openldap-bugs April 2010

openldap-bugs@openldap.org

45 participants
233 discussions

RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
by mmishra＠isabel.eu 27 Apr '10

27 Apr '10

Mayashankar Mishra Consultant E-mail : mmishra(a)isabel.eu Tel : +32 (0)2 403.18.84 Fax : +32 Isabel NV/S.A. Keizerinlaan 13-15 Boulevard de l'Imp=E9ratrice 1000 Brussels - Belgium RPR Bruxelles / RPM Brussel: BE 0455 530 509 http://www.isabel.eu/ http://www.zoomit.eu/ Zoomit is a Registered Trademark of Isabel NV/S.A. Disclaimer : http://www.isabel.eu/gps/en/disclaimer/mailing.php -----Original Message----- From: masarati(a)aero.polimi.it [mailto:masarati@aero.polimi.it] Sent: 2010-04-27 17:19 To: Mayashankar Mishra Cc: openldap-its(a)openldap.org Subject: RE: (ITS#6537) arl[authority revocation list] issue during opnelda= p upgrade Please reply to openldap-its; the "T" stands for "Tracking", if you don't p= ost there, tracking becomes impossible. > > > Hi, > > But same arl work in openldap 2.2.26 In 2.2.26 certificate list was something like int certificateListValidate() { return LDAP_SUCCESS; } I would be surprised it failed. > I could treat with openssl command to > convert to variuos format That's another point. If openssl tools can operate on that CL, then it mig= ht not strictly comply with X509 but be somehow tolerated. We need to insp= ect the certificate in order to find out why it fails. Unless its disclosure violates any confidentiality you're bound to, please = upload it to ftp.openldap.org *in binary form* following these instructions= <http://www.openldap.org/devel/contributing.html#submitting>, then post a message to the ITS with the URL of the file you uploaded. If you're not allowed to upload the offending CL, you'll have to inspect it= yourself. Run slapd under gdb; find out where the failure occurs (running= with "-d stats,trace,args" should suffice); place a breakpoint at the offe= nding call (should be either certificateListValidate() or certificateListEx= actNormalize()), step through the function and see where it fails. We migh= t need to request you to print specific values of variables inside those fu= nctions. > But then whats wrong I maens what it means binary value # 0 This sentence is definitely obscure to me. Please clarify. p.

1 0

RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
by masarati＠aero.polimi.it 27 Apr '10

27 Apr '10

Please reply to openldap-its; the "T" stands for "Tracking", if you don't post there, tracking becomes impossible. > > > Hi, > > But same arl work in openldap 2.2.26 In 2.2.26 certificate list was something like int certificateListValidate() { return LDAP_SUCCESS; } I would be surprised it failed. > I could treat with openssl command to > convert to variuos format That's another point. If openssl tools can operate on that CL, then it might not strictly comply with X509 but be somehow tolerated. We need to inspect the certificate in order to find out why it fails. Unless its disclosure violates any confidentiality you're bound to, please upload it to ftp.openldap.org *in binary form* following these instructions <http://www.openldap.org/devel/contributing.html#submitting>, then post a message to the ITS with the URL of the file you uploaded. If you're not allowed to upload the offending CL, you'll have to inspect it yourself. Run slapd under gdb; find out where the failure occurs (running with "-d stats,trace,args" should suffice); place a breakpoint at the offending call (should be either certificateListValidate() or certificateListExactNormalize()), step through the function and see where it fails. We might need to request you to print specific values of variables inside those functions. > But then whats wrong I maens what it means binary value # 0 This sentence is definitely obscure to me. Please clarify. p.

1 0

RE: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
by mmishra＠isabel.eu 27 Apr '10

27 Apr '10

--_002_3CDE8F636E09F24F90BE98063FB0AD9D76545E3903ISAMAILisabel_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I have attached the arl, and its valid but can't be validated . Can you tell me what can be the issue Thanks Mayashankar Mishra Mayashankar Mishra Consultant E-mail : mmishra(a)isabel.eu Tel : +32 (0)2 403.18.84 Fax : +32 Isabel NV/S.A. Keizerinlaan 13-15 Boulevard de l'Imp=E9ratrice 1000 Brussels - Belgium RPR Bruxelles / RPM Brussel: BE 0455 530 509 http://www.isabel.eu/ http://www.zoomit.eu/ Zoomit is a Registered Trademark of Isabel NV/S.A. Disclaimer : http://www.isabel.eu/gps/en/disclaimer/mailing.php -----Original Message----- From: masarati(a)aero.polimi.it [mailto:masarati@aero.polimi.it] Sent: 2010-04-27 16:43 To: Mayashankar Mishra Cc: openldap-its(a)openldap.org Subject: Re: (ITS#6537) arl[authority revocation list] issue during opnelda= p upgrade > Full_Name: Mayashankar Mishra > Version: 2.4.21 > OS: rhel5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (195.122.110.8) > > > Hi, > > I have to upgrade the openldap from version 2.2.26 to 2.4.21 All goes > fine except for the arl[authority revocation list] failed to get added > in new database. > > I see the binary version of arl from old openldap, its fine. > > When i try to upload the same on openldap 2.4.21 it provides the error > Root error: [LDAP: error code 21 - authorityRevocationList;binary: > value #0 invalid per syntax] > > > Note the same arl when added in older version of openldap works fine > > Any guess what could be the reason This is not a bug, but likely invalid data. Certificate list syntax valida= tor and all related routines were stubs until 2.4, so basically everything = was treated as valid. Now the syntax is validated thoroughly. This ITS will be closed. Please continue discussion on openldap-software, = if needed. Only in case a valid certificate list is not correctly validate= d (i.e. you detect an actual bug in that code), this ITS can be revitalized= . p. --_002_3CDE8F636E09F24F90BE98063FB0AD9D76545E3903ISAMAILisabel_ Content-Type: application/octet-stream; name="authm.arl" Content-Description: authm.arl Content-Disposition: attachment; filename="authm.arl"; size=612; creation-date="Tue, 27 Apr 2010 12:51:37 GMT"; modification-date="Tue, 27 Apr 2010 13:58:42 GMT" Content-Transfer-Encoding: base64 TUlJQndUQ0JxZ0lCQVRBTkJna3Foa2lHOXcwQkFRVUZBREJVTVFzd0NRWURWUVFHRXdKQ1pURVBN QTBHQTFVRUJ4TUdTWE5oWW1WcwpNUXN3Q1FZRFZRUUtFd0pEWVRFbk1DVUdBMVVFQXhNZVNYTmhZ bVZzSUVObGNuUnBabWxqWVhScGIyNGdRWFYwYUc5eWFYUjVGdzB3Ck5URXlNREl3TkRBd05UUmFG dzB3TlRFeU1ETXdOREF3TURCYU1BQ2dJREFlTUE4R0ExVWRJd1FJTUFhQUJFTkJNREl3Q3dZRFZS MFUKQkFRQ0FnelNNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUFMV1Jtbjc5VE5sbE9EK29PcXY3 cjY0TlNGZEJHby84ZkNRQXlrYmpjTgpNSkhSalRPU3FmVTBhbXYyaFM1MDlJNjgvVmh3ZndIdzlO ek5zblBFZXZXa2Ixb0ZXU0x2WjZGdVdYVE5PVjVuOWFZL2JNcUpYNWdQCnR3bE5XZXovQVR2OTlN NVdiVVVLUGpEeHBjOTBiZDJ4ak1vS0JobHNyeWtNZzBEWGFSa2lZWVJFbDNsWEYwd3I0Ri9Gc2ZP N1FTK2YKemtpZm1JMDlaN3pDSWMyMDQzeGwyUnBYdlJvc3R6cnE4bmNRZGpCaDVVZEhqM3FXMEhR ZmtDYU54aUl5M2VaWTRKS3lDcVc5N25UeQpoOXY1QXMxWDJtdnVqYlR0S1c1aTVsblhlSER0ak9k dWZ2YTg2VGJadlN5UXlpa3hMUmxwUWxlK1lpNXg2TldkRE43U3o5TE8K --_002_3CDE8F636E09F24F90BE98063FB0AD9D76545E3903ISAMAILisabel_--

1 0

Re: (ITS#6537) arl[authority revocation list] issue during opneldap upgrade
by masarati＠aero.polimi.it 27 Apr '10

27 Apr '10

> Full_Name: Mayashankar Mishra > Version: 2.4.21 > OS: rhel5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (195.122.110.8) > > > Hi, > > I have to upgrade the openldap from version 2.2.26 to 2.4.21 > All goes fine except for the arl[authority revocation list] failed to get > added > in new database. > > I see the binary version of arl from old openldap, its fine. > > When i try to upload the same on openldap 2.4.21 it provides the error > Root error: [LDAP: error code 21 - authorityRevocationList;binary: value > #0 > invalid per syntax] > > > Note the same arl when added in older version of openldap works fine > > Any guess what could be the reason This is not a bug, but likely invalid data. Certificate list syntax validator and all related routines were stubs until 2.4, so basically everything was treated as valid. Now the syntax is validated thoroughly. This ITS will be closed. Please continue discussion on openldap-software, if needed. Only in case a valid certificate list is not correctly validated (i.e. you detect an actual bug in that code), this ITS can be revitalized. p.

1 0

(ITS#6537) arl[authority revocation list] issue during opneldap upgrade
by mmishra＠isabel.be 27 Apr '10

27 Apr '10

Full_Name: Mayashankar Mishra Version: 2.4.21 OS: rhel5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.122.110.8) Hi, I have to upgrade the openldap from version 2.2.26 to 2.4.21 All goes fine except for the arl[authority revocation list] failed to get added in new database. I see the binary version of arl from old openldap, its fine. When i try to upload the same on openldap 2.4.21 it provides the error Root error: [LDAP: error code 21 - authorityRevocationList;binary: value #0 invalid per syntax] Note the same arl when added in older version of openldap works fine Any guess what could be the reason

1 0

(ITS#6536) Autogroup overlay enhancement
by raphael.ouazana＠linagora.com 27 Apr '10

27 Apr '10

Full_Name: Raphael Ouazana Version: 2.4.21 OS: Linux URL: ftp://ftp.openldap.org/incoming/raphael-ouazana-autogroup-100427.patch Submission from: (NULL) (213.41.232.151) Hi, The attached patch allow the autogroup overlay to handle correctly the attr part of the URL ldap://dc=example,dc=com?attr?sub?(filter). Before this patch, the attr part was simply ignored. Now the group entry is populated by the values of the attribute attr in the resulting entries. Implementation details: Some cases (modify, delete) are harder to handle when you store values instead of dn. In this cases the overlay try to detect if groups have been modified and then simply refresh them. This can cause performance hits if the search specified by the URL deals with an important number of entries. Legal notice: This patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in this following patch were developed by Raphael Ouazana raphael.ouazana(a)linagora.com. These modifications are not subject to any license of Linagora. The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2010 Raphael Ouazana, Linagora Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License.

1 0

Re: (ITS#6535) OpenLDAP fails to build with back-ndb enabled
by hyc＠symas.com 26 Apr '10

26 Apr '10

giesen(a)snickers.org wrote: > Full_Name: Gary T. Giesen > Version: 2.4.21 > OS: RHEL 6 Beta 1 > URL: > Submission from: (NULL) (66.135.102.175) > > > OpenLDAP 2.4.21 (as well as 2.4.19) fails to configure or build on RHEL6 with > back-ndb support enabled. I've solved the problem with configure by applying a > modified version of the patch found here: > > http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2010-March/184248.html That patch is invalid. The current code configures and builds properly with a recent mysql-cluster. It was developed originally against cluster 6.0.x. I have tested it again with the current MySQL Cluster 7.1.3 available here http://mysql.com/downloads/cluster/ > However, when building, I get the following error: > This occurs with rebuilding the 2.4.19 SRPM, using the openldap.org 2.4.19 > tarball, and the openldap 2.4.21 tarball. I'm using the Redhat-supplied > mysql-cluster. Your MySQL package is obsolete by at least 2 years. This ITS will be closed. If you need more assistance talk to your distro vendor. As a side note, if your distro vendor is unable to help you, supported RPMs of OpenLDAP with back-ndb are available from Symas Corp. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#6535) OpenLDAP fails to build with back-ndb enabled
by giesen＠snickers.org 26 Apr '10

26 Apr '10

Full_Name: Gary T. Giesen Version: 2.4.21 OS: RHEL 6 Beta 1 URL: Submission from: (NULL) (66.135.102.175) OpenLDAP 2.4.21 (as well as 2.4.19) fails to configure or build on RHEL6 with back-ndb support enabled. I've solved the problem with configure by applying a modified version of the patch found here: http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2010-March/184248.html However, when building, I get the following error: cd back-ndb; make -w all make[3]: Entering directory `/home/ggiesen/openldap-2.4.21/servers/slapd/back-ndb' rm -f version.c ../../../build/mkversion -v "2.4.21" back_ndb > version.c /bin/sh ../../../libtool --tag=disable-shared --mode=compile g++ -g -O2 -I../../../include -I../../../include -I.. -I./.. -I/usr/include/mysql -I/usr/include/mysql/storage/ndb -I/usr/include/mysql/storage/ndb/ndbapi -c init.cpp g++ -g -O2 -I../../../include -I../../../include -I.. -I./.. -I/usr/include/mysql -I/usr/include/mysql/storage/ndb -I/usr/include/mysql/storage/ndb/ndbapi -c init.cpp -o init.o init.cpp:65: error: expected constructor, destructor, or type conversion before '*' token init.cpp: In function 'int ndb_back_initialize(BackendInfo*)': init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:366: warning: deprecated conversion from string constant to 'char*' init.cpp:376: error: 'ndb_lastrow_code' was not declared in this scope init.cpp:376: error: expected type-specifier before 'NdbInterpretedCode' init.cpp:376: error: expected ';' before 'NdbInterpretedCode' make[3]: *** [init.lo] Error 1 make[3]: Leaving directory `/home/ggiesen/openldap-2.4.21/servers/slapd/back-ndb' make[2]: *** [.backend] Error 1 make[2]: Leaving directory `/home/ggiesen/openldap-2.4.21/servers/slapd' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/home/ggiesen/openldap-2.4.21/servers' make: *** [all-common] Error 1 This occurs with rebuilding the 2.4.19 SRPM, using the openldap.org 2.4.19 tarball, and the openldap 2.4.21 tarball. I'm using the Redhat-supplied mysql-cluster.

1 0

(ITS#6534) bad ifdef/elif clause in liblutil
by quanah＠OpenLDAP.org 26 Apr '10

26 Apr '10

Full_Name: Quanah Gibson-Mount Version: 2.4.21 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108) The following if/elif clause in liblutil is wrong: #ifdef HAVE_SETSID (void) setsid(); #elif TIOCNOTTY if ( (sd = open( "/dev/tty", O_RDWR )) != -1 ) { (void) ioctl( sd, TIOCNOTTY, NULL ); (void) close( sd ); } #endif The elif should be #elif defined(TIOCNOTTY)

1 0

Re: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2
by Ralf Haferkamp 26 Apr '10

26 Apr '10

It seems the fix (in r1.169 of back-bdb/dn2id.c, unfortunately the commit messages did refer the wrong ITS :( ) didn't make in into 2.4.22. Was it overlooked or left out intentionally?

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2010