openldap-bugs February 2011

openldap-bugs@openldap.org

35 participants
158 discussions

Re: (ITS#6838) TLS client will not accept certificate for 'localhost'
by hyc＠symas.com 17 Feb '11

17 Feb '11

andrew.findlay(a)skills-1st.co.uk wrote: > Full_Name: Andrew Findlay > Version: 2.4.24 > OS: OpenSuSE 11.3 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (88.97.25.132) > > > For various test and teaching purposes I have a set of OpenLDAP configs that run > small servers intended for local access only. As I run these on a wide variety > of machines and also give them to students to run on their own machines, all the > LDAP clients are set up … [View More]

1 0

Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL
by hyc＠symas.com 17 Feb '11

17 Feb '11

andrew.findlay(a)skills-1st.co.uk wrote: > Full_Name: Andrew Findlay > Version: 2.4.24 > OS: OpenSuSE 11.3 > URL: ftp://ftp.openldap.org/incoming/afindlay-slapi-doc-patch-20110217a > Submission from: (NULL) (88.97.25.132) > > > This documentation patch affects the Admin Guide and one manpage. > It gives information about the ldapi: transport and the use of SASL EXTERNAL > with it. > The SASL EXTERNAL section also contains a small expansion on the use of TLS. … [View More]

1 0

(ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL
by andrew.findlay＠skills-1st.co.uk 17 Feb '11

17 Feb '11

Full_Name: Andrew Findlay Version: 2.4.24 OS: OpenSuSE 11.3 URL: ftp://ftp.openldap.org/incoming/afindlay-slapi-doc-patch-20110217a Submission from: (NULL) (88.97.25.132) This documentation patch affects the Admin Guide and one manpage. It gives information about the ldapi: transport and the use of SASL EXTERNAL with it. The SASL EXTERNAL section also contains a small expansion on the use of TLS.

1 0

(ITS#6838) TLS client will not accept certificate for 'localhost'
by andrew.findlay＠skills-1st.co.uk 17 Feb '11

17 Feb '11

Full_Name: Andrew Findlay Version: 2.4.24 OS: OpenSuSE 11.3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.97.25.132) For various test and teaching purposes I have a set of OpenLDAP configs that run small servers intended for local access only. As I run these on a wide variety of machines and also give them to students to run on their own machines, all the LDAP clients are set up to access the servers via the loopback interface: typically ldap://localhost:1389/ Some of the … [View More]

1 0

(ITS#6837) slapd doesn't start anymore after adding olcChainDatabase
by rhafer＠suse.de 17 Feb '11

17 Feb '11

Full_Name: Ralf Haferkamp Version: RE24, HEAD OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (89.166.243.151) After adding the following LDIF to cn=config (via ldapadd), slapd does not start anymore: ------------------------------------ dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectclass: olcChainConfig dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectclass: olcLDAPConfig objectclass: olcChainDatabase olcDbUri: ldap://… [View More]

1 0

Re: (ITS#6831) Proxycache database corruption
by ryans＠aweber.com 17 Feb '11

17 Feb '11

I believe this may be the same issue as in #6217, given this behavior with two users which have the same objectclasses, same attributes, and differ only in the attribute values (e.g., their name, phone number, and so on): The initial query, where one entry doesn't get returned as it should: ===================================================================== bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomEmployee)(objectClass=… [View More]

1 0

Re: (ITS#6217) proxycache not returning cached data
by ryans＠aweber.com 17 Feb '11

17 Feb '11

hyc(a)symas.com wrote: > > ryans(a)aweber.com wrote: > > I am experiencing what appears to be the same issue, and opened a > > ticket - http://www.openldap.org/its/index.cgi?findid=6831 - > > because this one did not pop up when I searched for existing ITS's > > (perhaps my search terms did not match or I just overlooked it). > > As I mentioned in the ticket I opened, this is not a schema issue; > > all the schema match on every server, and if that were … [View More]the problem, > > none of the users would be served properly. What I found is that > > the keys that proxycache was looking for did not exist in the bdb > > it was searching. Why exactly that is, I'm not sure. Hopefully > > the information I provided in that ITS (or, perhaps some additional > > debugging information - gdb output or copies of databases exhibiting > > the problem) will help shed some light. If it is indeed the same > > issue, I'm all for coalescing the two. I have tested this all the > > way up through 2.4.23, and there are no commits to pcache.c or > > back-ldap/search.c since 2.4.23 was released that addresses this problem. > > Since you are not having the objectclass-related problem described in this > ticket it is not the same issue. Actually, having just tested that theory, I think my problem is actually objectclass-related, because it seems that it only happens when the objectClass attribute is included in the filter, and I can get different results by swapping the order of the filter components. Consider these two users, who have the same objectclasses, same attributes, and differ only in the attribute values (e.g., their name, phone number, and so on): bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomEmployee)(objectClass=examplecomUtilityUser))(uid=jdoe1))' uid dn: uid=jdoe1,ou=Users,dc=example,dc=com uid: jdoe1 bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomEmployee)(objectClass=examplecomUtilityUser))(uid=jdoe2))' uid So, one entry doesn't get returned when it should. If I reverse the filter, I get the expected results: bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomUtilityUser)(objectClass=examplecomEmployee))(uid=jdoe1))' uid dn: uid=jdoe1,ou=Users,dc=example,dc=com uid: jdoe1 bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomUtilityUser)(objectClass=examplecomEmployee))(uid=jdoe2))' uid dn: uid=jdoe2,ou=Users,dc=example,dc=com uid: jdoe2 Furthermore, if I now try the first query again, it too works: bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomEmployee)(objectClass=examplecomUtilityUser))(uid=jdoe1))' uid dn: uid=jdoe1,ou=Users,dc=example,dc=com uid: jdoe1 bash:~# ldapsearch -x -H ldaps://localhost -LLL -b ou=Users,dc=example,dc=com '(&(|(objectClass=examplecomEmployee)(objectClass=examplecomUtilityUser))(uid=jdoe2))' uid dn: uid=jdoe2,ou=Users,dc=example,dc=com uid: jdoe2 And, like Jim, I already have the patch for ITS#5756 applied in 2.4.17, 2.4.21, and 2.4.23. I can give you an example database exhibiting this behavior, if you like? [View Less]

1 0

Re: (ITS#6740) syncrepl/--disable-rewrite dependency
by h.b.furuseth＠usit.uio.no 17 Feb '11

17 Feb '11

Howard Chu writes: > Agreed. I'm fine with dropping this configure switch and unifdef'ing it so > that librewrite is always used. Built unless --disable-slapd, I think. It is not installed, and the other libraries do not use it. -- Hallvard

1 0

(ITS#6836) Conversion to cn=config needs more detail
by andrew.findlay＠skills-1st.co.uk 17 Feb '11

17 Feb '11

Full_Name: Andrew Findlay Version: 2.4.24 OS: OpenSuSE 11.3 URL: ftp://ftp.openldap.org/incoming/afindlay-slapdconf2.sdf.20110216.diff Submission from: (NULL) (88.97.25.132) Admin Guide Section 5.4. "Converting old style slapd.conf(5) file to cn=config format" suggests that it is enough to run a slapd tool with both -f and -F options to perform this conversion. While strictly true, this will almost certainly result in an un-manageable server because there is no rootPW set for cn=config. The … [View More]

1 0

Re: (ITS#6834) Conversion to cn=config needs more detail
by andrew.findlay＠skills-1st.co.uk 17 Feb '11

17 Feb '11

On Wed, Feb 16, 2011 at 03:44:28PM -0800, Howard Chu wrote: > >It would also be useful to copy the config database clause from > >slapd-config(5) into the example in the Admin Guide: > > > > # set a rootpw for the config database so we can bind. > > # deny access to everyone else. > > dn: olcDatabase=config,cn=config > > objectClass: olcDatabaseConfig > > olcDatabase: config &… [View More]

1 0

← Newer
1
2
3
4
5
6
7
8
9
...
16
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2011