openldap-bugs June 2007

openldap-bugs@openldap.org

35 participants
170 discussions

Re: (ITS#4995) SampleLDAP.pm w/back_perl appears to be broken
by quanah＠zimbra.com 14 Jun '07

14 Jun '07

--On Saturday, June 02, 2007 4:43 AM +0000 rra(a)stanford.edu wrote: > Full_Name: Russ Allbery > Version: 2.3.35 > OS: Debian > URL: > Submission from: (NULL) (171.66.157.14) > > > While investigating another issue with back_perl, I tried to use the > SampleLDAP.pm module that comes with the OpenLDAP source. I added the > following to my slapd.conf: > > moduleload back_perl > ># ... > > database perl > suffix "o=AnyOrg,c=US" > perlModulePath /home/eagle/SampleLDAP.pm > perlModule SampleLDAP > > The result of slapd -d 1 is: > ... > WARNING: No dynamic config support for database perl. > config_build_entry: "olcDatabase={2}perl" > backend_startup_one: starting "dc=Stanford,dc=EDU" > bdb_db_open: unclean shutdown detected; attempting recovery. > bdb_db_open: dbenv_open(/var/lib/ldap) > backend_startup_one: starting "o=AnyOrg,c=US" > Can't call method "init" on an undefined value. Using the SampleLDAP perl module supplied with the OpenLDAP source works just fine for me on Stanford's LDAP servers. ldap-uat00:/usr/local/etc/openldap# more slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema loglevel 0 threads 8 password-hash {CLEARTEXT} # Define global ACLs to disable default read access. pidfile /var/run/slapd.pid argsfile /var/run/slapd.args # # Load dynamic backend modules: # Note: back-null is statically-linked. modulepath /usr/local/lib/openldap moduleload back_perl.la access to dn="" by * read access to * by anonymous read by users read by self write # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write! tool-threads 2 ####################################################################### # perl database definitions ####################################################################### database perl suffix "o=AnyOrg,c=US" perlModulePath /usr/local/etc/openldap perlModule SampleLDAP Output from slapd -d -1 slapd startup: initiated. backend_startup_one: starting "cn=config" config_back_db_open config_build_entry: "cn=config" config_build_entry: "cn=include{0}" config_build_entry: "cn=include{1}" config_build_entry: "cn=include{2}" config_build_entry: "cn=module{0}" config_build_entry: "cn=schema" config_build_entry: "cn={0}core" config_build_entry: "cn={1}cosine" config_build_entry: "cn={2}inetorgperson" config_build_entry: "olcDatabase={-1}frontend" config_build_entry: "olcDatabase={0}config" WARNING: No dynamic config support for database perl. config_build_entry: "olcDatabase={1}perl" backend_startup_one: starting "o=AnyOrg,c=US" slapd starting daemon: added 4r listener=(nil) daemon: added 7r listener=0x6010e0 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL So I am unable to reproduce this issue. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#4943) tpool.c pause vs. finish
by hyc＠symas.com 14 Jun '07

14 Jun '07

h.b.furuseth(a)usit.uio.no wrote: > Howard Chu writes: >> Hallvard B Furuseth wrote: >>> hyc(a)symas.com writes: >>>> h.b.furuseth(a)usit.uio.no wrote: >>>>> * When a thread is finishing, make it go active for context_reset(). >>>>> Should make slapi module destructors safer, and I don't see that it >>>>> can hurt. >>>> I don't understand this. >>> Let me dig a bit back in the ITS... >>> "context_reset() can call connection_fake_destroy(), which via >>> slapi_int_free_object_extensions() calls slapi module destructors, >>> which can do who-knows-what." >> context_reset() can only be called from the main thread. It can (must) >> never be called by anything running from the pool. > > It's called from pool_wrapper(). pool_wrapper() could go active so > there can be no pause while that context_reset() call is running. Oh, ok. This is pretty much a non-issue because threads in the pool stay live until slapd shuts down. The one exception is for a cn=config modify that decreases the size of the pool to below the number of currently active threads, in which case some number of threads will exit immediately. I don't see any potential for conflict here. >>>>> * Scheduling: If several threads call pool_pause(), (...) > > (need to check out how it should work...) > >>>>> - pool_context() breaks if several ldap_pvt_thread_t bit patterns can >>>>> represent the same thread ID: TID_HASH() would give different hashes >>>>> for the same thread, and pool_context() stops searching when it hits >>>>> a slot with ctx == NULL. (My previous bug report was a bit wrong.) >>>> How can a single thread ID be represented by multiple bit patterns? >>> A struct/union with padding bytes seems the least unlikely possibility. > > Note that I did say "least unlikely" rather than "most likely": > It's not that I expect to encounter it, more that I'd prefer not to be > surprised in the form of a slapd malfuntion. > > So in that respect, my preference (not for RE23) is to cast to an > integer for the hash, and also to add pthread_<set/get>specific() so > thread_keys[] and its hash will only be a fallback solution. Casting to an int only works with simple types, the point of using the hash was to provide a solution that works for both simple and structured thread IDs. If you want to #ifdef the code so the two cases are handled differently, then just get rid of TID_HASH for the integral case. I'm still leary of the pthread TLS support, and making that change will require us to update all of the other thread package support, some of which I don't have access to build/test any more (e.g. SunOS4 LWP). >>>> The best fix may be to just use the address of the thread's stack as the >>>> thread ID. That's actually perfect for our purpose. >>> How does a function called from somewhere inside the thread know that >>> address? That's almost what the user context is, and thus what >>> thread_keys[] maps the thread ID to. >> It requires some degree of machine-dependence, which is why I never >> bothered to code it. The principle is simple though - all of our thread >> stacks are some multiple of 1MB in size. Take the address of any local >> variable, mask off the low 20 bits, and you have a unique thread ID (+/- >> some additional masking/shifting based on the actual thread stack size). > > I'm not sure how to determine _which_ multiple of 1MB - start two > threads and compare their stack addresses, maybe? In any case, I > agree it sounds rather more machine-dependent than the current code. That's what the LDAP_PVT_THREAD_STACK_SIZE macro tells you. It's really not hard. If we were to disallow increasing the number of threads at runtime, we could simply allocate a block of thread stacks all at once, which would then allow our thread IDs to be simple integers from 0-N. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5019) slapd: ldbm/gdbm, cache.c core dump
by quanah＠zimbra.com 14 Jun '07

14 Jun '07

--On Thursday, June 14, 2007 8:59 PM +0000 asedlack(a)mailfoundry.com wrote: > Full_Name: Aron Sedlack > Version: 2.3.35 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (66.18.18.14) > LDBM is deprecated, and has been removed from the source tree. Bugs against LDBM will not be fixed, because of its inherent flaws. Upgrade your configuration to use one of the supported database mechanisms, back-bdb or back-hdb. :) --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#5019) slapd: ldbm/gdbm, cache.c core dump
by hyc＠symas.com 14 Jun '07

14 Jun '07

asedlack(a)mailfoundry.com wrote: > Full_Name: Aron Sedlack > Version: 2.3.35 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (66.18.18.14) > > > Platform: Linux, OpenLDAP-2.3.35 > Compiled with: ./configure --enable-dynamic --enable-wrappers --enable-bdb=no > --enable-hdb=no --enable-ldbm --enable-ldbm-api=gdbm --with-threads --with-tls > --with-threads=no > gcc version 3.3.4, gdbm 1.8.3, OpenSSL 0.9.8e > > slapd core dumps with a corrupted stack, SIGABRT. > slapd: cache.c:111: cache_return_entry_rw: Assertion `e->e_private != (( void > *)0)' failed.. > > Happens every time ldif is loaded... > $ ldapmodify -a -f ./mf.ldif -D "cn=Root,dc=mf" -w secret > adding new entry "dc=mf" > > adding new entry "dc=iana,dc=mf" > ldap_result: Can't contact LDAP server (-1) 1) ldbm is deprecated, don't use it. 2) if you insist on using it, get a debug stack trace for the abort 3) note that ldbm is still tested regularly in the 2.3 builds, and no one else has reported this occurrence, so there's probably something odd in your configuration. Providing your slapd.conf might help. But the ldbm code has been removed for 2.4; support for it is disappearing fast. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
by quanah＠zimbra.com 14 Jun '07

14 Jun '07

--On Thursday, June 14, 2007 10:02 PM +0000 h.b.furuseth(a)usit.uio.no wrote: > Quanah Gibson-Mount writes: >> It should be as simple as changing: >> passwd.c:#define SALT_SIZE 4 >> to >> passwd.c:#define SALT_SIZE 8 > > I don't get this. I don't know ssha1, but... Right, see my follow-up. I had the wrong string in my data when I did a cut and paste. ;) It actually works as it should. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#4837) SunLDAP to OpenLDAP migration problem
by h.b.furuseth＠usit.uio.no 14 Jun '07

14 Jun '07

Quanah Gibson-Mount writes: > It should be as simple as changing: > passwd.c:#define SALT_SIZE 4 > to > passwd.c:#define SALT_SIZE 8 I don't get this. I don't know ssha1, but... That's for generating ssha1 hashes in hash_ssha1(), it is not used for decoding them in chk_ssha1() - which I assume is what he needs when moving _to_ OpenLDAP. chk_ssha1() looks independent of salt size - it base64-decodes the provided salt+hash and finds expects the salt to start at position LUTIL_SHA1_BYTES (from include/lutil_sha1.h) in that string. -- Regards, Hallvard

1 0

Re: (ITS#4837)
by quanah＠zimbra.com 14 Jun '07

14 Jun '07

--On Thursday, June 14, 2007 9:23 PM +0000 quanah(a)zimbra.com wrote: > Kurt, > > Zimbra has run into this issue in helping a customer who was running > SunDS migrate to OpenLDAP. It does not work at all, unfortunately. > Changing code to use an 8-bit salt does work. Never mind, the 8-bit salt works just fine. I had bad data in my cut & paste buffer last night when I tried this. Trying with the correct data works just fine. yeah! I'll mark this ITS as invalid, and note in the comments that 8-bit salted SSHA passwords work just fine. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#4936) default modulepath
by ando＠sys-net.it 14 Jun '07

14 Jun '07

ando(a)sys-net.it wrote: > Yes, I figured that out. I'll fix this later. Fixed; please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4837)
by quanah＠zimbra.com 14 Jun '07

14 Jun '07

Kurt, Zimbra has run into this issue in helping a customer who was running SunDS migrate to OpenLDAP. It does not work at all, unfortunately. Changing code to use an 8-bit salt does work. So, I'd be happy to fix this, but a general design question -- (a) Should this be implemented as a "ssha-salt" option in slapd.conf or (b) Should OpenLDAP try decrypting the password first as a 4-bit salt, and then try an 8-bit salt, then fail? (a) would be fairly portable across many salt settings, but AFAIK we've only hit 4 & 8 (b) would allow mixed salt values to be in userPassword, and I'd think that over time as people changed their passwords, it would allow the 8-bit salts to go away. Thoughts welcome. :) --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#5014) syncrepl failure syslog
by ando＠sys-net.it 14 Jun '07

14 Jun '07

donn(a)u.washington.edu wrote: > Hard to tell why syncrepl isn't working, if it discards error messages. This patch was not submitted according to the guidelines of usual contributions, which makes it hard to apply. In any case, it appears to be incorrect, since the response code should not be extracted that early, namely before getting the message type. AFAIK, only an LDAP_RES_SEARCH_RESULT could contain an error, and that value is already parsed out and stored in "err". What's missing is a log in case "err" indicates an error. So what's really relevant in your patch, and missing from the code, is a test for "err" after the "done" label. I have applied something along those lines to the code. Please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

← Newer
1
...
5
6
7
8
9
10
11
...
17
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2007