openldap-bugs January 2008

openldap-bugs@openldap.org

36 participants
144 discussions

Re: (ITS#5343) cn=config crash when deleting attrs
by rhafer＠suse.de 31 Jan '08

31 Jan '08

On Donnerstag, 31. Januar 2008, rhafer(a)suse.de wrote: > On Mittwoch, 30. Januar 2008, h.b.furuseth(a)usit.uio.no wrote: > > Ralf Haferkamp writes: > > > There are multiple ways to fix this, I guess. I am not sure which > > > one to take: > > > 1. Make slap_mods_opattrs() create a LDAP_MOD_ADD operation, when > > > the attributes don't exist in the entry. > > > > It'd be better to fix bconfig's LDAP_MOD_REPLACE. That should work > > like LDAP_MOD_ADD when the attribute is absent. Haven't looked at > > how easy that would(n't) be though. > > > > > 2. Do not try to modify the attributes (not even add) in > > > slap_mods_opattrs() if they do not exist. > > > > No idea... > > > > I like the consistency it gives as far as it goes - keep the > > presence of the attrs independent of whether they were created over > > the protocol or with slapd -f -F. Except fix #2 doesn't do that > > since it won't know whether to add them when creating an entry. So > > in summary, no opinion:-) > > I am currently testing the 3rd approach, the attributes will be > created even when starting with -f only. I'll commit it as soon as > make test finishes. Done. Please test. -- Ralf

1 0

Re: (ITS#5341) Invalid TLSCipherSuite causes hang
by kyle＠moffetthome.net 31 Jan '08

31 Jan '08

On Jan 31, 2008 7:43 AM, Kyle Moffett <kyle(a)moffetthome.net> wrote: > On Jan 31, 2008 12:29 AM, Kyle Moffett <kyle(a)moffetthome.net> wrote: > > I ran into this problem a little while ago and scribbled up the > > attached patch to fix it. It's trivial enough and it works in my > > testing here. > > Sorry, the patch seems to have gone out MIME-encoded and mostly > useless to people who want to download it from the bug-tracker. Let > me try again... (Sorry, still getting used to a new email client) Well damn, it still didn't work. Hopefully gmail won't mangle a pasted patch. Again, my apologies for the mess. Cheers, Kyle Moffett --- openldap-2.4.7/libraries/libldap/tls.c.orig 2007-12-21 19:24:08.000000000 -0500 +++ openldap-2.4.7/libraries/libldap/tls.c 2007-12-21 19:36:02.000000000 -0500 @@ -300,6 +300,7 @@ for (i=0; i<n_ciphers; i++) { if ( !strncasecmp( ciphers[i].name, ptr, len )) { num++; + ptr = end + 1; break; } } @@ -330,6 +331,7 @@ * only appear once in each list. */ if ( !strncasecmp( ciphers[i].name, ptr, len )) { + ptr = end + 1; for (j=0; j<nkx; j++) if ( kx[j] == ciphers[i].kx ) break;

1 0

Re: (ITS#5341) Invalid TLSCipherSuite causes hang
by kyle＠moffetthome.net 31 Jan '08

31 Jan '08

------=_Part_21408_16591909.1201783413748 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Jan 31, 2008 12:29 AM, Kyle Moffett <kyle(a)moffetthome.net> wrote: > I ran into this problem a little while ago and scribbled up the > attached patch to fix it. It's trivial enough and it works in my > testing here. Sorry, the patch seems to have gone out MIME-encoded and mostly useless to people who want to download it from the bug-tracker. Let me try again... (Sorry, still getting used to a new email client) Cheers, Kyle Moffett ------=_Part_21408_16591909.1201783413748 Content-Type: text/plain; name=tls.patch.txt Content-Transfer-Encoding: base64 X-Attachment-Id: f_fc3apr6s1 Content-Disposition: attachment; filename=tls.patch.txt LS0tIG9wZW5sZGFwLTIuNC43L2xpYnJhcmllcy9saWJsZGFwL3Rscy5jLm9yaWcJMjAwNy0xMi0y MSAxOToyNDowOC4wMDAwMDAwMDAgLTA1MDAKKysrIG9wZW5sZGFwLTIuNC43L2xpYnJhcmllcy9s aWJsZGFwL3Rscy5jCTIwMDctMTItMjEgMTk6MzY6MDIuMDAwMDAwMDAwIC0wNTAwCkBAIC0zMDAs NiArMzAwLDcgQEAKIAkJZm9yIChpPTA7IGk8bl9jaXBoZXJzOyBpKyspIHsKIAkJCWlmICggIXN0 cm5jYXNlY21wKCBjaXBoZXJzW2ldLm5hbWUsIHB0ciwgbGVuICkpIHsKIAkJCQludW0rKzsKKwkJ CQlwdHIgPSBlbmQgKyAxOwogCQkJCWJyZWFrOwogCQkJfQogCQl9CkBAIC0zMzAsNiArMzMxLDcg QEAKIAkJCSAqIG9ubHkgYXBwZWFyIG9uY2UgaW4gZWFjaCBsaXN0LgogCQkJICovCiAJCQlpZiAo ICFzdHJuY2FzZWNtcCggY2lwaGVyc1tpXS5uYW1lLCBwdHIsIGxlbiApKSB7CisJCQkJcHRyID0g ZW5kICsgMTsKIAkJCQlmb3IgKGo9MDsgajxua3g7IGorKykKIAkJCQkJaWYgKCBreFtqXSA9PSBj aXBoZXJzW2ldLmt4ICkKIAkJCQkJCWJyZWFrOwo= ------=_Part_21408_16591909.1201783413748--

1 0

Re: (ITS#5343) cn=config crash when deleting attrs
by rhafer＠suse.de 31 Jan '08

31 Jan '08

On Mittwoch, 30. Januar 2008, h.b.furuseth(a)usit.uio.no wrote: > Ralf Haferkamp writes: > > There are multiple ways to fix this, I guess. I am not sure which > > one to take: > > 1. Make slap_mods_opattrs() create a LDAP_MOD_ADD operation, when > > the attributes don't exist in the entry. > > It'd be better to fix bconfig's LDAP_MOD_REPLACE. That should work > like LDAP_MOD_ADD when the attribute is absent. Haven't looked at > how easy that would(n't) be though. > > > 2. Do not try to modify the attributes (not even add) in > > slap_mods_opattrs() if they do not exist. > > No idea... > > I like the consistency it gives as far as it goes - keep the presence > of the attrs independent of whether they were created over the > protocol or with slapd -f -F. Except fix #2 doesn't do that since it > won't know whether to add them when creating an entry. So in > summary, no opinion:-) I am currently testing the 3rd approach, the attributes will be created even when starting with -f only. I'll commit it as soon as make test finishes. > > 3. Create the opattrs, when reading from slapd.conf > > Doesn't help preexisting cn=config directories. They didn't have the problem. The opattr were only absent, when slapd is started with -f. When started with -f -F the attrs were created during the conversion to back-config. They were at least present on disk. -- Ralf

1 0

Re: (ITS#5341) Invalid TLSCipherSuite causes hang
by kyle＠moffetthome.net 30 Jan '08

30 Jan '08

------=_Part_20332_23395431.1201757372670 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline I ran into this problem a little while ago and scribbled up the attached patch to fix it. It's trivial enough and it works in my testing here. Cheers, Kyle Moffett ------=_Part_20332_23395431.1201757372670 Content-Type: application/octet-stream; name=tls.patch Content-Transfer-Encoding: base64 X-Attachment-Id: f_fc2v9vtn0 Content-Disposition: attachment; filename=tls.patch LS0tIG9wZW5sZGFwLTIuNC43L2xpYnJhcmllcy9saWJsZGFwL3Rscy5jLm9yaWcJMjAwNy0xMi0y MSAxOToyNDowOC4wMDAwMDAwMDAgLTA1MDAKKysrIG9wZW5sZGFwLTIuNC43L2xpYnJhcmllcy9s aWJsZGFwL3Rscy5jCTIwMDctMTItMjEgMTk6MzY6MDIuMDAwMDAwMDAwIC0wNTAwCkBAIC0zMDAs NiArMzAwLDcgQEAKIAkJZm9yIChpPTA7IGk8bl9jaXBoZXJzOyBpKyspIHsKIAkJCWlmICggIXN0 cm5jYXNlY21wKCBjaXBoZXJzW2ldLm5hbWUsIHB0ciwgbGVuICkpIHsKIAkJCQludW0rKzsKKwkJ CQlwdHIgPSBlbmQgKyAxOwogCQkJCWJyZWFrOwogCQkJfQogCQl9CkBAIC0zMzAsNiArMzMxLDcg QEAKIAkJCSAqIG9ubHkgYXBwZWFyIG9uY2UgaW4gZWFjaCBsaXN0LgogCQkJICovCiAJCQlpZiAo ICFzdHJuY2FzZWNtcCggY2lwaGVyc1tpXS5uYW1lLCBwdHIsIGxlbiApKSB7CisJCQkJcHRyID0g ZW5kICsgMTsKIAkJCQlmb3IgKGo9MDsgajxua3g7IGorKykKIAkJCQkJaWYgKCBreFtqXSA9PSBj aXBoZXJzW2ldLmt4ICkKIAkJCQkJCWJyZWFrOwo= ------=_Part_20332_23395431.1201757372670--

1 0

Re: (ITS#5343) cn=config crash when deleting attrs
by h.b.furuseth＠usit.uio.no 30 Jan '08

30 Jan '08

Ralf Haferkamp writes: > There are multiple ways to fix this, I guess. I am not sure which one > to take: > 1. Make slap_mods_opattrs() create a LDAP_MOD_ADD operation, when the > attributes don't exist in the entry. It'd be better to fix bconfig's LDAP_MOD_REPLACE. That should work like LDAP_MOD_ADD when the attribute is absent. Haven't looked at how easy that would(n't) be though. > 2. Do not try to modify the attributes (not even add) in > slap_mods_opattrs() if they do not exist. No idea... I like the consistency it gives as far as it goes - keep the presence of the attrs independent of whether they were created over the protocol or with slapd -f -F. Except fix #2 doesn't do that since it won't know whether to add them when creating an entry. So in summary, no opinion:-) > 3. Create the opattrs, when reading from slapd.conf Doesn't help preexisting cn=config directories. -- Hallvard

1 0

Re: (ITS#5343) cn=config crash when deleting attrs
by rhafer＠suse.de 30 Jan '08

30 Jan '08

On Mittwoch, 30. Januar 2008, h.b.furuseth(a)usit.uio.no wrote: > Ralf Haferkamp writes: > > This should be fixed in HEAD now. > > Yes. Instead test034-translucent fails: > >>>>> Starting test034-translucent ... > > ... > Dynamically configuring local slapd without translucent_no_glue... > ldap_modify: No such attribute (16) > additional info: modify/delete: entryCSN: no such attribute > modifying entry > "olcOverlay={0}translucent,olcDatabase={2}bdb,cn=config" > > ldapmodify of dynamic config failed (16) > > >>>>> scripts/test034-translucent with bdb failed (exit 1) Hm, the config entries do not contain the usual operational Attributes like entrycsn, modifytimestamp, and so on when the config was loaded from slapd.conf, but during modification slapd tries to update them using slap_mods_opattrs(). This function always creates a LDAP_MOD_REPLACE modifcation, even if the attributes do not exist in the original entry. There are multiple ways to fix this, I guess. I am not sure which one to take: 1. Make slap_mods_opattrs() create a LDAP_MOD_ADD operation, when the attributes don't exist in the entry. 2. Do not try to modify the attributes (not even add) in slap_mods_opattrs() if they do not exist. 3. Create the opattrs, when reading from slapd.conf 4. Fix the original Bug differently. Even though I am pretty sure that my fix is correct. 5. ? Any suggestions? -- Ralf

1 0

Re: (ITS#5342) DN and naming attribute mismatch
by richton＠nbcs.rutgers.edu 30 Jan '08

30 Jan '08

> Have you got any servers running 2.3.39, or all 2.3.37? Everything went from 2.3.37 -> 2.3.40. Since I get hosed w/err=80, the slaves don't have corrupt data. I'm thinking about moving the master down to 2.3.39 as a data point. In the meantime, thanks for the db_dump idea; I can now show that the bad commits are definitely (a) 2.3.40 and (b) increasing. Consider: # grep 172.23.93.232 dbdump* dbdump.Jan291845: \80\10cn=172.23.93.232\00cn=172.23.93.232\00\00\00\00\00\00\01\d3\8d dbdump.Jan291845: \00\10cn=172.23.93.232\00cn=172.23.93.232\00\00\00\00\00\00\00\01> dbdump.Jan301043: \80\10cn=172.23.93.232\00cn=1\b72.23.93.232\00\00\00\00\00\00\01\d3\8d dbdump.Jan301043: \00\10cn=172.23.93.232\00cn=172.23.93.232\00\00\00\00\00\00\00\01>

1 0

Re: (ITS#5342) DN and naming attribute mismatch
by hyc＠symas.com 30 Jan '08

30 Jan '08

Aaron Richton wrote: >> after it. ("Last" is obviously imprecise. But the point is you would have had >> to have created some new entries after the upgrade whose DNs would cause >> their records to fall on the same DB page as this record, meaning they're >> close in the sort order and such.) > > As for "close pagewise," there's a lot of churn here since it's the > beginning of the semester. It's not uncommon to see the same DN DEL/ADD > within ~30-60 minutes. > >> And for most err=80 situations, there ought to be BerkeleyDB error messages >> in the log as well. > > Agreed. On that end, I pulled out two weeks of logs overnight, and grep > for "bdb(" found precisely zero hits. > > > While I had the logs out, I looked back, and it turns out the first time I > ever saw a problem with 2.3.40 actually WASN'T err=80: > > Jan 24 19:03:31 op=4 DEL dn="cn=172.23.132.58,cn..." > Jan 24 19:03:31 conn=3252 op=4 RESULT tag=107 err=32 text= > > > > This was added under 2.3.37: > > Jan 22 18:33:28 op=4 ADD dn="cn=172.23.132.58,cn=..." > > Now of course you can blame stuff between Jan 22-24 as moving that entry. > But I've got nightly slapcat's showing: > > dn: cn=172.23.132.58,cn=Clients,cn=ResNet Service Config,ou=Host Config,o=Rutg > entryCSN: 20080122233328Z#000004#00#000000 > > As a matter of fact, I can even run that right this second. > > # date;slapcat -b "o=Rutgers CCF,c=US" | /usr/sfw/bin/ggrep -A12 cn=172.23.132.58 | egrep '^cn|^entryCSN' > Wed Jan 30 09:29:03 EST 2008 > cn: 172.23.132.58 > entryCSN: 20080122233328Z#000004#00#000000 > > So notfound is.....dubious. (And no, I'm not manually tweaking it, and I > don't even know how to spell managedSAit. ;) That's the first time I saw > 2.3.40 go weird. Well, one of the big patches in 2.3.40 (relative to 2.3.39) was a fix for some caching bugs which showed up if an entry was being deleted and added in rapid succession, and being searched for. In that case, it was possible for the old dn2id value to be read back into the cache from disk before it got deleted off the disk. So it's conceivable that this patch caused your err=32 problem somehow. But nothing explains the errant bit getting set in the DN. Have you got any servers running 2.3.39, or all 2.3.37? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5343) cn=config crash when deleting attrs
by h.b.furuseth＠usit.uio.no 30 Jan '08

30 Jan '08

Ralf Haferkamp writes: > This should be fixed in HEAD now. Yes. Instead test034-translucent fails: >>>>> Starting test034-translucent ... ... Dynamically configuring local slapd without translucent_no_glue... ldap_modify: No such attribute (16) additional info: modify/delete: entryCSN: no such attribute modifying entry "olcOverlay={0}translucent,olcDatabase={2}bdb,cn=config" ldapmodify of dynamic config failed (16) >>>>> scripts/test034-translucent with bdb failed (exit 1) -- Hallvard

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2008