openldap-bugs August 2008

openldap-bugs@openldap.org

40 participants
169 discussions

Re: (ITS#5661) contextCSN gets corrupted on the stand by mirror
by ando＠sys-net.it 29 Aug '08

29 Aug '08

Ali Pouya wrote: > Hi Pierangelo, >>> contextCSN: 20080727021429.070493Z#000000#000#000000 >>> contextCSN:: +HYDCTA4MDIwMzM3MTguMzAwMTExWiMwMDAwMDAjMDAxIzAwMDAwMA== >> >> which looks like >> >> 4 bytes of garbage + "0802033718.300111Z#000000#001#000000" >> > Yes, but I would like to bring a precision : > under VI the 4 bytes are handled as 2 characters only. That's probably because vi incorrectly interprets that as a multi-byte encoding, since it contains garbage. That's supposed to be a string restricted to those chars that are allowed by generalized time, so you shouldn't rely on vi guesses based on their actual, erroneous content. > In fact each time > the problem occurs I repair my database using a BDB C program wich reads > the first key from id2entry.bdb and writes it on disk. > Then I use vi to fix the contextCSN, before writing the key back to the > database. > Using vi I do not delete any characters. I only replace them by 20, then > I fix the rest of the fields. Then you'd get year 20 AD! The 08 you see in your broken entryCSN is the month, not the last two digits of the year. > Another precision : when the first two chars take corrupted, the rest of > the contextCSN gets stuck and does not follow write operations. > >> I note that, according to the sid values you assigned to servers A and >> B, the first contextCSN should not appear, since it has sid == 0, >> while the second one, apart from the corruption, is plausible (as >> you're writing to server A, with sid == 1). >> > Yes. > The contextCSN with sid=0 is there because at the beginning I initiated > my directory without SID (defaults to 0), then I set two difrent SIDs > for A and B. Can you try a fresh reload of the database(s) stripping out the entryCSN and letting slapadd generate them, using the -S <SID> switch (along with the -w switch), in order to enforce a SID of 001 (or 002, as you like)? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5671) using constraint uri results in slapd abort
by ando＠sys-net.it 29 Aug '08

29 Aug '08

kkalev(a)noc.ntua.gr wrote: > Full_Name: Kostas Kalevras > Version: $OpenLDAP: slapd 2.4.11 (Aug 20 2008 14:21:11) > OS: FreeBSD 6.3-RELEASE-p3 > URL: http://noc.ntua.gr/~kkalev/kostas.kalevras-20080829.txt > Submission from: (NULL) (147.102.224.68) > > > When enabling contraint overlay with the uri feature and running an ldap modify > that will triger the contraint, slapd aborts. More information in the included > logs Sounds like a duplicate of ITS#5581, which was only partially fixed in 2.4.11. This should already be fixed in HEAD, please test. Also, try removing the brackets from the filter in the constraint_attribute statement; this should work around your issue while upgrading. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

(ITS#5671) using constraint uri results in slapd abort
by kkalev＠noc.ntua.gr 29 Aug '08

29 Aug '08

Full_Name: Kostas Kalevras Version: $OpenLDAP: slapd 2.4.11 (Aug 20 2008 14:21:11) OS: FreeBSD 6.3-RELEASE-p3 URL: http://noc.ntua.gr/~kkalev/kostas.kalevras-20080829.txt Submission from: (NULL) (147.102.224.68) When enabling contraint overlay with the uri feature and running an ldap modify that will triger the contraint, slapd aborts. More information in the included logs

1 0

Re: N-way multimaster replication problem (ITS#5617)
by miguel.jinez＠gmail.com 28 Aug '08

28 Aug '08

Hello, I have complied openldap 2.4.11 now, and I have test again, but the problem persist El mié, 27-08-2008 a las 20:10 +0000, Gavin Henry escribió: > Can you try on 2.4.11 now. > > Thanks.

1 0

Re: (ITS#5545) Inconsistency in multi-master setup
by ghenry＠OpenLDAP.org 27 Aug '08

27 Aug '08

> Have setup 2-node multi-master configuration. Found that when > operating on same > set of users at high loading, there will be consistency between the > masters. Can you confirm this on 2.4.11? -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

Re: (ITS#5655) add option for setting minimum TLS/SSL protocol
by guenther＠sendmail.com 27 Aug '08

27 Aug '08

On Wed, 20 Aug 2008, Philip Guenther wrote: > I have an updated patch, but can't post it: ftp.openldap.org's incoming is > full: Still full...

1 0

RE: (ITS#5668) Invalid entryCSN generated, and slapd will not restart
by emmanuel.duru＠atosorigin.com 27 Aug '08

27 Aug '08

I am running windows 32 bits. Here is what I get from my debugging session: After QueryPerformanceCounter( &count ), count.QuadPart is worth 4243738405535005 So the overflow comes from count.QuadPart *= 1000000; > -----Message d'origine----- > De : Howard Chu [mailto:hyc@symas.com] > Envoyé : mercredi 27 août 2008 13:08 > À : openldap-its(a)openldap.org; Emmanuel Duru > Objet : Re: (ITS#5668) Invalid entryCSN generated, and slapd will not > restart > > ando(a)sys-net.it wrote: > > emmanuel.duru(a)atosorigin.com wrote: > >> I see that tm->tm_usub is negative, there seems to be overflows between > >> LARGE_INTEGER and int variables. > > It would take over 4 billion operations in a single timer tick (on the > order > of nanoseconds) to make tm_usub overflow. That seems pretty unlikely. > > > If the problem disappears by initializing the static variables in > > lutil_gettime(), then it might be a compiler issue. > > I suppose that's always possible... > > The original post shows that the tm_usec field is negative. That could > happen > if the offset we computed between the SYSTEMTIME and the > PerformanceCounter > was wrong, or if the SYSTEMTIME was adjusted while the process was > running. > > What version of Windows are you running? 32 or 64 bit? Can you singlestep > through this function with a debugger and verify all of the values? I > haven't > run this code on Windows in a long time, would take a bit of effort to > resurrect my build environment. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5669) slapd ...
by ali.pouya＠free.fr 27 Aug '08

27 Aug '08

Howard Chu wrote : >In fact, just drop the syncprov-reloadhint setting and you'll be fine. (Since >you never have delete operations, reloads will never occur anyway.) OK Howard. Thanks for your help. I tried to send this message several times. May be you will receive more than one answer. Best Regards Ali

1 0

Re: (ITS#5669) slapd ...
by ali.pouya＠free.fr 27 Aug '08

27 Aug '08

1 0

consumer crashing provider
by Dick Visser 27 Aug '08

27 Aug '08

(first post) Hi guys I am trying to set-up a pair of directory servers. Both of them run Ubuntu 8.04, which has OpenLDAP-2.4.9. I started out with one server, configured that to suit my needs (store UNIX and smb accounts), which works fine. Next thing is to set-up a second 'slave' server. After reading the docs, I decided to go for the syncrepl style replication for our micro tree. Everything seems to work fine. If I start the consumer it nicely pulls content from the provider. Retrieving the whole tree with ldapsearch from both servers yields exactly the same ldif. Great. However, if I now change something on my main server a.k.a. provider (f.i. change a password), the next time the consumers contacts the provider, the provider crashes: root@ldap:/etc/ldap# slapd -f slapd.conf -g openldap -u openldap -d 15 [snip] *** glibc detected *** slapd: free(): invalid size: 0xb676ef08 *** ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6[0xb7c62a85] /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7c664f0] /usr/lib/liblber-2.4.so.2(ber_memfree_x+0x4a)[0xb7f93b4a] /usr/lib/ldap/syncprov-2.4.so.2[0xb787619a] slapd(overlay_op_walk+0x34)[0x80da4e4] slapd[0x80daaf7] slapd(fe_op_search+0x313)[0x8078a73] slapd(do_search+0x777)[0x80792e7] slapd[0x807653f] slapd[0x8076c36] /usr/lib/libldap_r-2.4.so.2[0xb7fa4714] /lib/tls/i686/cmov/libpthread.so.0[0xb7d4b4fb] /lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7ccde5e] ======= Memory map: ======== Aborted A slave server killing a master sort of defeats the whole purpose ;-) Any ideas how to solve this? If it makes any difference, here is the provider config: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 4096 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov sizelimit 5000 tool-threads 1 backend hdb database hdb suffix "dc=terena,dc=org" rootdn "cn=Replication,dc=terena,dc=org" directory "/var/lib/ldap" dbconfig set_cachesize 0 16777216 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass,entryCSN,entryUUID eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub lastmod on checkpoint 512 30 overlay syncprov syncprov-checkpoint 1 1 syncprov-sessionlog 100 access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=terena,dc=org" write by dn="cn=smbadmin,dc=terena,dc=org" read by dn="cn=syncrepl,dc=terena,dc=org" read by anonymous auth by self write by * none access to * by dn="cn=admin,dc=terena,dc=org" write by * read access to dn.base="" by * read And here is the consumer config: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb suffix "dc=terena,dc=org" rootdn "cn=Replication,dc=terena,dc=org" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass,entryCSN,entryUUID eq access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=terena,dc=org" write by dn="cn=smbadmin,dc=terena,dc=org" read by anonymous auth by self write by * none access to * by dn="cn=admin,dc=terena,dc=org" write by * read access to dn.base="" by * read syncrepl rid=000 provider=ldap://ldap.terena.org:389 type=refreshOnly interval=00:00:00:60 retry="60 10 300 +" searchbase="dc=terena,dc=org" scope=sub attrs=* schemachecking=off bindmethod=simple binddn="cn=syncrepl,dc=terena,dc=org" credentials=hackme updateref ldap://ldap.terena.org:389 -- Dick Visser TERENA IT Support Officer TERENA Secretariat Singel 468 D, 1017 AW Amsterdam The Netherlands T +31 20 530 44 88 F +31 20 530 44 99 visser(a)terena.org | www.terena.org

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2008