Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
by hyc@symas.com
Ondrej Kuznik wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/12/2012 12:27 PM, hyc(a)symas.com wrote:
>> This ITS still appears to me to be invalid. bconfig treats all siblings *of
>> the same type* as a single ordering. Your demonstration code is claiming your
>> entries are all of the same type, even though they aren't. I.e., all entries
>> in cn=config of a given type have only one distinguished naming attribute. You
>> have used olcTestAttrOne and olcTestAttrTwo for the same type, so cn=config
>> doesn't distinguish them in its sort order.
>
> I tried implementing a check for Cft_Misc that considers only siblings
> of the same distinguished naming attribute:
> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987.patch
I've committed a cleaned up version of this patch to git master. Thanks for
the patch.
>
> During an IRC conversation in January you suggested not renumbering
> Cft_Misc entries at all, like the patch below. Such a change might
> however affect other overlays since captive backends seem to be regarded
> as Cft_Misc entries too, based on my tests with it:
> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987-no-renumb...
Decided we don't know enough about how Cft_misc entries will be used in the
future to take this approach.
>
> The attached file is derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Acision. Acision has not assigned rights
> and/or interest in this work to any party. I, Ondrej Kuznik am
> authorized by Acision, my employer, to release this work under the
> following terms.
>
> The attached modifications to OpenLDAP Software are subject to the
> following notice:
> Copyright 2012 Acision
> Redistribution and use in source and binary forms, with or without
> modification, are permitted only as authorized by the OpenLDAP Public
> License.
>
> - --
> Ondrej Kuznik
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9aHu0ACgkQ9GWxeeH+cXvpGgCeN5iMhB6iyq3MjFJVx45AWmX+
> uykAnjidKeewlH1EhlBBr+BTFgxZNodM
> =+FEP
> -----END PGP SIGNATURE-----
>
> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
Re: (ITS#7215) Configuration Bug of index_substr_if_{max, min}len
by h.b.furuseth@usit.uio.no
On Mon, 26 Mar 2012 19:16:11 GMT, tixu(a)cs.ucsd.edu wrote:
> just set the following two lines in the beginning of the slapd.conf,
>
> index_substr_if_maxlen 100
> index_substr_if_minlen 5
>
> slapd starts without a warning and can serve requests.
That's not the example you gave in last message.
The error message should be more helpful: If you want minlen that
big, you have to set maxlen first.
Except, this can still break cn=config replication: Either setting
this configuration or reverting to the old one will not work. I
don't know if cn=config supports delaying this check until the
entire new entry is available, and reverting if the check fails?
--
Hallvard
11 years, 6 months
Re: (ITS#7215) Configuration Bug of index_substr_if_{max, min}len
by tixu@cs.ucsd.edu
--000325575576f2e15a04bc2a31c8
Content-Type: text/plain; charset=ISO-8859-1
hmmm... I have to say I can replay it every time.
just set the following two lines in the beginning of the slapd.conf,
index_substr_if_maxlen 100
index_substr_if_minlen 5
slapd starts without a warning and can serve requests.
T
On Mon, Mar 26, 2012 at 2:43 AM, Howard Chu <hyc(a)symas.com> wrote:
> tixu(a)cs.ucsd.edu wrote:
>
>> Full_Name: Tianyin Xu
>> Version: 2.4.30
>> OS: Ubuntu Linux 10.04
>> URL: ftp://ftp.openldap.org/**incoming/<ftp://ftp.openldap.org/incoming/>
>> Submission from: (NULL) (128.54.167.68)
>>
>>
>> 1. Symptom:
>>
>> In the main configuration file of OpenLDAP (slapd.conf), set the following
>> configuration:
>>
>> index_substr_if_minlen 100
>> index_substr_if_maxlen 5
>>
>> Then, everything is fine. The system behaves as expectation. However, if
>> reverse
>> the order of the two configuration line as follows:
>>
>> index_substr_if_maxlen 5
>> index_substr_if_minlen 100
>>
>> Then, the system refused to start, with the following misleading message:
>>
>> Mar 25 21:29:18 tianyin-desktop slapd[12700]:
>> /home/tianyin/openldap-2.4.30/**etc/openldap/slapd.conf: line 1:
>> <index_substr_if_minlen> invalid value (5)
>>
>
> Unable to reproduce this symptom. In both cases I get
>
> testrun/slapd.1.conf: line 31: <index_substr_if_minlen> invalid value (100)
>
> Closing this ITS.
>
>
>> ------------------------------**---------------------------
>>
>> 2. Root cause in terms of code snippet
>>
>> (1) servers/slapd/slap.h
>>
>> #define SLAP_INDEX_SUBSTR_IF_MINLEN_**DEFAULT 2
>> #define SLAP_INDEX_SUBSTR_IF_MAXLEN_**DEFAULT 4
>>
>> (2) servers/slapd/schema_init.c
>>
>> unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_**
>> DEFAULT;
>> unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_**
>> DEFAULT;
>>
>> (3) servers/slapd/bconfig.c
>>
>> case CFG_SSTR_IF_MAX:
>> if (c->value_uint< index_substr_if_minlen) {
>> snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s> invalid value",
>> c->argv[0]);
>> Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg,
>> c->value_int);
>> return(1);
>> }
>> index_substr_if_maxlen = c->value_uint;
>> break;
>>
>> case CFG_SSTR_IF_MIN:
>> if (c->value_uint> index_substr_if_maxlen) {
>> snprintf(c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value",
>> c->argv[0]);
>> Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg,
>> c->value_int
>> );
>> return(1);
>> }
>> index_substr_if_minlen = c->value_uint;
>> break;
>>
>> (4) backtrace
>>
>> #0 config_generic (c=0x915760) at bconfig.c:1996
>> #1 0x0000000000433a00 in config_set_vals (Conf=0x8146c0, c=0x915760) at
>> config.c:345
>> #2 0x0000000000433f5f in config_add_vals (Conf=0x8146c0, c=0x915760) at
>> config.c:418
>> #3 0x00000000004351b3 in read_config_file (fname=0x5a0a98
>> "/home/tianyin/openldap-2.4.**30/etc/openldap/slapd.conf", depth=0,
>> cf=0x0,
>> cft=0x8140c0) at config.c:783
>> #4 0x000000000042846b in read_config (fname=0x0, dir=0x0) at
>> bconfig.c:4213
>> #5 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792
>>
>> ------------------------------**---------------------------
>>
>> It's quite clear that the order matters, and this should be a bug related
>> to
>> configuration.
>>
>> Thanks,
>> Tianyin
>>
>>
>>
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/**project/<http://www.openldap.org/project/>
>
--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/
--000325575576f2e15a04bc2a31c8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
hmmm... I have to say I can replay it every time.<div><br></div><div>just s=
et the following two lines in the beginning of the slapd.conf,</div><div><b=
r></div><div><div>index_substr_if_maxlen 100</div><div>index_substr_if_minl=
en 5</div>
<div><br></div><div>slapd starts without a warning and can serve requests.<=
/div><div><br></div><div>T</div>
<div><br></div><br><div class=3D"gmail_quote">On Mon, Mar 26, 2012 at 2:43 =
AM, Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com" targe=
t=3D"_blank">hyc(a)symas.com</a>></span> wrote:<br><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">
<div><a href=3D"mailto:tixu@cs.ucsd.edu" target=3D"_blank">tixu(a)cs.ucsd.edu=
</a> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Full_Name: Tianyin Xu<br>
Version: 2.4.30<br>
OS: Ubuntu Linux 10.04<br>
URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ftp://f=
tp.openldap.org/<u></u>incoming/</a><br>
Submission from: (NULL) (128.54.167.68)<br>
<br>
<br>
1. Symptom:<br>
<br>
In the main configuration file of OpenLDAP (slapd.conf), set the following<=
br>
configuration:<br>
<br>
index_substr_if_minlen 100<br>
index_substr_if_maxlen 5<br>
<br>
Then, everything is fine. The system behaves as expectation. However, if re=
verse<br>
the order of the two configuration line as follows:<br>
<br>
index_substr_if_maxlen 5<br>
index_substr_if_minlen 100<br>
<br>
Then, the system refused to start, with the following misleading message:<b=
r>
<br>
Mar 25 21:29:18 tianyin-desktop slapd[12700]:<br>
/home/tianyin/openldap-2.4.30/<u></u>etc/openldap/slapd.conf: line 1:<br>
<index_substr_if_minlen> =A0invalid value (5)<br>
</blockquote>
<br></div>
Unable to reproduce this symptom. In both cases I get<br>
<br>
testrun/slapd.1.conf: line 31: <index_substr_if_minlen> invalid value=
(100)<br>
<br>
Closing this ITS.<div><div><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<br>
------------------------------<u></u>---------------------------<br>
<br>
2. Root cause in terms of code snippet<br>
<br>
(1) servers/slapd/slap.h<br>
<br>
#define SLAP_INDEX_SUBSTR_IF_MINLEN_<u></u>DEFAULT =A0 =A0 2<br>
#define SLAP_INDEX_SUBSTR_IF_MAXLEN_<u></u>DEFAULT =A0 =A0 4<br>
<br>
(2) servers/slapd/schema_init.c<br>
<br>
unsigned int index_substr_if_minlen =3D SLAP_INDEX_SUBSTR_IF_MINLEN_<u></u>=
DEFAULT;<br>
unsigned int index_substr_if_maxlen =3D SLAP_INDEX_SUBSTR_IF_MAXLEN_<u></u>=
DEFAULT;<br>
<br>
(3) servers/slapd/bconfig.c<br>
<br>
case CFG_SSTR_IF_MAX:<br>
=A0 =A0 if (c->value_uint< =A0index_substr_if_minlen) {<br>
=A0 =A0 =A0 =A0 snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s&=
gt; =A0invalid value",<br>
c->argv[0]);<br>
=A0 =A0 =A0 =A0 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log=
, c->cr_msg,<br>
c->value_int);<br>
=A0 =A0 =A0 =A0 return(1);<br>
=A0 =A0 }<br>
=A0 =A0 index_substr_if_maxlen =3D c->value_uint;<br>
=A0 =A0 break;<br>
<br>
case CFG_SSTR_IF_MIN:<br>
=A0 =A0 if (c->value_uint> =A0index_substr_if_maxlen) {<br>
=A0 =A0 =A0 =A0 snprintf(c->cr_msg, sizeof( c->cr_msg ), "<%=
s> =A0invalid value",<br>
c->argv[0]);<br>
=A0 =A0 =A0 =A0 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log=
, c->cr_msg, c->value_int<br>
);<br>
=A0 =A0 =A0 =A0 return(1);<br>
=A0 =A0 }<br>
=A0 =A0 index_substr_if_minlen =3D c->value_uint;<br>
=A0 =A0 break;<br>
<br>
(4) backtrace<br>
<br>
#0 =A0config_generic (c=3D0x915760) at bconfig.c:1996<br>
#1 =A00x0000000000433a00 in config_set_vals (Conf=3D0x8146c0, c=3D0x915760)=
at<br>
config.c:345<br>
#2 =A00x0000000000433f5f in config_add_vals (Conf=3D0x8146c0, c=3D0x915760)=
at<br>
config.c:418<br>
#3 =A00x00000000004351b3 in read_config_file (fname=3D0x5a0a98<br>
"/home/tianyin/openldap-2.4.<u></u>30/etc/openldap/slapd.conf", d=
epth=3D0, cf=3D0x0,<br>
cft=3D0x8140c0) at config.c:783<br>
#4 =A00x000000000042846b in read_config (fname=3D0x0, dir=3D0x0) at bconfig=
.c:4213<br>
#5 =A00x000000000041c217 in main (argc=3D1, argv=3D0x7fffffffe2f8) at main.=
c:792<br>
<br>
------------------------------<u></u>---------------------------<br>
<br>
It's quite clear that the order matters, and this should be a bug relat=
ed to<br>
configuration.<br>
<br>
Thanks,<br>
Tianyin<br>
<br>
<br>
</blockquote>
<br>
<br></div></div><span><font color=3D"#888888">
-- <br>
=A0-- Howard Chu<br>
=A0CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.symas.com" t=
arget=3D"_blank">http://www.symas.com</a><br>
=A0Director, Highland Sun =A0 =A0 <a href=3D"http://highlandsun.com/hyc/" =
target=3D"_blank">http://highlandsun.com/hyc/</a><br>
=A0Chief Architect, OpenLDAP =A0<a href=3D"http://www.openldap.org/project=
/" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br>
</font></span></blockquote></div><br><br clear=3D"all"><div><br></div>-- <b=
r><span style=3D"text-indent:0px;letter-spacing:normal;font-variant:normal;=
text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:no=
rmal;border-collapse:separate;text-transform:none;font-size:medium;white-sp=
ace:normal;font-family:'Times New Roman';word-spacing:0px"><span st=
yle=3D"color:rgb(102,102,102);font-family:arial;font-size:small">Tianyin XU=
,<br>
<a href=3D"http://cseweb.ucsd.edu/%7Etixu/" target=3D"_blank">http://cseweb=
.ucsd.edu/~tixu/</a></span></span><br>
</div>
--000325575576f2e15a04bc2a31c8--
11 years, 6 months
Re: (ITS#7213) back-mdb corruption with quickmode
by hyc@symas.com
quanah(a)zimbra.com wrote:
> --On Wednesday, March 21, 2012 1:41 AM +0000 quanah(a)OpenLDAP.org wrote:
>
>> Full_Name: Quanah Gibson-Mount
>> Version: 2.4.30
>> OS: Linux 2.6
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (75.108.184.39)
>>
>>
>> Using quickmode with slapadd can result in a corrupt database.
Fixed in git master
>>
>
> zimbra@zqa-067:~$ /opt/zimbra/openldap/sbin/slapadd -q -F
> /opt/zimbra/data/ldap/config -b '' -l /opt/zimbra/data/ldap/ldap.80
> _#################### 100.00% eta none elapsed none fast!
> Closing DB...
> zimbra@zqa-067:~$ ldap start
> Started slapd: pid 27998
> zimbra@zqa-067:~$ ./libexec/zmslapcat /tmp
> # no data for entry id=00000024
>
> No issue when you don't use -q:
>
> /opt/zimbra/openldap/sbin/slapadd -F /opt/zimbra/data/ldap/config -b '' -l
> /opt/zimbra/data/ldap/ldap.80
> _#################### 100.00% eta none elapsed none fast!
> Closing DB...
> zimbra@zqa-067:~$ ldap start
> Started slapd: pid 30573
> zimbra@zqa-067:~$ ./libexec/zmslapcat /tmp
> zimbra@zqa-067:~$
>
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
(ITS#7217) libperl-dev check is missing in configure
by robert.eikermann@rwth-aachen.de
Full_Name: Robert Eikermann
Version: 2.4.30
OS: Ubuntu 11.10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (137.226.168.117)
Hi,
"configure" checked a lot libraries in my system, but not libperl-dev the error
(/usr/bin/ld: cannot find -lperl) appears first when I was compiling openldap.
sudo apt-get install libperl-dev helped.
11 years, 6 months
Re: (ITS#7207) Re-binding to a failed connection segfaults
by hyc@symas.com
jsynacek(a)redhat.com wrote:
> Full_Name: Jan Synacek
> Version: 2.4.30
> OS: Fedora 16
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (209.132.186.34)
>
>
> I've created a small reproducer, that calls ldap_sasl_interactive_bind_s after
> it has been called once and failed, which causes a segfault.
Fixed now in git master, thanks for the report.
>
> I've traced this bug with gdb:
> $ gdb ./reproducer
>
> GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16)
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later<http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from
> /home/jsynacek/work/bz784989-openldap-rebinding/reproducer...done.
> (gdb) r
> Starting program: /home/jsynacek/work/bz784989-openldap-rebinding/reproducer
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> ldap_sasl_interactive_bind: user selected: GSSAPI
> ldap_int_sasl_bind: GSSAPI
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP localhost:636
> ldap_new_socket: 7
> ldap_prepare_socket: 7
> ldap_connect_to_host: Trying ::1 636
> ldap_pvt_connect: fd: 7 tm: -1 async: 0
> TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory
> TLS: error: connect - force handshake failure: errno 21 - moznss error -5938
> TLS: can't connect: TLS error -5938:Encountered end of file.
> ldap_msgfree
> ldap_err2string
> bind failed: Can't contact LDAP server, retrying for fun and profit!
> ldap_sasl_interactive_bind: user selected: GSSAPI
> ldap_int_sasl_bind: GSSAPI
>
> Program received signal SIGSEGV, Segmentation fault.
> ldap_int_sasl_bind (ld=0x603130, dn=0x0, mechs=0x401a30 "GSSAPI", sctrls=0x0,
> cctrls=0x0, flags=1,
> interact=0x401660<lutil_sasl_interact>, defaults=0x60cae0, result=0x0,
> rmech=0x7fffffffd878,
> msgid=0x7fffffffd88c) at ../../../libraries/libldap/cyrus.c:444
> 444 oldctx = ld->ld_defconn->lconn_sasl_authctx;
> (gdb) p ld->ldc->ldc_defconn
> $1 = (LDAPConn *) 0x0
>
> If you set slapd to use TLS certs (uncomment the 'TLS*' lines in the config),
> there is no segfault.
>
> The reproducer and the config can be found here:
> URL1: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/reproducer.c
> URL2: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/cn=config.ldif
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
Re: (ITS#7205) olcSuffix does not support modifications
by hyc@symas.com
elecharny(a)apache.org wrote:
> Full_Name: Emmanuel Lecharny
> Version: 2.4.24
> OS: Ubuntu
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (78.226.4.211)
>
>
> The olcSuffix AT, which is not declared as SINGLE-VALUED, does not support more
> than one value. Per se, the definition of this AT should be explicit about it.
No. The attribute is not single-valued, but individual backend implementations
may only allow a single suffix.
> However, this is not the main issue.
>
> Trying to modify its value using such a LDIF file :
>
> dn: olcDatabase={3}ldif,cn=config
> changetype: modify
> delete: olcSuffix
> olcSuffix: cn=test2
> -
> add: olcSuffix
> olcSuffix: cn=test3
> -
>
> leads to an error :
> #!ERROR [LDAP: error code 80 -<olcSuffix> Only one suffix is allowed on this
> ldif backend]
>
> It seems that there is an internal check that is done to insure that the
> olcSuffix does not contain more than one value, bypassing the AT definition, and
> that this check is not correctly done when a modify operation is sent.
Thanks for the report, now fixed in master.
>
> Deleting the olcSuffix AT and injcting a new one works.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
Re: (ITS#7214) Openldap contextCSN issue on seconday ldap server
by hyc@symas.com
pawank.kamboj(a)gmail.com wrote:
> Full_Name: Pawan Kumar
> Version: openldap-2.3.32
> OS: CentOS release 4.5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (14.140.116.135)
>
>
That release is over 5 years old and the Project stopped supporting it years
ago. If you require support on this release contact your distribution
provider. Otherwise, upgrade to a current release (2.4.30 is latest).
> Hi,
> We are using openldap-2.3.32 on CentOS release 4.5(2.6.9-89.0.25.ELsmp).
> We have master-slave setup and we have two secondary ldap servers on which we
> are only replicating the one of our OU. We are not able see the contextCSN on
> secondary ldap servers. we are using the syncreplca(delta sync replication using
> accesslog.
> Below are the secondary slapd.conf replication section.
>
> syncrepl rid=111 provider=ldap://masterldapserver type=refreshAndPersist
> retry="60 10 300 +" searchbase="ou=people,dc=example,dc=co,dc=in"
> schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=co,dc=in"
> credentials=password logbase="cn=accesslog"
> logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog
>
> And how we can monitor ldap replication in that case where we are replicating
> only one OU from master ldap server?
>
> any quick response will be appreciated.
>
>
>
>
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
Re: (ITS#7215) Configuration Bug of index_substr_if_{max, min}len
by hyc@symas.com
tixu(a)cs.ucsd.edu wrote:
> Full_Name: Tianyin Xu
> Version: 2.4.30
> OS: Ubuntu Linux 10.04
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.54.167.68)
>
>
> 1. Symptom:
>
> In the main configuration file of OpenLDAP (slapd.conf), set the following
> configuration:
>
> index_substr_if_minlen 100
> index_substr_if_maxlen 5
>
> Then, everything is fine. The system behaves as expectation. However, if reverse
> the order of the two configuration line as follows:
>
> index_substr_if_maxlen 5
> index_substr_if_minlen 100
>
> Then, the system refused to start, with the following misleading message:
>
> Mar 25 21:29:18 tianyin-desktop slapd[12700]:
> /home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf: line 1:
> <index_substr_if_minlen> invalid value (5)
Unable to reproduce this symptom. In both cases I get
testrun/slapd.1.conf: line 31: <index_substr_if_minlen> invalid value (100)
Closing this ITS.
>
> ---------------------------------------------------------
>
> 2. Root cause in terms of code snippet
>
> (1) servers/slapd/slap.h
>
> #define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2
> #define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4
>
> (2) servers/slapd/schema_init.c
>
> unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT;
> unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
>
> (3) servers/slapd/bconfig.c
>
> case CFG_SSTR_IF_MAX:
> if (c->value_uint< index_substr_if_minlen) {
> snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s> invalid value",
> c->argv[0]);
> Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg,
> c->value_int);
> return(1);
> }
> index_substr_if_maxlen = c->value_uint;
> break;
>
> case CFG_SSTR_IF_MIN:
> if (c->value_uint> index_substr_if_maxlen) {
> snprintf(c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value",
> c->argv[0]);
> Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg, c->value_int
> );
> return(1);
> }
> index_substr_if_minlen = c->value_uint;
> break;
>
> (4) backtrace
>
> #0 config_generic (c=0x915760) at bconfig.c:1996
> #1 0x0000000000433a00 in config_set_vals (Conf=0x8146c0, c=0x915760) at
> config.c:345
> #2 0x0000000000433f5f in config_add_vals (Conf=0x8146c0, c=0x915760) at
> config.c:418
> #3 0x00000000004351b3 in read_config_file (fname=0x5a0a98
> "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0,
> cft=0x8140c0) at config.c:783
> #4 0x000000000042846b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213
> #5 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792
>
> ---------------------------------------------------------
>
> It's quite clear that the order matters, and this should be a bug related to
> configuration.
>
> Thanks,
> Tianyin
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months