February 2008 - openldap-bugs

Re: (ITS#5356) Catching index ownership errors

by bgmilne＠staff.telkomsa.net

On Thursday 07 February 2008 08:22:12 rra(a)stanford.edu wrote: > One of the most common problems we see in Debian with people new to > OpenLDAP is that they run slapindex as root when they're running their > directory server as a non-root user and hence break the file ownership and > the database. Maybe your init script should die if the files and directories aren't writable by the user you run slapd as. There are more ways (than slapindex) to break file ownership.

14 years, 7 months

1
0
0 / 0

Re: (ITS#5358) Modrdn operation with NOOP control crashes BDB backend

by rhafer＠suse.de

On Donnerstag, 7. Februar 2008, rhafer(a)suse.de wrote: > Full_Name: Ralf Haferkamp > Version: HEAD, RE23, RE24 > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (89.166.185.54) > > > This is basically the same issue as ITS#4925. The issue is also > apparent in the MODRDN operation: > > ldapmodrdn -x -h :389 -D <dn> -w <pw> -e \noop > ou=test,dc=my-domain,dc=com ou=test2 > > causes the server to crash. Fix is similar to the ITS#4925 fix. Fixed in HEAD. Will there be an additional RE23 release? If yes, this fix should go into it. -- Ralf

14 years, 7 months

1
0
0 / 0

(ITS#5358) Modrdn operation with NOOP control crashes BDB backend

by rhafer＠suse.de

Full_Name: Ralf Haferkamp Version: HEAD, RE23, RE24 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.185.54) This is basically the same issue as ITS#4925. The issue is also apparent in the MODRDN operation: ldapmodrdn -x -h :389 -D <dn> -w <pw> -e \noop ou=test,dc=my-domain,dc=com ou=test2 causes the server to crash. Fix is similar to the ITS#4925 fix.

14 years, 7 months

1
0
0 / 0

Re: (ITS#5354) slapd repeatedly hangs and stops reponding

by ando＠sys-net.it

h.b.furuseth(a)usit.uio.no wrote: > rra(a)stanford.edu writes: >> Specifically, the workaround is to compile the code with the upstream >> libtool instead of with Debian's libtool, since upstream libtool >> imports all module symbols into the global namespace. Debian's >> libtool has been modified to not do this because it causes all sorts >> of other problems in the general case, but not doing this breaks the >> meta backend because it wants to reference symbols from the bdb >> backend. > > s/bdb/ldap/. Sounds like a fix would be to build back-ldap statically > instead of dynamically on Debian if back-meta is built too. The reason back-meta uses code from back-ldap is that they share a lot of features. Probably, they could be moved into slapd, since they might be useful in other (proxy-related) future modules? That would be a lot of reworking, though. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

14 years, 7 months

1
0
0 / 0

Re: (ITS#5354) slapd repeatedly hangs and stops reponding

by h.b.furuseth＠usit.uio.no

rra(a)stanford.edu writes: > Specifically, the workaround is to compile the code with the upstream > libtool instead of with Debian's libtool, since upstream libtool > imports all module symbols into the global namespace. Debian's > libtool has been modified to not do this because it causes all sorts > of other problems in the general case, but not doing this breaks the > meta backend because it wants to reference symbols from the bdb > backend. s/bdb/ldap/. Sounds like a fix would be to build back-ldap statically instead of dynamically on Debian if back-meta is built too. -- Hallvard

14 years, 7 months

1
0
0 / 0

Re: (ITS#5280) JLDAP waits for response for request which hasn't been sent because of connection shutdown

by Rastogi Arpit

hi Marcin, Me back from my vacation. How is the issue going on? Is there any progress made . Now I will be able to help you with the issue. This time it will be very helpful if you can tell me how you are using the sdk (the scenario) and code snippet of the code (if possible) and the purpose of using it . regards, Arpit

14 years, 7 months

1
0
0 / 0

Re: (ITS#5280) JLDAP waits for response for request which hasn't been sent because of connection shutdown

by rarpit＠novell.com

--=__Part82A462B4.1__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable hi Marcin, Me back from my vacation. How is the issue going on? Is there any = progress made . Now I will be able to help you with the issue.=20 This time it will be very helpful if you can tell me how you are using the = sdk (the scenario) and code snippet of the code (if possible) and the = purpose of using it . =20 regards, Arpit=20 =20 --=__Part82A462B4.1__= Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Description: HTML <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-15= "> <META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR></HEAD> <BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI"> <DIV>hi Marcin,</DIV> <DIV>    Me back from my vacation. How is the issue going = on? Is there any progress made . Now I will be able to help you with the = issue. <BR>This time it will be very helpful if you can tell me how you = are using the sdk (the scenario) and code snippet of the code (if = possible) and the purpose of using it .<BR> <BR>regards,<BR>Arpit = <BR> </DIV></BODY></HTML> --=__Part82A462B4.1__=--

14 years, 7 months

1
0
0 / 0

(ITS#5356) Catching index ownership errors

by rra＠stanford.edu

Full_Name: Russ Allbery Version: 2.4.7 OS: Debian GNU/Linux URL: Submission from: (NULL) (171.66.157.16) One of the most common problems we see in Debian with people new to OpenLDAP is that they run slapindex as root when they're running their directory server as a non-root user and hence break the file ownership and the database. Would it be possible to add a check in slapindex where, if slapindex is running as root and the database files are owned by a different user, it would either refuse to run (possibly overideable by a flag) or at least print a warning saying that ownership may have to be fixed later? One possible problem, I know, is that the names of the database files are a matter for the database backend and slapindex really shouldn't know what they are. But maybe the check could somehow be added to back-bdb and back-hdb and exposed for slapindex to use?

14 years, 7 months

1
0
0 / 0

(ITS#5355) back-meta calls back-ldap directly

by rra＠stanford.edu

Full_Name: Russ Allbery Version: 2.4.7 OS: Debian GNU/Linux URL: Submission from: (NULL) (171.66.157.16) back-meta currently makes direct calls to back-ldap. The specific way in which this caused problems is that Debian uses a patched libltdl (to deal with other problems unrelated to OpenLDAP) across the whole distribution which does not open modules with the RTDL_GLOBAL flag and hence doesn't populate all functions into the global namespace. However, my understanding is that regardless of the merits of that particular decision, the current linkage between back-meta and back-ldap is against OpenLDAP's module policy and it's something that you would want to correct.

14 years, 7 months

1
0
0 / 0

Re: (ITS#5354) slapd repeatedly hangs and stops reponding

by rra＠stanford.edu

rra(a)stanford.edu writes: > Steve had an ugly hack to work around this by linking the meta backend > against the bdb backend. Doing that isn't the ugly part -- that's > actually formally correct and really is what libtool should be doing in > the first place. The ugly part is that libtool *really* doesn't like > linking against something that doesn't start with lib*. Sorry, I didn't double-check the original report and got this confused. I believe it's back-ldap that back-meta has a dependency on, not back-bdb. -- Russ Allbery (rra(a)stanford.edu) <http://www.eyrie.org/~eagle/>

14 years, 7 months

1
0
0 / 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2008