openldap-bugs August 2007

openldap-bugs@openldap.org

42 participants
211 discussions

Re: (ITS#5102) back-perl build issues
by hyc＠symas.com 31 Aug '07

31 Aug '07

quanah(a)zimbra.com wrote: > In the name of getting 2.4.5 released, I've updated to Kurt's suggestion > until such a time as this can be acted upon otherwise. That's fine. But I think renaming config.h to slapconf.h is a good idea anyway. Another thing that has nagged me ever since we unified the slap tools into slapd - should have renamed slapadd.c -> tooladd.c etc... Any objections? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, … [View More]

1 0

Re: (ITS#5102) back-perl build issues
by quanah＠zimbra.com 31 Aug '07

31 Aug '07

--On August 25, 2007 7:34:22 AM +0000 ando(a)sys-net.it wrote: > Kurt Zeilenga wrote: > >>> ConfigReply is declared in slapd/config.h; could it be another, >>> system-related config.h is present in an earlier include path? >>> >>> Even though, I see in the above cc command-line -I .. is present... >> >> Personally, I think have -I., -I.., etc. is really bad. This causes >> # include "config.h" >> and >> # include … [View More]

1 0

Re: ITS#5112 -> 4
by rhafer＠suse.de 30 Aug '07

30 Aug '07

On Thursday 30 August 2007 20:34, Pierangelo Masarati wrote: > Ralf, > > are you working at ITS#5112-4? Yes. I have a fix for #5112 (the memory leak) mostly ready. As you/Howard suggested I just moved the cache populating code into the cleanup handler, seems to work quite well and has the advantage that final result is send to the client a lot earlier when caching large results (as you already noted). I am currently looking into fixing #5113. Haven't worked on #5114 yet, but the … [View More]

1 0

Re: (ITS#5116) registeredAddress cannot be deleted
by binoy＠cordys.com 30 Aug '07

30 Aug '07

Hi, Please ignore the earlier message. It was a mistake. >Quanah Gibson-Mount [quanah(a)zimbra.com] wrote >This isn't a bug. Fix the way you delete the attribute. I use LDAPModification mdfn = new LDAPModification(LDAPModification.DELETE, entry.getAttribute("registeredAddress")); connection.modify(entry.getDN(), mdfn); Any suggestion on how should I correct this? Thanks and Regards, Binoy Joseph *********************************************************************** The … [View More]

1 0

ITS#5112 -> 4
by ando＠sys-net.it 30 Aug '07

30 Aug '07

Ralf, are you working at ITS#5112-4? I might work on them during the weekend, if you don't. It is my intention to avoid interfering with the release of 2.4.5, though. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5116) registeredAddress cannot be deleted
by quanah＠zimbra.com 30 Aug '07

30 Aug '07

--On Thursday, August 30, 2007 9:28 AM +0000 binoy(a)cordys.com wrote: > Full_Name: Binoy > Version: 2.2.26 > OS: Windows > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (210.210.79.19) > > > The attribute registeredAddress of an authenticationUser, once entered; > cannot be deleted. The error says, no equality matching rule. This isn't a bug. Fix the way you delete the attribute. --Quanah -- Quanah Gibson-Mount Principal Software Engineer … [View More]

1 0

(ITS#5116) registeredAddress cannot be deleted
by binoy＠cordys.com 30 Aug '07

30 Aug '07

Full_Name: Binoy Version: 2.2.26 OS: Windows URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (210.210.79.19) The attribute registeredAddress of an authenticationUser, once entered; cannot be deleted. The error says, no equality matching rule.

1 0

Re: (ITS#5115) SASL authentication for AD
by quanah＠zimbra.com 29 Aug '07

29 Aug '07

--On Wednesday, August 29, 2007 6:25 PM +0000 rbeckett(a)exelixis.com wrote: > Any help would be appreciated. The ITS system is for bugs, not for issues you have building OpenLDAP. I suggest reading the OpenLDAP FAQ entries on linking, and becoming generally familiar with how to build software in non-standard paths. The FAQ entry can be found at: <http://www.openldap.org/faq/data/cache/1113.html> My OpenSSL build looked like: %configure env CC=/usr/local/bin/gcc CFLAGS='-g -… [View More]O2' CXXFLAGS='-g -O2' \ PERL=/usr/bin/perl LD_RUN_PATH=/usr/local/lib \ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl \ shared linux-x86_64 -g -O2 %build env LD_RUN_PATH="/usr/local/lib" make %install env LD_LIBRARY_PATH="/usr/local/lib" \ LD_RUN_PATH="/usr/local/lib" \ make install INSTALL_PREFIX=%package% Note the use of LD_RUN_PATH. My OpenLDAP build looked like: %configure LD_LIBRARY_PATH="/usr/local/lib" CC=/usr/local/bin/gcc CXX=/usr/local/bin/g++ CFLAGS='-g -O2 -DSLAP_LIGHTWEIGHT_DISPATCHER' CXXFLAGS='-g -O2' sh configure --datadir='${prefix}/lib' --libexecdir='${prefix}/lib' --sharedstatedir='${prefix}/lib' \ --prefix=/usr/local \ --disable-ipv6 \ --with-cyrus-sasl \ --with-tls \ --enable-dynamic \ --enable-slapd \ --enable-modules \ --enable-spasswd \ --enable-rewrite \ --enable-rlookups \ --enable-wrappers \ --enable-backends=mod \ --disable-shell \ --disable-sql \ --enable-overlays=mod \ --enable-slurpd=yes \ --enable-slapi=yes make depend %build make -j3 %check make test %install make install DESTDIR=%package% STRIP="" I'll also note that the error you are receiving from the SASL bind has nothing to do with SSL specifically. All it notes is that the AD server has no SASL mechanisms presented that match the SASL mechanisms available to OpenLDAP. If you are wanting to support SASL/EXTERNAL, you'll definitely need to fix your build with OpenSSL support. I've compiled OpenSSL into /usr/local on many occassions without problem, but I use the correct flags to gcc, too, which I don't see indicated in your build. You do not indicate whether or not you link OpenLDAP against cyrus-sasl, but that will be necessary for support of some of the other SASL mechanisms. If you plan on doing SASL/GSSAPI binds to AD, you'll also need to build a Kerberos distribution for its libraries (I suggest Heimdal), and link cyrus-sasl against that before building OpenLDAP linked against cyrus-sasl. You may also want to read: <http://www.stanford.edu/services/directory/openldap/configuration/> --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration [View Less]

1 0

(ITS#5115) SASL authentication for AD
by rbeckett＠exelixis.com 29 Aug '07

29 Aug '07

Full_Name: Richard Beckett Version: 2.3.38 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.209.203.254) I have posted this before but still have not resolved the problem. I am building OpenLDAP 2.3.38. on a RHEL ES v4 host When I make it without having first built TLS/SSL (openssl-0.9.8e) it builds and runs fine. However I need the SSL and SASL to authenticate to an Active Directory server. When I build SSL as follows: ./configure shared --openssldir=/usr/local … [View More]make make install and then try to make OpenLDAP I ge the following: cc -g -O2 -o apitest apitest.o ./.libs/libldap.a /usr/local/src/LDAP/openldap-2.3.38/libraries/liblber/.libs/liblber.a -L/usr/kerberos/lib -L/lib -L/usr/lib/mysql ../../libraries/liblber/.libs/liblber.a ../../libraries/liblutil/liblutil.a /usr/lib/libsasl2.so -ldl -lcrypt -lssl -lcrypto -lresolv ./.libs/libldap.a(os-ip.o)(.text+0x606): In function `ldap_connect_to_host': /usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/os-ip.c:205: warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead ./.libs/libldap.a(os-ip.o)(.text+0x5fd):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/os-ip.c:205: warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead ./.libs/libldap.a(tls.o)(.text+0x593): In function `sb_tls_bio_read': /usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:676: undefined reference to `BIO_clear_flags' ./.libs/libldap.a(tls.o)(.text+0x5b8):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:680: undefined reference to `BIO_set_flags' ./.libs/libldap.a(tls.o)(.text+0x60b): In function `sb_tls_bio_write': /usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:703: undefined reference to `BIO_clear_flags' ./.libs/libldap.a(tls.o)(.text+0x630):/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:707: undefined reference to `BIO_set_flags' ./.libs/libldap.a(tls.o)(.text+0x19f0): In function `ldap_pvt_tls_init_def_ctx': /usr/local/src/LDAP/openldap-2.3.38/libraries/libldap/tls.c:374: undefined reference to `SSL_CTX_set_info_callback' collect2: ld returned 1 exit status make[2]: *** [apitest] Error 1 make[2]: Leaving directory `/usr/local/src/LDAP/openldap-2.3.38/libraries/libldap' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/usr/local/src/LDAP/openldap-2.3.38/libraries' make: *** [all-common] Error 1 My environment is: HOSTNAME=ldaplx01.exelixis.com TERM=xterm SHELL=/bin/bash HISTSIZE=1000 SSH_CLIENT=::ffff:172.29.4.19 51159 22 OLDPWD=/usr/local/lib SSH_TTY=/dev/pts/1 USER=root LD_LIBRARY_PATH=/usr/local/lib LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: MAIL=/var/spool/mail/root PATH=/opt/quest/bin:/opt/quest/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin INPUTRC=/etc/inputrc PWD=/usr/local/src/LDAP/openldap-2.3.38 LANG=en_US.UTF-8 SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass SHLVL=1 HOME=/root LOGNAME=root SSH_CONNECTION=::ffff:172.29.4.19 51159 ::ffff:172.29.24.108 22 LESSOPEN=|/usr/bin/lesspipe.sh %s G_BROKEN_FILENAMES=1 _=/bin/env Without SSL I am unable to authenticate to the Active Directory server. I get the following message: SASL/EXTERNAL authentication started ldap_perror ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: I have ssl yes set in /etc/ldap.conf and I assume (always dangerous) that the problem lies with the fact that I am unable to build ldap with SSL. Any help would be appreciated. Richard-Beckett-070829 [View Less]

1 0

Re: (ITS#5114) pcache cache results for searches that hit size/timelimit
by hyc＠symas.com 29 Aug '07

29 Aug '07

ando(a)sys-net.it wrote: > rhafer(a)suse.de wrote: >> On Wednesday 29 August 2007 18:48, ando(a)sys-net.it wrote: >>> rhafer(a)suse.de wrote: >>>> But a malicous client can then just send requests with sizelimit 1. Those >>>> query will get cached and the database is of no real use anymore (IMO). >>> Well, in this case, the proxycache should either change the sizelimit >>> (and the timelimit) to unlimited, and deal with client-… [View More]

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2007