August 2007 - openldap-bugs

Re: ldap_int_global_options not initialized (ITS#5109)

by ando＠sys-net.it

damien.doiselet(a)neolane.com wrote: > My application is multithread. :) > I've had a call to ldap_get_option(NULL, LDAP_OPT_API_INFO, &ldapi) > before spawning threads, but here the crash occurred also in > ldap_initailize but in ldap_ld_free(). The above sentence is not clear to me; what does the trace below refer to? Your original application, or the one that calls ldap_get_option before spawning threads? What does ldap_ld_free() have to do with this? It never occurs in the trace below. > I addition, I won't call ldap outside my thread. Doesn't matter. Global options are global, so multiple threads may find it uninit'ed, and try to concurrently initialize it. > The full stack trace is : > #0 0xb7e93473 in strlen () from /lib/tls/i686/cmov/libc.so.6 > #1 0xb3a191f9 in ber_strdup_x (s=0x6a626f28 <Address 0x6a626f28 out of > bounds>, ctx=0x0) at memory.c:640 > #2 0xadd2fd66 in ldap_charray_dup (a=0xb313a324) at charray.c:164 > #3 0xadd26883 in ldap_url_dup (ludp=0x8b83798) at url.c:1191 > #4 0xadd26912 in ldap_url_duplist (ludlist=0x8b83798) at url.c:1217 > #5 0xadd11b34 in ldap_create (ldp=0xb32e0dc8) at open.c:149 > #6 0xadd11de1 in ldap_initialize (ldp=0xb32e0ec0, url=0x8946d20 > "ldap://ldap:389") at open.c:225 Please make sure you're calling the desired library objects (libldap & liblber). Can you post the result of ldd for your application? > I have same thing with the 2.3.38 Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

15 years, 9 months

1
0
0 / 0

Re: ldap_int_global_options not initialized (ITS#5109)

by quanah＠zimbra.com

--On Tuesday, August 28, 2007 3:58 PM +0000 damien.doiselet(a)neolane.com wrote: > Thanks > > My application is multithread. > I've had a call to ldap_get_option(NULL, LDAP_OPT_API_INFO, &ldapi) > before spawning threads, but here the crash occurred also in > ldap_initailize but in ldap_ld_free(). > I addition, I won't call ldap outside my thread. Be careful of the LDAP libraries on debian. If they get loaded, you are in trouble, since they are hacked to touch Gnu TLS, and you'll get all sorts of fun. This all gets resolved once OpenLDAP 2.4 is released. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

15 years, 9 months

1
0
0 / 0

(ITS#5110) back-ldap, proxy authentication fails when chasing referrals

by f.huiskens＠science-computing.de

Full_Name: Florian Huiskens Version: 2.3.30 OS: Ubuntu 7.04 URL: Submission from: (NULL) (85.216.39.101) I try to set up an environment, where a client communicates with an LDAP-Proxy. The Proxy forwards the client's query (using the ldap-backend) to an LDAP-Slave. The authentication mechanism I use (proxy - slave) is SASL (GSSAPI). The proxy has a kerberos ticket available. Proxy Authentication works in general (using PROXAUTHZ), but fails on referrals (though rebind-as-user is set). This means that if information is written and the proxy receives a referral to the master, the bind-informations gets lost. Thanks for any help, regards Florian Config-files: Master: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb moduleload syncprov # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 backend bdb checkpoint 512 30 ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb suffix "dc=idm,dc=local" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn "dc=idm,dc=local" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=idm,dc=local" write by dn="uid=ldap/extubuntu.idm.local,ou=slaves,dc=idm,dc=local" read by anonymous auth by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=idm,dc=local" write by * read # syncrepl config overlay syncprov syncprov-checkpoint 100 1 syncprov-sessionlog 100 # SASL setup #sasl-host ubuntu-desktop sasl-authz-policy To sasl-secprops minssf=56 sasl-realm idm.local sasl-regexp uid=(.*),cn=idm.local,cn=gssapi,cn=auth ldap:///dc=idm,dc=local??sub?(|(uid=$1)(cn=$1)) Slave: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 modulepath /usr/lib/ldap moduleload back_bdb sizelimit 500 tool-threads 1 backend bdb checkpoint 512 30 database bdb suffix "dc=idm,dc=local" #rootdn "dc=idm,dc=local" rootdn "dc=nowhere,dc=nouniverse" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=idm,dc=local" write by anonymous auth by self write by * none # by dn="cn=repl-admin,dc=idm,dc=local" write access to dn.base="" by * read access to * by dn="cn=admin,dc=idm,dc=local" write by self write by * read # by dn="cn=repl-admin,dc=idm,dc=local" write # by * read syncrepl rid=1 provider=ldap://ubuntu-desktop:389 searchbase="dc=idm,dc=local" type=refreshAndPersist retry="60 10 300 +" bindmethod=sasl saslmethod=GSSAPI updateref ldap://ubuntu-desktop:389 # SASL setup sasl-authz-policy To sasl-secprops minssf=56 sasl-realm idm.local sasl-regexp uid=(.*),cn=idm.local,cn=gssapi,cn=auth ldap:///dc=idm,dc=local??sub?(|(uid=$1)(cn=$1)) Proxy (running on the same host as the Slave): include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 1 modulepath /usr/lib/ldap moduleload back_ldap database ldap uri ldap://extubuntu.idm.local:390/ suffix "dc=idm,dc=local" chase-referrals yes rebind-as-user yes # SASL setup sasl-secprops minssf=56 sasl-realm idm.local sasl-regexp uid=(.*),cn=idm.local,cn=gssapi,cn=auth ldap:///dc=idm,dc=local??sub?(|(uid=$1)(cn=$1)) idassert-bind bindmethod=sasl mode=self authcid=ldap/extubuntu.idm.local # should come from ticket but does not. Snippets of an ldapsearch: debugging information from the proxy conn=10 fd=9 ACCEPT from IP=127.0.0.1:3380 (IP=0.0.0.0:389) conn=10 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=10 op=0 SRCH attr=supportedSASLMechanisms conn=10 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=10 op=1 BIND dn="" method=163 conn=10 op=2 BIND dn="" method=163 conn=10 op=2 RESULT tag=97 err=14 text= conn=10 op=3 BIND dn="" method=163 conn=10 op=1 RESULT tag=97 err=14 text= request done: ld 0x81dd960 msgid 3 SASL [conn=10] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory conn=10 op=3 BIND authcid="admin(a)idm.local" authzid="admin(a)idm.local" conn=10 op=3 BIND dn="cn=admin,dc=idm,dc=local" mech=GSSAPI ssf=56 conn=10 op=3 RESULT tag=97 err=0 text= conn=10 op=4 SRCH base="dc=idm,dc=local" scope=2 deref=0 filter="(cn=fhuisk)" request done: ld 0x8197038 msgid 1 request done: ld 0x8197038 msgid 2 request done: ld 0x8197038 msgid 3 request done: ld 0x8197038 msgid 4 request done: ld 0x8197038 msgid 5 conn=10 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=10 op=5 UNBIND conn=10 fd=9 closed debugging information from the slave conn=0 op=2 SRCH base="dc=idm,dc=local" scope=2 deref=0 filter="(|(uid=admin)(cn=admin))" conn=0 op=2 SRCH attr=1.1 <= bdb_equality_candidates: (uid) index_param failed (18) <= bdb_equality_candidates: (cn) index_param failed (18) conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 fd=16 ACCEPT from IP=127.0.1.1:2814 (IP=0.0.0.0:390) conn=2 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=2 op=0 SRCH attr=supportedSASLMechanisms conn=2 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 op=1 BIND dn="" method=163 conn=2 op=2 BIND dn="" method=163 conn=2 op=2 RESULT tag=97 err=14 text= conn=2 op=3 BIND dn="" method=163 <= bdb_equality_candidates: (uid) index_param failed (18) <= bdb_equality_candidates: (cn) index_param failed (18) SASL [conn=2] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory conn=2 op=3 BIND authcid="ldap/extubuntu.idm.local(a)idm.local" authzid="ldap/extubuntu.idm.local(a)idm.local" conn=2 op=3 BIND dn="uid=ldap/extubuntu.idm.local,ou=slaves,dc=idm,dc=local" mech=GSSAPI ssf=56 conn=2 op=3 RESULT tag=97 err=0 text= conn=2 op=4 PROXYAUTHZ dn="cn=admin,dc=idm,dc=local" conn=2 op=4 SRCH base="dc=idm,dc=local" scope=2 deref=0 filter="(cn=fhuisk)" <= bdb_equality_candidates: (cn) index_param failed (18) conn=2 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 op=1 RESULT tag=97 err=14 text= conn=2 op=5 UNBIND conn=2 fd=16 closed ldapsearch call and result root@extUbuntu:/etc/ldap# ldapsearch cn=fhuisk SASL/GSSAPI authentication started SASL username: admin(a)IDM.LOCAL SASL SSF: 56 SASL installing layers # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: cn=fhuisk # requesting: ALL # # fhuisk, users, idm.local dn: cn=fhuisk,ou=users,dc=idm,dc=local uid: fhuisk givenName:: RmxvcmlhbiA= objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson sn: Huiskens cn: fhuisk userPassword:: dGVzdA== # search result search: 5 result: 0 Success # numResponses: 2 # numEntries: 1 root@extUbuntu:/etc/ldap# fyi: ldapwhoami root@extUbuntu:/etc/ldap# ldapwhoami SASL/GSSAPI authentication started SASL username: admin(a)IDM.LOCAL SASL SSF: 56 SASL installing layers dn:cn=admin,dc=idm,dc=local Result: Success (0) root@extUbuntu:/etc/ldap# Snippets of an ldapmodify debugging information from the proxy conn=0 fd=9 ACCEPT from IP=127.0.0.1:3145 (IP=0.0.0.0:389) conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=0 op=0 SRCH attr=supportedSASLMechanisms conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=1 BIND dn="" method=163 conn=0 op=2 BIND dn="" method=163 conn=0 op=2 RESULT tag=97 err=14 text= conn=0 op=3 BIND dn="" method=163 request done: ld 0x81a39f8 msgid 1 conn=0 op=1 RESULT tag=97 err=14 text= request done: ld 0x81a39f8 msgid 2 SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory conn=0 op=3 BIND authcid="admin(a)idm.local" authzid="admin(a)idm.local" conn=0 op=3 BIND dn="cn=admin,dc=idm,dc=local" mech=GSSAPI ssf=56 conn=0 op=3 RESULT tag=97 err=0 text= conn=0 op=4 MOD dn="cn=fhuisk,ou=users,dc=idm,dc=local" conn=0 op=4 MOD attr=cn request done: ld 0x8192200 msgid 1 request done: ld 0x8192200 msgid 2 request done: ld 0x8192200 msgid 3 request done: ld 0x8192200 msgid 4 request done: ld 0x8192200 msgid 7 request done: ld 0x8192200 msgid 5 conn=0 op=4 RESULT tag=103 err=47 text=anonymous proxyAuthz not allowed conn=0 op=5 UNBIND conn=0 fd=9 closed debugging information from the slave conn=0 fd=13 ACCEPT from IP=127.0.1.1:2862 (IP=0.0.0.0:390) conn=0 op=0 BIND dn="" method=128 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 SRCH base="dc=idm,dc=local" scope=2 deref=0 filter="(|(uid=admin)(cn=admin))" conn=0 op=1 SRCH attr=1.1 <= bdb_equality_candidates: (uid) index_param failed (18) <= bdb_equality_candidates: (cn) index_param failed (18) conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 fd=15 ACCEPT from IP=127.0.1.1:2863 (IP=0.0.0.0:390) conn=1 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=1 op=0 SRCH attr=supportedSASLMechanisms conn=1 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 op=1 BIND dn="" method=163 conn=1 op=2 BIND dn="" method=163 conn=1 op=3 BIND dn="" method=163 <= bdb_equality_candidates: (uid) index_param failed (18) <= bdb_equality_candidates: (cn) index_param failed (18) SASL [conn=1] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory conn=1 op=3 BIND authcid="ldap/extubuntu.idm.local(a)idm.local" authzid="ldap/extubuntu.idm.local(a)idm.local" conn=1 op=3 BIND dn="uid=ldap/extubuntu.idm.local,ou=slaves,dc=idm,dc=local" mech=GSSAPI ssf=56 conn=1 op=2 RESULT tag=97 err=14 text= conn=1 op=4 PROXYAUTHZ dn="cn=admin,dc=idm,dc=local" conn=1 op=4 MOD dn="cn=fhuisk,ou=users,dc=idm,dc=local" conn=1 op=4 MOD attr=cn conn=1 op=4 RESULT tag=103 err=10 text= conn=1 op=3 RESULT tag=97 err=0 text= conn=1 op=1 RESULT tag=97 err=14 text= conn=1 op=5 UNBIND conn=1 fd=15 closed debugging information from the master conn=1 fd=14 ACCEPT from IP=172.16.82.240:1290 (IP=0.0.0.0:389) conn=1 op=0 BIND dn="" method=128 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 RESULT tag=103 err=47 text=anonymous proxyAuthz not allowed do_modify: get_ctrls failed conn=1 op=2 UNBIND conn=1 fd=14 closed ldapmodify call and result root@extUbuntu:/etc/ldap# ldapmodify SASL/GSSAPI authentication started SASL username: admin(a)IDM.LOCAL SASL SSF: 56 SASL installing layers dn: cn=fhuisk,ou=users,dc=idm,dc=local changetype: modify add: cn cn: newCN - modifying entry "cn=fhuisk,ou=users,dc=idm,dc=local" ldapmodify: Proxy Authorization Failure (47) additional info: anonymous proxyAuthz not allowed root@extUbuntu:/etc/ldap#

15 years, 9 months

1
0
0 / 0

Re: ldap_int_global_options not initialized (ITS#5109)

by damien.doiselet＠neolane.com

Thanks My application is multithread. I've had a call to ldap_get_option(NULL, LDAP_OPT_API_INFO, &ldapi) before spawning threads, but here the crash occurred also in ldap_initailize but in ldap_ld_free(). I addition, I won't call ldap outside my thread. The full stack trace is : #0 0xb7e93473 in strlen () from /lib/tls/i686/cmov/libc.so.6 #1 0xb3a191f9 in ber_strdup_x (s=0x6a626f28 <Address 0x6a626f28 out of bounds>, ctx=0x0) at memory.c:640 #2 0xadd2fd66 in ldap_charray_dup (a=0xb313a324) at charray.c:164 #3 0xadd26883 in ldap_url_dup (ludp=0x8b83798) at url.c:1191 #4 0xadd26912 in ldap_url_duplist (ludlist=0x8b83798) at url.c:1217 #5 0xadd11b34 in ldap_create (ldp=0xb32e0dc8) at open.c:149 #6 0xadd11de1 in ldap_initialize (ldp=0xb32e0ec0, url=0x8946d20 "ldap://ldap:389") at open.c:225 I have same thing with the 2.3.38 Damien Doiselet Pierangelo Masarati a écrit : > Only issues occurring with either the latest release (now 2.3.28) or HEAD code > ought to be considered, as they might be related to already known and perhaps > solved problems. Please check with a fresh build from 2.3.28. > > In the meanwhile, it might be worth checking: > > - is your application multithread? > > - in case it is, is the first call to a libldap routine occurring __before__ > starting multiple threads, or after? If after, then fix your project by adding > a call to an LDAP routine (e.g. ldap_set_option() with an option that does not > require a LDAP* handle) __before__ spawning threads. > > - can you test your development using a libldap library containing debug > symbols, in order to provide helpful information? > > p. >

15 years, 9 months

1
0
0 / 0

Re: Does libldap.so.2 still exist in the latest version of open-ldap,and if not, what could other applications link to instead?

by Gavin Henry

<quote who="Oliver de Peyer"> > Well, put it this way, it's not a bug with OpenLDAP but it > is a bug with PINE. This seemed like the most appropriate > list to post to though since maybe an OpenLDAP user could > suggest a workaround. Ok, but we don't provide support for 3rd Party software integration with OpenLDAP and refer users to the appropriate mailing lists. > Most people would be used to installing Linux applications > just using .rpms and will be flummoxed by dependency > problems, especially if they are home users. The problem is > that PINE needs a library, libldap.so.2, that the more > recent versions of OpenLDAP no longer supplies. If there is > any easy workaround that the OpenLDAP community can suggest > as a workaround, then PINE users would be very grateful. The work around would be to get upstream to update there lib dependancies. > But to be absolutely clear, yes, it's definitely PINE's bug > not OpenLDAP's! Of course! ;-) But please, seek help on their lists, there's nothing more we can do to help, as it's not a bug with our software. > > In answer to your second suggestion, yes, if you know what > you're doing it is quite easily to compile from the PINE > source and omit OpenLDAP - you can put NOLDAP as a suffix > on the relevant build command. That's what I did in the > end. Understood. > This doesn't help people who are used to just using .rpms > though and it doesn't help people who actually want to use > OpenLDAP with PINE. Well, we distribute in source, so we don't provide RPMs. RPMs are supplied for convience by distros, as you know. > > I would have posted this to PINE lists as you suggest, but > as far as I could make out they don't have email lists per > se but only newsgroups. And one of the things I wanted to > use PINE was to post to newsgroups... but I couldn't get > PINE to work... All things are pointing towards not using PINE then ;-) > I'll post to their newsgroup from my PC at work, but in the > meantime, if anybody on this list has any ideas about > solving this problem from and OpenLDAP perspective, then > I'd be very grateful. They look pretty active to me: http://www.washington.edu/pine/pine-info/ http://mailman1.u.washington.edu/pipermail/pine-info/ http://marc.info/?l=pine-info&w=2&r=1&s=libldap&q=b Gavin.

15 years, 9 months

1
0
0 / 0

(ITS#5109) ldap_int_global_options not initialized

by damien.doiselet＠neolane.com

Full_Name: Damien Doiselet Version: 2.3.30 OS: Debian 4 (kernel 2.6.20.7) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.243.24.157) I'm developing an application which use openldap. I load the library at the runtime with function GetProcAddress My application work correctly except on one PC. This PC is a Debian 4.0 with a kernel 2.6.20.7. Ldap library is a 2.3.30. The library crash, and so my code too in ldap_initialize() (first call of a ldap function): #0 0xb7eab3a3 in strlen () from /lib/tls/i686/cmov/libc.so.6 #1 0xb3a2d1f9 in ber_strdup_x (s=0x6a626f28 <Address 0x6a626f28 out of bounds>, ctx=0x0) at memory.c:640 #2 0xaddcbdf6 in ldap_charray_dup () from /usr/lib/libldap-2.3.so.0 #3 0xaddc2773 in ldap_url_dup () from /usr/lib/libldap-2.3.so.0 #4 0xaddc2802 in ldap_url_duplist () from /usr/lib/libldap-2.3.so.0 #5 0xaddab4dc in ldap_create () from /usr/lib/libldap-2.3.so.0 #6 0xaddab7d1 in ldap_initialize () from /usr/lib/libldap-2.3.so.0 While I was debugging, ldap_int_global_options was not initialized. Nevertheless, with -lldap compilation with gcc, there is no problem.

15 years, 9 months

1
0
0 / 0

Does libldap.so.2 still exist in the latest version of open-ldap, and if not, what could other applications link to instead?

by Oliver de Peyer

I am trying to install PINE on Fedora 7 (and hey, why not? It's good enough as a command line email program) So, I get hold of Pine-4.64-1-i386.rpm from the UW website. But when I try to install this with rpm, it told me I was missing various dependencies. I managed to download these one by one until I got to one called libldap.so.2. I got as far as working out that this is part of open-ldap. open-ldap.2.3.38 was the latest version I could find and it installed fine - I know it installed OK because the test scripts etc. run OK. But, libldap.so.2 is NOT THERE!! For instance, from the /../ directory, find -name libldap.so.2 -print doesn't find anything (but find -name *so.2 -print does, so there definitely are similarly named files around) I searched for libldap.so.2 in the open-ldap archives and all references to it were a few years ago. It seemed quite possible to me that libldap.so.2 has perhaps been renamed as something else in recent versions of open-ldap. Plenty of other libraries were created when I installed open-ldap.2.3.38, just not one with the exact name libldap.so.2. Is this some finickity requirement of PINE? I have got Apt installed but I don't really know how to use it - can I go look for something as specific as a .so.2 library file? So, what would people suggest? Can I get hold of this file for PINE or persuade it to use something else? (and if so, what and how?) Out of interest, why is PINE interested in libldap.so.2 in the first place and what does it do? Thanks in advance, Sarpeyer

15 years, 9 months

2
1
0 / 0

Re: (ITS#5108) SID/RID: decimal or hex?

by hyc＠symas.com

ando(a)sys-net.it wrote: > Well, in slapd.conf(5) I already put 0-4095, but be can back it out. I > don't have any preference. Since the max will just slightly increase, I > don't see a big deal in terms of backwards compatibility. In any case > 4096 or 1000 is big for a RID, so no-one will be hurt. I was more > concerned about the 10 limit... OK. I kind of think they ought to be documented differently, so that people don't confuse SIDs with RIDs (as often happened in OpenLDAP 2.2) but it's probably fine the way it is. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

15 years, 9 months

1
0
0 / 0

Re: (ITS#5108) SID/RID: decimal or hex?

by ando＠sys-net.it

Howard Chu wrote: > ando(a)sys-net.it wrote: >> Howard Chu wrote: > >>> The SID in the CSN has always been hex (but usually zero). The RID is >>> not part of the CSN and has always been decimal. Since the RID only >>> needs to be unique within a particular slapd instance, there's no real >>> problem there. >>> >> >> Right. but, well, slap_parse_csn_sid() was using strtoul(..., 10). Now >> fixed. > > Yeah, oops. That's good. > >> For consistency I've made both behave the same. The user won't >> basically notice it, so I don't see backward compatibility issues. > > So we leave the docs saying RID is 0-999? Well, in slapd.conf(5) I already put 0-4095, but be can back it out. I don't have any preference. Since the max will just slightly increase, I don't see a big deal in terms of backwards compatibility. In any case 4096 or 1000 is big for a RID, so no-one will be hurt. I was more concerned about the 10 limit... p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

15 years, 9 months

1
0
0 / 0

Re: (ITS#5108) SID/RID: decimal or hex?

by hyc＠symas.com

ando(a)sys-net.it wrote: > Howard Chu wrote: >> The SID in the CSN has always been hex (but usually zero). The RID is >> not part of the CSN and has always been decimal. Since the RID only >> needs to be unique within a particular slapd instance, there's no real >> problem there. >> > > Right. but, well, slap_parse_csn_sid() was using strtoul(..., 10). Now > fixed. Yeah, oops. That's good. > For consistency I've made both behave the same. The user won't > basically notice it, so I don't see backward compatibility issues. So we leave the docs saying RID is 0-999? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

15 years, 9 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2007