb) p *sn
$8 = {length = 1, type = 2, data = 0x402e5cf0 "\001xample.@\036", flags = 0}
Those *sn values are the same as on a successful run on Linux, except
the 2nd data[1...] (the xample... string) which I presume does not
matter when length=1.
The input certificates ('val' arg to certificateExactNormalize()) are
correct.
--
Regards,
Hallvard
16 years, 3 months
Re: (ITS#5021) test021-certificate fails on HP-UX
by h.b.furuseth@usit.uio.no
quanah(a)zimbra.com writes:
> conn=1 op=4 MOD attr=userCertificate;binary userCertificate;binary
> Why is it modifying the same attribute twice?
It adds one cert and deletes another in the same op.
The log from a successful run on Linux shows the same.
--
Regards,
Hallvard
16 years, 3 months
Re: (ITS#5021) test021-certificate fails on HP-UX
by quanah@zimbra.com
--On June 15, 2007 9:59:56 PM +0000 h.b.furuseth(a)usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: RE23, 2.3.35
> OS: HP-UX
> URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070615.tgz
> Submission from: (NULL) (129.240.202.105)
> Submitted by: hallvard
>
>
> test021-certificate fails on HP-UX in RE23 and 2.3.35. It succeeds in
> HEAD.
>
> OpenSSL version: 0.9.7d.
>
> I enclose the testrun directory from:
>
> $ ./run -b ldif test021-certificate
> Cleaning up test run directory leftover from previous run.
> Running ./scripts/test021-certificate...
> running defines.sh
> Running slapadd to build slapd database...
> Starting slapd on TCP/IP port 9011...
> Testing certificate handling...
> Add certificates...
> ldapmodify failed (20)!
>
The last modify is erroring with already exists. The last logged modify
looks really weird to me:
conn=1 op=4 MOD attr=userCertificate;binary userCertificate;binary
Why is it modifying the same attribute twice?
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
16 years, 3 months
(ITS#5021) test021-certificate fails on HP-UX
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: RE23, 2.3.35
OS: HP-UX
URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070615.tgz
Submission from: (NULL) (129.240.202.105)
Submitted by: hallvard
test021-certificate fails on HP-UX in RE23 and 2.3.35. It succeeds in HEAD.
OpenSSL version: 0.9.7d.
I enclose the testrun directory from:
$ ./run -b ldif test021-certificate
Cleaning up test run directory leftover from previous run.
Running ./scripts/test021-certificate...
running defines.sh
Running slapadd to build slapd database...
Starting slapd on TCP/IP port 9011...
Testing certificate handling...
Add certificates...
ldapmodify failed (20)!
16 years, 3 months
Re: (ITS#5020) configure needs -pthread to find pthread.h
by h.b.furuseth@usit.uio.no
I wrote:
> ./configure CC="cc -pthread" works.
Well, it configures. Then it fails to build shared libraries because
libtool invokes ld ... -pthread, and ld does not accept -pthread.
But I guess that should be reported to the libtool folks.
./configure --disable-shared CC="cc -pthread" does work.
--
Regards,
Hallvard
16 years, 3 months
Re: (ITS#5014) syncrepl failure syslog
by donn@u.washington.edu
On Jun 14, 2007, at 2:08 PM, Pierangelo Masarati wrote:
> So what's really relevant in your patch, and
> missing from the code, is a test for "err" after the "done" label. I
> have applied something along those lines to the code. Please test.
Yes, this works in my case - if indeed the test is after "done:".
You accidentally put it before, and it doesn't work there.
Thanks!
Donn Cave, donn(a)u.washington.edu
16 years, 3 months
(ITS#5020) configure needs -pthread to find pthread.h
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: HEAD, RE23
OS: OSF1 V5.1 alpha
URL:
Submission from: (NULL) (129.240.202.105)
Submitted by: hallvard
/configure on OSF1 alpha finds no suitable threading library.
config.log says:
configure:19993: checking pthread.h usability
configure:20005: cc -c -g -I/local/include -I/local/gnu/include conftest.c
>&5
cc: Error: /usr/include/pthread.h, line 1251: #error "Please compile the
module including pthread.h with -pthread" (errormessage)
due to this snippet of pthread.h:
# ifndef _REENTRANT
# error "Please compile the module including pthread.h with -pthread"
# endif
./configure CC="cc -pthread" works.
Not sure how to deal with that one. Seems a bit excessive to run all
the OL_PTHREAD_TRY()s _before_ detecting that the system has pthread.
Maybe write a special case, like try for pthread.h with -D_REENTRANT
if not found without that?
16 years, 3 months
Re: (ITS#5016) slapd generates unjustified error 3 (Time Limit Exceeded) at checkpoint time
by ali.pouya@free.fr
pierangelo.masarati(a)sys-net.it wrote :
> Would it be possible to get, from the consumer's log, what was the
> actually requested time limit in those cases? This means: track down
> what connection/operation was concluded by a "Time Limit Exceeded"
> response; then find out the corresponding request, and see what was the
> requested time limit. You need "args" debug level for this purpose, and
> you need to look at the second of the three numbers that end the SRCH
> line in the logs; for example:
Hi Pierangelo;
The problem came from my LDAP client which specified timelimit=1.
I repaired the client and everything works fine since several hours :-)
Thanks for your help and sorry for wasting your time.
For me the ITS is to be closed (the error "Time Limit Exceeded" produced for
syncrepl connection every 3600 seconds does not bother me).
Best regards
Ali
16 years, 3 months
Re: memory leak (ITS#5018)
by niloulili@hotmail.com
OK,I've download release 2.3.32,after removing and test ,i'll report
whether problem still exits.
Thank you so much.
best regards
nina
>From: Pierangelo Masarati <openldap-its(a)OpenLDAP.org>
>To: niloulili(a)hotmail.com
>Subject: Re: memory leak (ITS#5018)
>Date: Thu, 14 Jun 2007 08:13:11 GMT
>
>OpenLDAP 2.2.19 (and OpenLDAP 2.2) has been abandoned long ago, so it is
no
>longer maintained. Please upgrade to a recent version and check if the
problem
>persists. Otherwise this ITS will be closed.
>
>p.
_________________________________________________________________
ÓëÁª»úµÄÅóÓÑœøÐМ»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
16 years, 3 months
Re: (ITS#4995) SampleLDAP.pm w/back_perl appears to be broken
by rra@stanford.edu
Quanah Gibson-Mount <quanah(a)zimbra.com> writes:
> --On Saturday, June 02, 2007 4:43 AM +0000 rra(a)stanford.edu wrote:
>> While investigating another issue with back_perl, I tried to use the
>> SampleLDAP.pm module that comes with the OpenLDAP source. I added the
>> following to my slapd.conf:
>> database perl
>> suffix "o=AnyOrg,c=US"
>> perlModulePath /home/eagle/SampleLDAP.pm
>> perlModule SampleLDAP
[...]
> database perl
> suffix "o=AnyOrg,c=US"
> perlModulePath /usr/local/etc/openldap
> perlModule SampleLDAP
I detect an intriguing difference in our configurations.
I was misled by this comment in SampleLDAP.pm:
# Usage: Add something like this to slapd.conf:
#
# database perl
# suffix "o=AnyOrg,c=US"
# perlModulePath /path/to/this/file
# perlModule SampleLDAP
The man page is more accurate. This was apparently actually a minor bug
in the comments. :)
--
Russ Allbery (rra(a)stanford.edu) <http://www.eyrie.org/~eagle/>
16 years, 3 months