openldap-bugs July 2007

openldap-bugs@openldap.org

30 participants
126 discussions

Re: (ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by ghenry＠suretecsystems.com 20 Jul '07

20 Jul '07

<quote who="Ralf Haferkamp"> > On Friday 20 July 2007 16:45, ghenry(a)openldap.org wrote: >> Full_Name: Gavin Henry >> Version: HEAD >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (80.229.93.1) >> Submitted by: ghenry >> >> >> Dear All, >> >> It's not clear or explained what AVA means in slapd-meta(5) and >> slapo-rwm(5) >> >> A user was asking in #ldap >> >> I presume it means "Attribute Value"? > It means "Attribute Value Assertion", normally. Doh, helped if I read the RFCs. Oh but look who has a nice page in it: https://www.opends.org/wiki//page/DefinitionAttributeValueAssertion Maybe we need a nice OpenLDAP Wiki? (one for -devel list I think) > >> If so, I will add an explaination in each man page. > > -- > Ralf >

1 0

Re: (ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by rhafer＠suse.de 20 Jul '07

20 Jul '07

On Friday 20 July 2007 16:45, ghenry(a)openldap.org wrote: > Full_Name: Gavin Henry > Version: HEAD > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (80.229.93.1) > Submitted by: ghenry > > > Dear All, > > It's not clear or explained what AVA means in slapd-meta(5) and > slapo-rwm(5) > > A user was asking in #ldap > > I presume it means "Attribute Value"? It means "Attribute Value Assertion", normally. > If so, I will add an explaination in each man page. -- Ralf

1 0

(ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by ghenry＠OpenLDAP.org 20 Jul '07

20 Jul '07

Full_Name: Gavin Henry Version: HEAD OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.229.93.1) Submitted by: ghenry Dear All, It's not clear or explained what AVA means in slapd-meta(5) and slapo-rwm(5) A user was asking in #ldap I presume it means "Attribute Value"? If so, I will add an explaination in each man page. Gavin.

1 0

(ITS#5053) openldap 2.3.36 crashing
by igbed＠wmin.ac.uk 20 Jul '07

20 Jul '07

Full_Name: Damian Igbe Version: 2.3.6 OS: SLES 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (161.74.11.24) I have a delta-syncrepl replication working with password policy in place. Authentication to the master works fine but when a client tries to authenticate to the replica server, the following bug is encountered and the system crashes. bdb_modify: modify failed (20) send_ldap_result: conn=1 op=3 p=3 send_ldap_response: msgid=4 tag=97 err=49 ber_flush: 82 bytes to sd 17 slapd: ppolicy.c:847: ctrls_cleanup: Assertion `rs->sr_ctrls != ((void *)0)' failed. Aborted Please help. Thanks Damian It also happens in other instances with errors such as: => key_change(DELETE,13) <= key_change 0 => key_change(ADD,13) <= key_change 0 => entry_encode(0x00000013): uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk bdb_modify: updated id=00000013 dn="uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk" send_ldap_result: conn=2 op=3 p=3 bdb_dn2entry("uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk") bdb_entry_get: rc=0 bdb_dn2entry("uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk") bdb_entry_get: rc=0 bdb_dn2entry("uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk") bdb_entry_get: rc=0 bdb_dn2entry("uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk") bdb_modify_internal: 0x00000013: uid=delaitt,ou=staff,ou=users,dc=cscs,dc=wmin,dc=ac,dc=uk bdb_modify: modify failed (20) send_ldap_result: conn=2 op=3 p=3 send_ldap_response: msgid=4 tag=97 err=49 ber_flush: 82 bytes to sd 17 slapd: ppolicy.c:847: ctrls_cleanup: Assertion `rs->sr_ctrls != ((void *)0)' failed. Aborted

1 0

Re: (ITS#5048) Suspicious use of 'unchecked' limit syncprov
by hyc＠symas.com 20 Jul '07

20 Jul '07

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: HEAD, RE23 > OS: > URL: > Submission from: (NULL) (129.240.202.105) > Submitted by: hallvard > > > overlays/syncprov.c:syncprov_findcsn() sets an unchecked limit to 1. > findcsn_cb() says > /* We just want to know that at least one exists, so it's OK if > * we exceed the unchecked limit or size limit. > */ > > This looks like it can return a false positive if two or more other > entries which the filter would eliminate have the same hash as the > value syncprov searches for. I don't believe this can cause any problem though. CSN indexing doesn't use a hash the way other indices do; the CSN timestamp is converted to binary form and saved as a 40 bit integer. Index collisions will only occur for multiple changes that occurred within the same 1-second interval. The purpose of this search is to detect if a consumer's context CSN is stale, i.e., the provider no longer has any entries as old as the consumer's CSN. The fact that there is any index collision essentially proves that the CSN is not stale. > Also syncprov_findcsn() passes fc_limits uninitialized outside of the > .lms_s_unchecked field to slapd. Valgrind complains in test018 about > .lms_s_pr_hide in back-bdb/search.c:bdb_search(). Tested in HEAD. Fixed in HEAD. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5052) slapadd -q can create invalid index
by hyc＠OpenLDAP.org 20 Jul '07

20 Jul '07

Full_Name: Howard Chu Version: 2.3.x OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (204.95.127.34) Submitted by: hyc On a database with a zero-length suffix, slapadd and slapindex in quick mode can erroneously generate index records for the context entry, which has an entry ID of zero. The entry ID zero is normally invalid in an index, and is always filtered out of index operations, but the quick mode indexer didn't exclude it as it should.

1 0

Re: (ITS#5051) Translucent overlay and back-monitor
by ghenry＠suretecsystems.com 20 Jul '07

20 Jul '07

<quote who="hyc(a)symas.com"> > ghenry(a)OpenLDAP.org wrote: >> Full_Name: Gavin Henry >> Version: 19/07/07 HEAD >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (212.159.59.85) >> Submitted by: ghenry >> >> >> Dear All, >> >> Is slapd not started and giving below expected? >> >> >> ================ >> monitor_back_register_entry_parent(""): base="cn=databases,cn=monitor" >> scope=subordinate >> filter="(&(monitoredInfo=ldap)(!(monitorOverlay=ldap))(namingContexts:distinguishedNameMatch:=dc=suretecsystems,dc=com))": >> unable to find entry >> backend_startup_one: bi_db_open failed! (1) >> slapd shutdown: initiated >> ================ >> >> Using a config like: >> >> ================ >> include /usr/local/etc/openldap/schema/core.schema >> >> pidfile /usr/local/var/run/slapd.pid >> argsfile /usr/local/var/run/slapd.args >> >> # Load dynamic backend modules: >> modulepath /usr/local/libexec/openldap >> moduleload back_bdb.la >> moduleload back_ldap.la >> moduleload back_monitor.la >> moduleload translucent.la >> >> database bdb >> directory /usr/local/var/openldap-data >> cachesize 10000 >> suffix "dc=suretecsystems,dc=com" >> >> rootdn "cn=admin,dc=suretecsystems,dc=com" >> rootpw {SSHA}blah >> >> index default eq >> index objectClass,uid,dc,o,ou >> >> overlay translucent >> uri ldap://x.x.x.x:389 >> idassert-bind binddn="cn=admin,dc=suretecsystems,dc=com" >> credentials=blah >> >> database config >> rootdn "cn=config" >> rootpw {SSHA}blah >> >> database monitor >> ================ >> >> >> If I remove "database monitor", all is obviously well. >> >> However, if I put "database monitor" before "database bdb", slapd starts >> fine, >> but complains with: >> >> ================ >> monitor_back_register_entry_parent(""): base="cn=databases,cn=monitor" >> scope=subordinate >> filter="(&(monitoredInfo=ldap)(!(monitorOverlay=ldap))(namingContexts:distinguishedNameMatch:=dc=suretecsystems,dc=com))": >> unable to find entry >> slapd starting >> ================ > > Pretty sure your monitor database needs a rootdn now for this to work. > Ok. What can the rootdn do on the monitor database then? Write to anything? I can update the "Monitoring" section with this info then ;-) Gavin.

1 0

Re: (ITS#5051) Translucent overlay and back-monitor
by hyc＠symas.com 19 Jul '07

19 Jul '07

ghenry(a)OpenLDAP.org wrote: > Full_Name: Gavin Henry > Version: 19/07/07 HEAD > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (212.159.59.85) > Submitted by: ghenry > > > Dear All, > > Is slapd not started and giving below expected? > > > ================ > monitor_back_register_entry_parent(""): base="cn=databases,cn=monitor" > scope=subordinate filter="(&(monitoredInfo=ldap)(!(monitorOverlay=ldap))(namingContexts:distinguishedNameMatch:=dc=suretecsystems,dc=com))": > unable to find entry > backend_startup_one: bi_db_open failed! (1) > slapd shutdown: initiated > ================ > > Using a config like: > > ================ > include /usr/local/etc/openldap/schema/core.schema > > pidfile /usr/local/var/run/slapd.pid > argsfile /usr/local/var/run/slapd.args > > # Load dynamic backend modules: > modulepath /usr/local/libexec/openldap > moduleload back_bdb.la > moduleload back_ldap.la > moduleload back_monitor.la > moduleload translucent.la > > database bdb > directory /usr/local/var/openldap-data > cachesize 10000 > suffix "dc=suretecsystems,dc=com" > > rootdn "cn=admin,dc=suretecsystems,dc=com" > rootpw {SSHA}blah > > index default eq > index objectClass,uid,dc,o,ou > > overlay translucent > uri ldap://x.x.x.x:389 > idassert-bind binddn="cn=admin,dc=suretecsystems,dc=com" credentials=blah > > database config > rootdn "cn=config" > rootpw {SSHA}blah > > database monitor > ================ > > > If I remove "database monitor", all is obviously well. > > However, if I put "database monitor" before "database bdb", slapd starts fine, > but complains with: > > ================ > monitor_back_register_entry_parent(""): base="cn=databases,cn=monitor" > scope=subordinate filter="(&(monitoredInfo=ldap)(!(monitorOverlay=ldap))(namingContexts:distinguishedNameMatch:=dc=suretecsystems,dc=com))": > unable to find entry > slapd starting > ================ Pretty sure your monitor database needs a rootdn now for this to work. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by ghenry＠suretecsystems.com 19 Jul '07

19 Jul '07

<quote who="dhawes(a)vt.edu"> > On Thursday 19 July 2007 05:35, Gavin Henry wrote: >> > An updated version of addpartial is available at: >> > >> > ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz >> > >> > This version includes changes to work with OpenLDAP 2.3 as well as >> > ensuring syncrepl works properly. >> > >> > david hawes >> >> If this hasn't been added to 2.4/HEAD yet, would you consider updating >> it >> for inclusion in 2.4 contrib? > > Absolutely, I've been meaning to test with 2.4. I'll bump it to the top > of > the list. Can you make sure that is dynamically configurable via cn=config like everything else in 2.4. Thanks. > > dave > > >

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by dhawes＠vt.edu 19 Jul '07

19 Jul '07

On Thursday 19 July 2007 05:35, Gavin Henry wrote: > > An updated version of addpartial is available at: > > > > ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz > > > > This version includes changes to work with OpenLDAP 2.3 as well as > > ensuring syncrepl works properly. > > > > david hawes > > If this hasn't been added to 2.4/HEAD yet, would you consider updating it > for inclusion in 2.4 contrib? Absolutely, I've been meaning to test with 2.4. I'll bump it to the top of the list. dave

1 0

← Newer
1
...
4
5
6
7
8
9
10
...
13
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs July 2007