openldap-bugs September 2008

openldap-bugs@openldap.org

39 participants
206 discussions

Re: (ITS#5715) segfault in libdb
by michael＠stroeder.com 29 Sep '08

29 Sep '08

Pierangelo Masarati wrote: > michael(a)stroeder.com wrote: >> I'm experiencing seg faults when using SASL/EXTERNAL bind when >> connected over >> ldapi://. I will try to examine this further. >> >> segfault at 0 ip b7f21d4c sp b370fd10 error 6 in >> libdb-4.6.so[b7ef9000+14f000] > > This bug is typical of loading a libsasl2 module (libsasldb) built with > a Berkeley DB version different from the one slapd was built with, or > loading a libsasl2 module built with a different version of libsasl2 > than the one slapd was built with. Can you check? I will check this right now. Anyway find below the tail of the server's log when invoking ldapwhoami -H ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1 -Y EXTERNAL Ciao, Michael. --------------------------------- snip -------------------------------- ==> sasl_bind: dn="" mech=EXTERNAL datalen=0 SASL Canonicalize [conn=0]: authcid="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" slap_sasl_getdn: conn 0 id=gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth [len=59] ==>slap_sasl2dn: converting SASL name gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' ==> rewrite_rule_apply rule='gidnumber=([0-9]+)\+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth' string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))'} [rw] authid: "gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" -> "ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))" slap_parseURI: parsing ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)) ldap_url_parse_ext(ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))) put_filter: "(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))" put_filter: AND put_filter_list "(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)" put_filter: "(objectClass=posixAccount)" put_filter: simple put_simple_filter: "objectClass=posixAccount" put_filter: "(uidNumber=500)" put_filter: simple put_simple_filter: "uidNumber=500" put_filter: "(gidNumber=100)" put_filter: simple put_simple_filter: "gidNumber=100" ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: >>> dnNormalize: <ou=schulung,dc=stroeder,dc=local> => ldap_bv2dn(ou=schulung,dc=stroeder,dc=local,0) <= ldap_bv2dn(ou=schulung,dc=stroeder,dc=local)=0 => ldap_dn2bv(272) <= ldap_dn2bv(ou=schulung,dc=stroeder,dc=local)=0 <<< dnNormalize: <ou=schulung,dc=stroeder,dc=local> slap_sasl2dn: performing internal search (base=ou=schulung,dc=stroeder,dc=local, scope=2) => hdb_search bdb_dn2entry("ou=schulung,dc=stroeder,dc=local") => access_allowed: auth access to "ou=schulung,dc=stroeder,dc=local" "entry" requested => dn: [4] ou=users,ou=schulung,dc=stroeder,dc=local => dn: [5] ou=groups,ou=schulung,dc=stroeder,dc=local => dn: [6] ou=schulung,dc=stroeder,dc=local => acl_get: [6] matched => acl_get: [6] attr entry => acl_mask: access to entry "ou=schulung,dc=stroeder,dc=local", attr "entry" requested => acl_mask: to all values by "", (=0) <= check a_dn_pat: * <= acl_mask: [2] applying none(=0) (stop) <= acl_mask: [2] mask: none(=0) => slap_access_allowed: auth access denied by none(=0) => access_allowed: no more rules send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=32 matched="" text="" <==slap_sasl2dn: Converted SASL name to <nothing> SASL Canonicalize [conn=0]: slapAuthcDN="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" ./start-slapd1.sh: line 14: 20820 Segmentation fault ${OPENLDAP_PREFIX}/libexec/slapd -d stats,acl,args,trace,sync -h "ldap://0.0.0.0:2071 ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1" -n slapd-schulung-1 -u michael -f ${LOCALCONFIG}/slapd-1.conf -F ${LOCALCONFIG}/slapd-1.conf.d michael@nb2:~/temp/openldap-testbed-RE24>

1 0

Re: (ITS#5715) segfault in libdb
by ando＠sys-net.it 29 Sep '08

29 Sep '08

michael(a)stroeder.com wrote: > I'm experiencing seg faults when using SASL/EXTERNAL bind when connected over > ldapi://. I will try to examine this further. > > segfault at 0 ip b7f21d4c sp b370fd10 error 6 in libdb-4.6.so[b7ef9000+14f000] This bug is typical of loading a libsasl2 module (libsasldb) built with a Berkeley DB version different from the one slapd was built with, or loading a libsasl2 module built with a different version of libsasl2 than the one slapd was built with. Can you check? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5716) test046-dds failed (exit 127): invalid ELF header
by michael＠stroeder.com 29 Sep '08

29 Sep '08

Hallvard B Furuseth wrote: > michael(a)stroeder.com writes: >> error while loading shared libraries: >> /home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/libraries/libldap_r/.libs/libldap_r-2.4-releng.so.2: >> invalid ELF header > > Hopefully a PEBKAC. Loading libraries built for another architecture, > or something like that. I re-ran all the tests and it worked. Maybe it was caused by invoking 'make install' as root while still running 'make test' as normal user. Ciao, Michael.

1 0

wrong ITS (ITS#5715)
by manu＠netbsd.org 29 Sep '08

29 Sep '08

Please disregard my previous mail, I appended to the wrong ITS. -- Emmanuel Dreyfus manu(a)netbsd.org

1 0

fix (ITS#5717)
by manu＠netbsd.org 29 Sep '08

29 Sep '08

--E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Attached is a fix for the problem: 1) if the member attribute is not part of the requested attribute set, but the mapped attributeis, then we still need to generate the dynlist 2) in this cas, we must add the member attribute to the searched attributes. -- Emmanuel Dreyfus manu(a)netbsd.org --E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="dynlist.patch" --- servers/slapd/overlays/dynlist.c.orig 2008-07-10 02:43:03.000000000 +0200 +++ servers/slapd/overlays/dynlist.c 2008-09-29 17:43:07.000000000 +0200 @@ -369,9 +369,12 @@ /* Don't generate member list if it wasn't requested */ for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) { if ( userattrs || - ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + break; + if ( dlm->dlm_mapped_ad && + ad_inlist( dlm->dlm_mapped_ad, rs->sr_attrs ) ) break; } if ( dli->dli_dlm && !dlm ) return SLAP_CB_CONTINUE; @@ -477,8 +480,11 @@ } else { for ( i = 0; lud->lud_attrs[i]; i++) /* just count */ ; + if ( dlm && dlm->dlm_member_ad && !ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + i++; + o.ors_attrs = op->o_tmpcalloc( i + 1, sizeof( AttributeName ), op->o_tmpmemctx ); for ( i = 0, j = 0; lud->lud_attrs[i]; i++) { const char *text = NULL; @@ -515,8 +521,14 @@ j++; } + if ( dlm && dlm->dlm_member_ad && !ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) { + o.ors_attrs[j].an_name = dlm->dlm_member_ad->ad_cname; + o.ors_attrs[j].an_desc = dlm->dlm_member_ad; + j++; + } + if ( j == 0 ) { goto cleanup; } --E13BgyNx05feLLmH--

1 0

fix (ITS#5715)
by manu＠netbsd.org 29 Sep '08

29 Sep '08

--3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Attached is a fix for the problem: 1) if the member attribute is not part of the requested attribute set, but the mapped attributeis, then we still need to generate the dynlist 2) in this cas, we must add the member attribute to the searched attributes. -- Emmanuel Dreyfus manu(a)netbsd.org --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="dynlist.patch" --- servers/slapd/overlays/dynlist.c.orig 2008-07-10 02:43:03.000000000 +0200 +++ servers/slapd/overlays/dynlist.c 2008-09-29 17:43:07.000000000 +0200 @@ -369,9 +369,12 @@ /* Don't generate member list if it wasn't requested */ for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) { if ( userattrs || - ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + break; + if ( dlm->dlm_mapped_ad && + ad_inlist( dlm->dlm_mapped_ad, rs->sr_attrs ) ) break; } if ( dli->dli_dlm && !dlm ) return SLAP_CB_CONTINUE; @@ -477,8 +480,11 @@ } else { for ( i = 0; lud->lud_attrs[i]; i++) /* just count */ ; + if ( dlm && dlm->dlm_member_ad && !ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) + i++; + o.ors_attrs = op->o_tmpcalloc( i + 1, sizeof( AttributeName ), op->o_tmpmemctx ); for ( i = 0, j = 0; lud->lud_attrs[i]; i++) { const char *text = NULL; @@ -515,8 +521,14 @@ j++; } + if ( dlm && dlm->dlm_member_ad && !ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) { + o.ors_attrs[j].an_name = dlm->dlm_member_ad->ad_cname; + o.ors_attrs[j].an_desc = dlm->dlm_member_ad; + j++; + } + if ( j == 0 ) { goto cleanup; } --3V7upXqbjpZ4EhLz--

1 0

ITS#5717
by ando＠sys-net.it 29 Sep '08

29 Sep '08

Emmanuel, I have a fix, should I go and commit it? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

(ITS#5717) slapo-dynlist expantion failed for mapped attributes
by menu＠netbsd.org 29 Sep '08

29 Sep '08

Full_Name: Emmanuel Dreyfus Version: OpenLDAP-2.4.11 OS: NetBSD-4.0 URL: Submission from: (NULL) (193.54.82.42) If slapo-dynlist is configured with attribute mapping, dynlist expantion will only work if the member attribute in included in the searched attriute set. Here is an example: Config: overlay dynlist dynlist-attrset ExMailAddress memberURL mailbox:revalias Searched entry: dn: mailAddress=foo-employee(a)example.net,o=ex objectClass: exMailAddress mailAddress: foo-employee(a)example.net memberURL: ldap:///o=ex,revalias?sub?(&(objectClass=exPerson)(employer=foo)) Expantion looks up objects like this: dn: uid=jdoe,o=ex objectClass: exPerson uid: jdoe revalias: john.doe(a)example.net employer: foo With the member attribute in the searched attribute set: $ ldapsearch mailAddress=foo-employee@example mailbox revalias dn: mailAddress=foo-employee(a)example.net,o=ex mailbox: john.doe(a)example.net mailbox: joe.luser(a)example.net mailbox: emmanuel.dreyfus(a)example.net Without it: $ ldapsearch mailAddress=foo-employee@example mailbox dn: mailAddress=foo-employee(a)example.net,o=ex Note that if no attribute set is provided, it works: $ ldapsearch mailAddress=foo-employee@example dn: mailAddress=foo-employee(a)example.net,o=ex objectClass: exMailAddress mailAddress: foo-employee(a)example.net mailbox: john.doe(a)example.net mailbox: joe.luser(a)example.net mailbox: emmanuel.dreyfus(a)example.net memberURL: ldap:///o=ex,revalias?sub?(&(objectClass=exPerson)(employer=foo)) I should provide a fix for that soon.

1 0

Re: (ITS#5716) test046-dds failed (exit 127): invalid ELF header
by h.b.furuseth＠usit.uio.no 29 Sep '08

29 Sep '08

michael(a)stroeder.com writes: > error while loading shared libraries: > /home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/libraries/libldap_r/.libs/libldap_r-2.4-releng.so.2: > invalid ELF header Hopefully a PEBKAC. Loading libraries built for another architecture, or something like that. -- Hallvard

1 0

(ITS#5716) test046-dds failed (exit 127): invalid ELF header
by michael＠stroeder.com 29 Sep '08

29 Sep '08

Full_Name: Michael Ströder Version: RE24 OS: openSUSE Linux 11.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.163.103.245) I will examine why this fails. >>>>> Starting test046-dds ... running defines.sh Running slapadd to build slapd database... /home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/servers/slapd/.libs/lt-slapd: error while loading shared libraries: /home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/libraries/libldap_r/.libs/libldap_r-2.4-releng.so.2: invalid ELF header slapadd failed (127)! >>>>> ./scripts/test046-dds failed (exit 127) make[2]: *** [bdb-yes] Error 127 make[2]: Leaving directory `/home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/tests' make[1]: *** [test] Error 2 make[1]: Leaving directory `/home/michael/src/openldap/OPENLDAP_REL_ENG_2_4/openldap/tests' make: *** [test] Error 2

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2008