openldap-bugs October 2011

openldap-bugs@openldap.org

27 participants
41 discussions

(ITS#7070) test058-syncrepl-asymmetric failed for hdb
by michael＠stroeder.com 21 Oct '11

21 Oct '11

Full_Name: Michael Ströder Version: HEAD (from git master) OS: openSUSE 11.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.163.51.243) >>>>> Starting test058-syncrepl-asymmetric for hdb... running defines.sh Initializing master configurations... Initializing search configurations... Starting central master slapd on TCP/IP port 9011... Using ldapsearch to check that central master slapd is running... Waiting 1 seconds for slapd to start... Waiting 2 seconds for slapd to start... Waiting 3 seconds for slapd to start... Waiting 4 seconds for slapd to start... Waiting 5 seconds for slapd to start... ldapsearch failed (255)! >>>>> test058-syncrepl-asymmetric failed for hdb (exit 255) make[2]: *** [hdb-mod] Error 255 make[2]: Leaving directory `/usr/src/michael/openldap/tests' make[1]: *** [test] Error 2 make[1]: Leaving directory `/usr/src/michael/openldap/tests' make: *** [test] Error 2

1 0

Re: (ITS#7067) openldap not properly starting
by Pierangelo Masarati 21 Oct '11

21 Oct '11

Current release is OpenLDAP 2.4.26. In any case, there is no clear indication in your report of a software bug. Please direct your message to the openldap-technical mailing list. p.

1 0

(ITS#7069)
by michael＠stroeder.com 21 Oct '11

21 Oct '11

See testrun/ here: http://www.stroeder.com/temp/openldap-its7069-testrun.tar.gz

1 0

(ITS#7069) test061-syncreplication-initiation failed for hdb
by michael＠stroeder.com 21 Oct '11

21 Oct '11

Full_Name: Michael Ströder Version: HEAD (from git) OS: openSUSE 11.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.163.45.214) >>>>> test061-syncreplication-initiation failed for hdb (exit 255) make[2]: *** [hdb-mod] Error 255 make[2]: Leaving directory `/usr/src/michael/openldap/tests' make[1]: *** [test] Error 2 make[1]: Leaving directory `/usr/src/michael/openldap/tests' make: *** [test] Error 2

1 0

Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
by pm＠datasphere.ch 20 Oct '11

20 Oct '11

--=-H9Xw5XBDhIDPupeYRJLz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I am the author of the patch at: ftp://ftp.openldap.org/incoming/jvcelak-20110912-syncrepl-allow-unsetting-o= f-tls-options.patch and I want to argue in favor of it: 1) In a configuration using a simple bind to authenticate a client, you have no choice but using ldaps to protect password sniffing: this requires a SERVER certificate only. 2) Since primary and replicated servers can have their role reversed (i.e.: after failure and/or recovery of the former primary server), the configurations should be kept as symmetric as possible (except for syncrepl) in order to speed-up switch: SSL in both servers should thus have the same configuration. 3) syncrepl then forces SSL to use a client certificate rather than a simple bind for authentication: this implies "normal" clients will also need a certificate... we are then in a situation lying very far from using ldaps for encryption only :-( 4) Using separate server and client certificates within a server, although safer, does not resolve my problem. For the above reason, I would really like to see my patch included in openldap code, or at least an equivalent solution. Because "third-party patch submissions cannot be accepted per our IPR policies. The original author is required to submit their own patches.", do you need me to re-submit it ? Thanks in advance for your reply. Regards, Patrick Monnerat DATASPHERE S.A. 16, chemin des Aulx CH-1228 Plan-les-Ouates (GE) --=-H9Xw5XBDhIDPupeYRJLz Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH/DCCA9Mw ggK7oAMCAQICARQwDQYJKoZIhvcNAQEFBQAwgaIxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZHZW5l dmExGDAWBgNVBAcTD1BsYW4tbGVzLU91YXRlczEYMBYGA1UEChMPREFUQVNQSEVSRSBTLkEuMSQw IgYDVQQDExtEQVRBU1BIRVJFIG1haWwgc2VjdXJpdHkgQ0ExKDAmBgkqhkiG9w0BCQEWGWJ1cmVh dXRpcXVlQGRhdGFzcGhlcmUuY2gwHhcNMTEwODIzMTM1MzAwWhcNMTIxMjMxMjM1OTAwWjCBvDEL MAkGA1UEBhMCQ0gxDzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3VhdGVzMRcw FQYDVQQKEw5EQVRBU1BIRVJFIFMuQTEZMBcGA1UEAxMQUGF0cmljayBNb25uZXJhdDEtMCsGCSqG SIb3DQEJARYecGF0cmljay5tb25uZXJhdEBkYXRhc3BoZXJlLmNoMR8wHQYJKoZIhvcNAQkBFhBw bUBkYXRhc3BoZXJlLmNoMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzpT/ufabbhCa1JFvX ZWLCDP8tPBxTilXjEFKAnNirdOc8Sj667iey7ypcgkA2QUZu+gHDSVD3iNRro2rQPdTzjnLCml5P Up+AOB48X5jUwVbxihmAvtM21KQGZZwcmGdlj6AgY/Vxci48CRn+DzW6lY+VYCtf7HWhNHih4G1Y IwIDAQABo3wwejAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR79vf/tmNLu8XwC0nU02j0WQLCzjAL BgNVHQ8EBAMCA7gwKwYDVR0lBCQwIgYIKwYBBQUHAwQGCisGAQQBgjcCARUGCisGAQQBgjcCARYw EQYJYIZIAYb4QgEBBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQA8gckFW7PMcfcFhZoVkI1ePP2f XQ1UM4tChxfuPmKYXb2VbM2bYn33MiKnswlzsH/gDvQawYFKvRCehE5JiPUa42kGd8jXNzU8sRnm uMHpjengOO3aLKZLAZRXS1dGjD9q3CQa/KDT31+ODWG7vztY8ZMBv008lb/eJvKt9ssm0cPTeKA9 /YenJzklzyY/MlNnW+zRce+3Ms4171wnrjKcA4J+Zyr0Ow1eEYzoIVEphT1WmybDPr0EJoueDUvH 9uz5cxRpxlIFY4jgTqhUQid/7uHrkaKU/OrADsOy2sGr4YpcvRpHseZZIA3Z8ovOHQ9J4WGviz9w Z6gcTLtQu6baMIIEITCCAwmgAwIBAgIBEzANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCQ0gx DzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3VhdGVzMRgwFgYDVQQKEw9EQVRB U1BIRVJFIFMuQS4xMjAwBgNVBAMTKURBVEFTUEhFUkUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eSAyMSgwJgYJKoZIhvcNAQkBFhlidXJlYXV0aXF1ZUBkYXRhc3BoZXJlLmNoMB4XDTExMDgy MzEzNTEwMFoXDTMwMTIzMTIzNTkwMFowgaIxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZHZW5ldmEx GDAWBgNVBAcTD1BsYW4tbGVzLU91YXRlczEYMBYGA1UEChMPREFUQVNQSEVSRSBTLkEuMSQwIgYD VQQDExtEQVRBU1BIRVJFIG1haWwgc2VjdXJpdHkgQ0ExKDAmBgkqhkiG9w0BCQEWGWJ1cmVhdXRp cXVlQGRhdGFzcGhlcmUuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTbQAxPu9L skt5ddMLzbS+bLQlW+gtcecHp9zL+x44dSXc663y6s+/XWxDbLZ0s+w6vp5CMB6pXxR5s8KfMDSC 22s7nq0t/BpQ1WfLkszG2JRs8BXIyrsDrFqYBBxcxiyyjzyQYVJg7qtPveUw9aQs53QCnZfXwG9s H2crPnAzoOzx5jptWvA5aHLMKqaZbGztUANABqZfZEwwGS/YG3nHxOKnl+UvmueJWiMs+plendlA 5+UBrUAk46/1IFNyjMqaBR8bug7IovHB9sn/k999eHVeBiu1qeTo0tcDEMvSBTh5JqIkl5lH7TU+ wgVCBA2/Eo1ccrvFkgTmztocbMczAgMBAAGjUjBQMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE FFxbVp/ZdU5YlwvAFPbbFg+jGWehMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwDQYJ KoZIhvcNAQEFBQADggEBAH6oFynXqL8Tk6sA032VbJyibS8woHni0/ayhrcBdEORc/wvfmhEA2kK 9Yy4xEaprsxT0fFyBJ4YGYyXX4SkQdr0pRCDO/niL2woQmar5vq4v9xa2FgrWOh7jKcXuh/SMpGq WZzQQTvYY0+X7SXX1+Ioje7rqzEDWNmzpp+mtPr/ENVmIxwTGEtXbDDLJN48sTmBDnKrca2UJrfU EFDDHon9CBBg53u+JodQiJfSbraqwje1QrGCvOHkyBr3ulBmssePVQzPphON39pPgbJCoE7sd/WK UX02QIorkbdaA8K/S38Ggc1xN9kNDE5tuClAYJSZUHeDnROgz1QncevRdKMxggGuMIIBqgIBATCB qDCBojELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3Vh dGVzMRgwFgYDVQQKEw9EQVRBU1BIRVJFIFMuQS4xJDAiBgNVBAMTG0RBVEFTUEhFUkUgbWFpbCBz ZWN1cml0eSBDQTEoMCYGCSqGSIb3DQEJARYZYnVyZWF1dGlxdWVAZGF0YXNwaGVyZS5jaAIBFDAJ BgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEx MDIwMTYxMjEwWjAjBgkqhkiG9w0BCQQxFgQU/0S6iq+obCv1FnngaSJRbdoGRygwDQYJKoZIhvcN AQEBBQAEgYBXOHzJGvDyRJTXk7jxmGjef5QY39Ziyodp0BIYwRukyAgQ273nzPxBga96lZog7obN 2qsnWxGi9RtGEyua27OacgUPOb9+vjX5/xb3DGol81GnBqOusj8ZrdNTa7i7lKmA+o7cFD3hM6o0 PLi3EqA3rsEgu65uGpWuuyS8rzeRFAAAAAAAAA== --=-H9Xw5XBDhIDPupeYRJLz--

1 0

Re: (ITS#7068) openldap connection issue
by sanjiv.singh＠impetus.co.in 20 Oct '11

20 Oct '11

--_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable hi all, adding more details for debugging..... when i fire ldapadd utility with following ldif , it repeatedly throughing = following logs.... new.ldif ------------------------------------------------------ dn: cn=3DProcessor,dc=3Dmydomain,dc=3Dcom description: some description roleType: My Admin uniqueMember: uid=3Dmyadmin,dc=3Dmydomain,dc=3Dcom tenantId: Global cn: Processor objectClass: groupOfUniqueNames objectClass: top ------------------------------------------------------ /usr/local/bin/ldapadd -d 65535 -h 10.122.215.40 -p 6070 -x -w ***** -D "cn= =3DManager,dc=3Dmydomain,dc=3Dcom" -f new.ldif ------------------------------------------------------ ** ld 0x4185ad0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x4185ad0 request count 1 (abandoned 0) ** ld 0x4185ad0 Response Queue: Empty ld 0x4185ad0 response count 0 ldap_chkResponseList ld 0x4185ad0 msgid 2 all 1 ldap_chkResponseList returns ld 0x4185ad0 NULL ldap_int_select ldap_result ld 0x4185ad0 msgid 2 wait4msg ld 0x4185ad0 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x4185ad0 msgid 2 all 1 ** ld 0x4185ad0 Connections: * host: 10.122.215.40 port: 6070 (default) refcnt: 2 status: Connected last used: Thu Oct 20 08:42:30 2011 -------------------------------------------------------- Regards, Sanjiv Singh Software Engineer (iLabs) Impetus Infotech (India) Pvt. Ltd. D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.c= om<http://www.impetus.com/> ________________________________ New Impetus webcast on-demand 'Big Data Technologies for Social Media Analy= tics' available at http://bit.ly/nFdet0. Visit http://www.impetus.com to know more. Follow us on www.twitter.com/imp= etuscalling NOTE: This message may contain information that is confidential, proprietar= y, privileged or otherwise protected by law. The message is intended solely= for the named addressee. If received in error, please destroy and notify t= he sender. Any use of this email is prohibited when received in error. Impe= tus does not represent, warrant and/or guarantee, that the integrity of thi= s communication has been maintained nor that the communication is free of e= rrors, virus, interception or interference. --_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= > <style>  </style> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> hi all, adding more details for debugging.....   when i fire ldapadd utility with following ldif , it= repeatedly throughing following logs....   new.ldif ----------------------------------------------------= -- dn: cn=3DProcessor,dc=3Dmydomain,dc=3Dcom description: some description roleType: My Admin uniqueMember: uid=3Dmyadmin,dc=3Dmydomain,dc=3Dcom</= p> tenantId: Global cn: Processor objectClass: groupOfUniqueNames objectClass: top ----------------------------------------------------= --   /usr/local/bin/ldapadd -d 65535 -h 10.122.215.40 -p = 6070 -x -w ***** -D "cn=3DManager,dc=3Dmydomain,dc=3Dcom" -f new.= ldif ----------------------------------------------------= -- ** ld 0x4185ad0 Outstanding Requests: * msgid 2,  origid 2, status InProgress    outstanding referrals 0, parent count 0=   ld 0x4185ad0 request count 1 (abandoned 0)</p= > ** ld 0x4185ad0 Response Queue:    Empty   ld 0x4185ad0 response count 0 ldap_chkResponseList ld 0x4185ad0 msgid 2 all 1 ldap_chkResponseList returns ld 0x4185ad0 NULL ldap_int_select ldap_result ld 0x4185ad0 msgid 2 wait4msg ld 0x4185ad0 msgid 2 (timeout 100000 usec)<= /p> wait4msg continue ld 0x4185ad0 msgid 2 all 1 ** ld 0x4185ad0 Connections: * host: 10.122.215.40  port: 6070  (defaul= t)   refcnt: 2  status: Connected   last used: Thu Oct 20 08:42:30 2011 ----------------------------------------------------= ----   Regards, Sanjiv Singh Software Engineer (iLabs)</s= pan> Impetus Infotech (India) = Pvt. Ltd. D-40, Sector-59, Noida - 201= 307, UP |  (M) +91-9990-447-339 | <a href=3D"http://www.impetus.com/" title=3D"http://www.impetus.com">www.impetus.com</a>&nb= sp;     </div> <hr> New Impetus webcast on-demand ‘Big Data Technologies for Social Media= Analytics’ available at http://bit.ly/nFdet0. Visit http://www.impetus.com to know more. Follow us on www.twitter.com/imp= etuscalling NOTE: This message may contain information that is confidential, proprietar= y, privileged or otherwise protected by law. The message is intended solely= for the named addressee. If received in error, please destroy and notify t= he sender. Any use of this email is prohibited when received in error. Impetus does not represent, warrant = and/or guarantee, that the integrity of this communication has been maintai= ned nor that the communication is free of errors, virus, interception or in= terference. </body> </html> --_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_--

1 0

(ITS#7068) openldap connection issue
by sanjiv.is.on＠gmail.com 20 Oct '11

20 Oct '11

Full_Name: Sanjiv Singh Version: 2.4.20 OS: centOS 5.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (115.113.49.98) Hi all, I am facing openldap issue, facing problem during operation with openldap utilities. slapadd,ldapsearch and slapcat etc. I have installed & configure openldap 2.4.20 from source. enable debugging level -1(max debug level). here is my LDIF that i want to add to my ldap server. mydata.ldif ------------------------------------------------------ dn: cn=My Operator,dc=mydomain ,dc=com description: My Operator for managing job types roleType: Common tenantId: Global cn: My Operator objectClass: groupOfUniqueNames objectClass: top structuralObjectClass: groupOfUniqueNames entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759 creatorsName: cn=Manager,dc=mydomain,dc=com createTimestamp: 20110506070135Z entryCSN: 20110506070135.425379Z#000000#000#000000 modifiersName: cn=Manager,dc=mydomain,dc=com modifyTimestamp: 20110506070135Z ------------------------------------------------------- when I tried to fire slapadd ldap utility. following utility hand for infinite time. i had set max debug level( -d -1) for finding root cause. $ /usr/local/sbin/slapadd -v -d -1 -c -l mydata.ldif -f /usr/local/etc/openldap/slapd.conf -------------------------------------------------------- slapadd startup: initiated. backend_startup_one: starting "dc=mydomain,dc=com" bdb_db_open: "dc=mydomain,dc=com" bdb_db_open: database "dc=mydomain,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "dc=mydomain,dc=com": dbenv_open(/var/lib/ldap). bdb_monitor_db_open: monitoring disabled; configure monitor database to enable => str2entry: "dn: cn=SMGOperator,dc=mydomain,dc=com description: SMG Operator for managing job types roleType: Common tenantId: Global cn: SMGOperator objectClass: groupOfUniqueNames objectClass: top structuralObjectClass: groupOfUniqueNames entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759 creatorsName: cn=Manager,dc=mydomain,dc=com createTimestamp: 20110506070135Z entryCSN: 20110506070135.425379Z#000000#000#000000 modifiersName: cn=Manager,dc=mydomain,dc=com modifyTimestamp: 20110506070135Z " >>> dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com> <<< dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>, <cn=smgoperator,dc=mydomain,dc=com> >>> dnPretty: <cn=Manager,dc=mydomain,dc=com> <<< dnPretty: <cn=Manager,dc=mydomain,dc=com> >>> dnNormalize: <cn=Manager,dc=mydomain,dc=com> <<< dnNormalize: <cn=manager,dc=mydomain,dc=com> >>> dnPretty: <cn=Manager,dc=mydomain,dc=com> <<< dnPretty: <cn=Manager,dc=mydomain,dc=com> >>> dnNormalize: <cn=Manager,dc=mydomain,dc=com> <<< dnNormalize: <cn=manager,dc=mydomain,dc=com> <= str2entry(cn=My Operator,dc=mydomain,dc=com) -> 0xb5e5be8 oc_check_required entry (cn=My Operator,dc=mydomain,dc=com), objectClass "groupOfUniqueNames" oc_check_allowed type "description" oc_check_allowed type "roleType" oc_check_allowed type "tenantId" oc_check_allowed type "cn" oc_check_allowed type "objectClass" oc_check_allowed type "structuralObjectClass" oc_check_allowed type "entryUUID" oc_check_allowed type "creatorsName" oc_check_allowed type "createTimestamp" oc_check_allowed type "entryCSN" oc_check_allowed type "modifiersName" oc_check_allowed type "modifyTimestamp" => bdb_tool_entry_put( -1, "cn=My Operator,dc=mydomain,dc=com" ) => bdb_dn2id("dc=mydomain,dc=com") <= bdb_dn2id: got id=0x1 => bdb_dn2id("cn=myoperator,dc=mydomain,dc=com") ------------------------------------------------------------ and even after enabling -q option , it completes but ldap server would not be able to start. (-q : enable quick [fewer integrity checks mode] Does fewer consistency checks on the input data, and no consistency checks when writing the database. Improves the load time but if any errors or interruptions occur the resulting database will be unusable.) $ /usr/local/sbin/slapadd -v -d -1 -q -c -l mydata.ldif -f /usr/local/etc/openldap/slapd.conf ------------------------------------------------------------- slapadd startup: initiated. backend_startup_one: starting "dc=dmbsso,dc=com" bdb_db_open: "dc=dmbsso,dc=com" bdb_db_open: database "dc=dmbsso,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "dc=dmbsso,dc=com": dbenv_open(/var/lib/ldap). bdb(dc=dmbsso,dc=com): recovery requires transaction support bdb_db_open: database "dc=dmbsso,dc=com" cannot be recovered, err 22. Restore from backup! ====> bdb_cache_release_all backend_startup_one (type=bdb, suffix="dc=dmbsso,dc=com"): bi_db_open failed! (22) slap_startup failed. -------------------------------------------------------------- even I am face with ldap utility slapcat, after firing it hanged up for infinite. It seems , there are some problem with ldif file, but this ldif file works well on other hosts (having same schema and molules and ldap configuration). We are facing this issue intermittently on some hosts, works well on some hosts(all are CentOS 5.5). is there some wrong in my understanding? Am I missing some thing in my configuration ? Is anyboby able to find root cause ? Eagerly waiting for your response. I can provide more like ldap log , ldap configuration (if that can help in debugging the issue) We are passing through very critical time. Regards, Sanjiv Singh Software Engineer (iLabs) Impetus Infotech (India) Pvt. Ltd. D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.com

1 0

(ITS#7067) openldap not properly starting
by sanjiv.is.on＠gmail.com 20 Oct '11

20 Oct '11

Full_Name: Sanjiv Singh Version: 2.4.20 OS: centOS 5.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (115.113.49.98) Hi all, I am facing openldap issue, facing problem during operation with openldap utilities. slapadd,ldapsearch and slapcat etc. I have installed & configure openldap 2.4.20 from source. enable debugginf level -1(max debug level). here is my LDIF that i want to add to my ldap server. mydata.ldif ------------------------------------------------------ dn: cn=My Operator,dc=mydomain ,dc=com description: My Operator for managing job types roleType: Common tenantId: Global cn: My Operator objectClass: groupOfUniqueNames objectClass: top structuralObjectClass: groupOfUniqueNames entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759 creatorsName: cn=Manager,dc=mydomain,dc=com createTimestamp: 20110506070135Z entryCSN: 20110506070135.425379Z#000000#000#000000 modifiersName: cn=Manager,dc=mydomain,dc=com modifyTimestamp: 20110506070135Z ------------------------------------------------------- when I tried to fire slapadd ldap utility. following utility hand for infinite time. i had set max debug level( -d -1) for finding root cause. $ /usr/local/sbin/slapadd -v -d -1 -c -l mydata.ldif -f /usr/local/etc/openldap/slapd.conf -------------------------------------------------------- slapadd startup: initiated. backend_startup_one: starting "dc=mydomain,dc=com" bdb_db_open: "dc=mydomain,dc=com" bdb_db_open: database "dc=mydomain,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "dc=mydomain,dc=com": dbenv_open(/var/lib/ldap). bdb_monitor_db_open: monitoring disabled; configure monitor database to enable => str2entry: "dn: cn=SMGOperator,dc=mydomain,dc=com description: SMG Operator for managing job types roleType: Common tenantId: Global cn: SMGOperator objectClass: groupOfUniqueNames objectClass: top structuralObjectClass: groupOfUniqueNames entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759 creatorsName: cn=Manager,dc=mydomain,dc=com createTimestamp: 20110506070135Z entryCSN: 20110506070135.425379Z#000000#000#000000 modifiersName: cn=Manager,dc=mydomain,dc=com modifyTimestamp: 20110506070135Z " >>> dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com> <<< dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>, <cn=smgoperator,dc=mydomain,dc=com> >>> dnPretty: <cn=Manager,dc=mydomain,dc=com> <<< dnPretty: <cn=Manager,dc=mydomain,dc=com> >>> dnNormalize: <cn=Manager,dc=mydomain,dc=com> <<< dnNormalize: <cn=manager,dc=mydomain,dc=com> >>> dnPretty: <cn=Manager,dc=mydomain,dc=com> <<< dnPretty: <cn=Manager,dc=mydomain,dc=com> >>> dnNormalize: <cn=Manager,dc=mydomain,dc=com> <<< dnNormalize: <cn=manager,dc=mydomain,dc=com> <= str2entry(cn=My Operator,dc=mydomain,dc=com) -> 0xb5e5be8 oc_check_required entry (cn=My Operator,dc=mydomain,dc=com), objectClass "groupOfUniqueNames" oc_check_allowed type "description" oc_check_allowed type "roleType" oc_check_allowed type "tenantId" oc_check_allowed type "cn" oc_check_allowed type "objectClass" oc_check_allowed type "structuralObjectClass" oc_check_allowed type "entryUUID" oc_check_allowed type "creatorsName" oc_check_allowed type "createTimestamp" oc_check_allowed type "entryCSN" oc_check_allowed type "modifiersName" oc_check_allowed type "modifyTimestamp" => bdb_tool_entry_put( -1, "cn=My Operator,dc=mydomain,dc=com" ) => bdb_dn2id("dc=mydomain,dc=com") <= bdb_dn2id: got id=0x1 => bdb_dn2id("cn=myoperator,dc=mydomain,dc=com") ------------------------------------------------------------ and even after enabling -q option , it completes but ldap server would not be able to start. (-q : enable quick [fewer integrity checks mode] Does fewer consistency checks on the input data, and no consistency checks when writing the database. Improves the load time but if any errors or interruptions occur the resulting database will be unusable.) $ /usr/local/sbin/slapadd -v -d -1 -q -c -l mydata.ldif -f /usr/local/etc/openldap/slapd.conf ------------------------------------------------------------- slapadd startup: initiated. backend_startup_one: starting "dc=dmbsso,dc=com" bdb_db_open: "dc=dmbsso,dc=com" bdb_db_open: database "dc=dmbsso,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "dc=dmbsso,dc=com": dbenv_open(/var/lib/ldap). bdb(dc=dmbsso,dc=com): recovery requires transaction support bdb_db_open: database "dc=dmbsso,dc=com" cannot be recovered, err 22. Restore from backup! ====> bdb_cache_release_all backend_startup_one (type=bdb, suffix="dc=dmbsso,dc=com"): bi_db_open failed! (22) slap_startup failed. -------------------------------------------------------------- even I am face with ldap utility slapcat, after firing it hanged up for infinite. It seems , there are some problem with ldif file, but this ldif file works well on other hosts (having same schema and molules and ldap configuration). We are facing this issue intermittently on some hosts, works well on some hosts(all are CentOS 5.5). is there some wrong in my understanding? Am I missing some thing in my configuration ? Is anyboby able to find root cause ? Eagerly waiting for your response. I can provide more like ldap log , ldap configuration (if that can help in debugging the issue) We are passing through very critical time. Regards, Sanjiv Singh Software Engineer (iLabs) Impetus Infotech (India) Pvt. Ltd. D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.com

1 0

Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
by ondrej.kuznik＠acision.com 19 Oct '11

19 Oct '11

On 07/07/2011 03:26 PM, ondrej.kuznik(a)acision.com wrote: > ftp://ftp.openldap.org/incoming/ondrej-kuznik-20110707.c > has an example of such overlay. To try it, initialize the overlay and > add these entries: > > dn: olcTestAttrOne=zero,$OVERLAY_DN > objectclass: olcTestOne > > dn: olcTestAttrTwo=one,$OVERLAY_DN > objectclass: olcTestTwo > > dn: olcTestAttrOne=two,$OVERLAY_DN > objectclass: olcTestOne > > dn: olcTestAttrTwo=three,$OVERLAY_DN > objectclass: olcTestTwo > > After a restart compare the output of slapcat -n0 with the output of > ldapsearch -b cn=config, you should see at least one different entry. > You might also try to modify the entries before and after the restart. > For those that do not match you get "no such object" as the dn is no > longer in the ldif database. The issue is in bconfig.c:4726, the code treats all siblings as part of one ordering (contrary to what http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html implies since cn=config seems to treat everything as X-ORDERED 'SIBLINGS'), while back-ldif orders them accordingly. Also its caller (config_ldif_resp) does not expect any reordering to be necessary, after all it should be (and is) reading a valid cn=config db, so the entry renaming then never gets propagated to back-ldif causing this desync. -- Ondrej Kuznik This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

1 0

(ITS#7066) ACL added to back-config only active after restart
by rhafer＠suse.de 18 Oct '11

18 Oct '11

Full_Name: Ralf Haferkamp Version: RE24, master OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.171.158) The first ACL added to "olcDatabase={0}config,cn=config" does only get active after slapd is restarted. This is because slapd upon startup creates a hardcoded deny-everything ACL when no ACL is defined explicitly for the database. ACLs added after slapd is started will be appended to that hardcoded ACL (but never evaluated as the hardcoded one already matches everything). I am working on a fix, reworking the way how the hardcoded default ACL for olcDatabase={0}config,cn=config is applied.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2011