(ITS#7205) olcSuffix does not support modifications
by elecharny@apache.org
Full_Name: Emmanuel Lecharny
Version: 2.4.24
OS: Ubuntu
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.226.4.211)
The olcSuffix AT, which is not declared as SINGLE-VALUED, does not support more
than one value. Per se, the definition of this AT should be explicit about it.
However, this is not the main issue.
Trying to modify its value using such a LDIF file :
dn: olcDatabase={3}ldif,cn=config
changetype: modify
delete: olcSuffix
olcSuffix: cn=test2
-
add: olcSuffix
olcSuffix: cn=test3
-
leads to an error :
#!ERROR [LDAP: error code 80 - <olcSuffix> Only one suffix is allowed on this
ldif backend]
It seems that there is an internal check that is done to insure that the
olcSuffix does not contain more than one value, bypassing the AT definition, and
that this check is not correctly done when a modify operation is sent.
Deleting the olcSuffix AT and injcting a new one works.
11 years, 6 months
(ITS#7204) test044-dynlist broken with --disable-monitor
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: 2.4->2.4.30
OS: Linux x86_64
URL:
Submission from: (NULL) (195.1.106.125)
Submitted by: hallvard
test044-dynlist uses olcDatabase={2}$BACKEND,cn=config.
This breaks when back-monitor is omitted as database {1}.
Fixing.
11 years, 6 months
(ITS#7203) approxIndexer should not return zero-length keys
by hyc@OpenLDAP.org
Full_Name: Howard Chu
Version: any
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.94.188.8)
Submitted by: hyc
The approxIndexer generates a key for every word in the input string. Short
words produce no actual key value, and leave a slot in the list of keys with
bv_len=0. These results should be omitted; the underlying database can't do
anything with zero length keys anyway.
11 years, 6 months
Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
by ondrej.kuznik@acision.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/12/2012 12:27 PM, hyc(a)symas.com wrote:
> This ITS still appears to me to be invalid. bconfig treats all siblings *of
> the same type* as a single ordering. Your demonstration code is claiming your
> entries are all of the same type, even though they aren't. I.e., all entries
> in cn=config of a given type have only one distinguished naming attribute. You
> have used olcTestAttrOne and olcTestAttrTwo for the same type, so cn=config
> doesn't distinguish them in its sort order.
I tried implementing a check for Cft_Misc that considers only siblings
of the same distinguished naming attribute:
ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987.patch
During an IRC conversation in January you suggested not renumbering
Cft_Misc entries at all, like the patch below. Such a change might
however affect other overlays since captive backends seem to be regarded
as Cft_Misc entries too, based on my tests with it:
ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987-no-renumb...
The attached file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Acision. Acision has not assigned rights
and/or interest in this work to any party. I, Ondrej Kuznik am
authorized by Acision, my employer, to release this work under the
following terms.
The attached modifications to OpenLDAP Software are subject to the
following notice:
Copyright 2012 Acision
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP Public
License.
- --
Ondrej Kuznik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9aHu0ACgkQ9GWxeeH+cXvpGgCeN5iMhB6iyq3MjFJVx45AWmX+
uykAnjidKeewlH1EhlBBr+BTFgxZNodM
=+FEP
-----END PGP SIGNATURE-----
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.
11 years, 6 months
(ITS#7202) slapo-memeberof crashing OL 2.4.30
by marco.pizzoli@gmail.com
Full_Name: Marco Pizzoli
Version: 2.4.30
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.174.164.11)
Hi, I'm facing crashes with openldap 2.4.30 (actually the RE24 of the day before
the release, but nothing changed in the meantime).
I have a consumer starting from scratch with an empty db. During his starting he
populates his db by connecting to 4 servers which are part of a 4-way
multi-master cluster. They are running a previous version of OpenLDAP.
We are doing an upgrade of our deployment just to solve an issue we face from
time to time consisting in data corruption.
This bug, which is not the target of this ITS, is able to trigger a crash of the
slave slapd 2.4.30.
During the first synchronization the consumer is receiving the entire db and I
can see on this slave, in the logs, coming two odd entries, like this one:
ldap15.log:Feb 28 15:45:02 ldap15 slapd[5219]: conn=-1 op=0:
memberof_value_modify DN="p?v#007" add
memberOf="cn=mynetbk,ou=allnetbk,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it"
failed err=32
and after that slapd crashes.
I produced a core dump and generated the full back trace. And I can see this is
due to slapo-memberof.
This is my memberof configuration:
overlay memberof
memberof-group-oc groupOfNames
memberof-member-ad member
memberof-memberof-ad memberOf
memberof-dn cn=Manager,dc=my_dc1,dc=my_dc2.it
memberof-dangling ignore
memberof-dangling-error 80
memberof-refint FALSE
Here is the output. As I said, this output is taken from a slapd 2.4.30. The
platform is Linux x86_64.
[ldap@ldap15 ~]$ gdb /opt/openldap/libexec/slapd /tmp/core.11359
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-48.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/openldap-PRE2.4.30/libexec/slapd...done.
[New Thread 11363]
[New Thread 11361]
[New Thread 11359]
[New Thread 11360]
[New Thread 11365]
[New Thread 11362]
[New Thread 11364]
Missing separate debuginfo for /opt/berkeleydb/lib/libdb-5.2.so
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/25/3444cedd507ae54ca793376010c027664ab639
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/29/1997818b36184bdbf6921e2b597f1d961122a4
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/87/d14b81be9ec6d6a7a515d61d8b15d4b9e9f439
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/d1/a0f526dbc9986c4c167ccc2d7f72496c16a8e5
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/ca/ba01f02f5db752891321c3a3a871b72d827634
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/72/29edebf6dad9245753fbca44c3395edfee0999
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/e9/1d213453b9bef5f9ff991e0cbba93114595cca
Missing separate debuginfo for /opt/openldap/libexec/openldap/lastbind.so.0
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/13/d1a7451281081ce9fcf0a3db11144b63819464
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/a3/c9c4184844cd493c88212b73f82893500554fb
Missing separate debuginfo for
/opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/5b/6df9a919708465a54252a0e5b402de239475d3
Missing separate debuginfo for
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install
/usr/lib/debug/.build-id/08/f634a1d22deff00461d50a7699dacdc97657bf
Reading symbols from /usr/lib64/libltdl.so.7...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libltdl.so.7
Reading symbols from /opt/berkeleydb/lib/libdb-5.2.so...(no debugging symbols
found)...done.
Loaded symbols for /opt/berkeleydb/lib/libdb-5.2.so
Reading symbols from /usr/lib64/perl5/CORE/libperl.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/perl5/CORE/libperl.so
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols
found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /usr/lib64/libodbc.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libodbc.so.2
Reading symbols from /usr/lib64/libicuuc.so.42...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libicuuc.so.42
Reading symbols from /usr/lib64/libicudata.so.42...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libicudata.so.42
Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /usr/lib64/libssl.so.10...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libssl.so.10
Reading symbols from /usr/lib64/libcrypto.so.10...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libcrypto.so.10
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libtcmalloc.so.0...done.
Loaded symbols for /usr/lib64/libtcmalloc.so.0
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libfreebl3.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libstdc++.so.6
Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgcc_s.so.1
Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /usr/lib64/libunwind.so.8...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/libunwind.so.8
Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnss_ldap.so.2
Reading symbols from /usr/lib64/sasl2/libsasldb.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/sasl2/libsasldb.so
Reading symbols from /lib64/libdb-4.7.so...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /usr/lib64/sasl2/libanonymous.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib64/sasl2/libanonymous.so
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2
Reading symbols from /opt/openldap/libexec/openldap/lastbind.so.0...(no
debugging symbols found)...done.
Loaded symbols for /opt/openldap/libexec/openldap/lastbind.so.0
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2
Reading symbols from
/opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2...done.
Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2
Core was generated by `/opt/openldap//libexec/slapd -h ldap://10.10.114.15:389
ldaps://10.10.114.15:63'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value
optimized out>) at memberof.c:1273
1273 memberof.c: No such file or directory.
in memberof.c
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.23-13.el6.x86_64 db4-4.7.25-16.el6.x86_64
glibc-2.12-1.47.el6.x86_64 google-perftools-1.7-1.el6.x86_64
keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64
libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64
libicu-4.2.1-9.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64
libstdc++-4.4.6-3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64
libunwind-1.0.1-1.el6.x86_64 nss-pam-ldapd-0.7.5-14.el6.x86_64
nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-20.el6.x86_64
perl-libs-5.10.1-119.el6_1.1.x86_64 unixODBC-2.2.14-11.el6.x86_64
zlib-1.2.3-27.el6.x86_64
(gdb) bt
#0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value
optimized out>) at memberof.c:1273
#1 0x000000000044c9ae in slap_response_play (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:507
#2 0x000000000044d539 in send_ldap_response (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:582
#3 0x000000000044e22c in slap_send_ldap_result (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:860
#4 0x0000000000510730 in hdb_add (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at
add.c:511
#5 0x00000000004a49b7 in overlay_op_walk (op=0x7f527a0e5380, rs=0x7f527a0e4f80,
which=op_add, oi=0x1c40000, on=0x0) at backover.c:671
#6 0x00000000004a5397 in over_op_func (op=0x7f527a0e5380, rs=<value optimized
out>, which=<value optimized out>) at backover.c:723
#7 0x000000000049b3cb in syncrepl_entry (op=0x7f527a0e5380, si=0x1ca8000) at
syncrepl.c:2842
#8 do_syncrep2 (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:1012
#9 0x00000000004a0dc2 in do_syncrepl (ctx=<value optimized out>, arg=0x1aa4dd0)
at syncrepl.c:1522
#10 0x000000000056ae70 in ldap_int_thread_pool_wrapper (xpool=0x1b90000) at
tpool.c:688
#11 0x00007f5296ee97f1 in start_thread () from /lib64/libpthread.so.0
#12 0x00007f529488170d in clone () from /lib64/libc.so.6
(gdb) bt full
#0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value
optimized out>) at memberof.c:1273
a = 0x220c530
mci = <value optimized out>
on = <value optimized out>
mo = 0x1b7b4f0
i = <value optimized out>
#1 0x000000000044c9ae in slap_response_play (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:507
sc_next = 0x7f527a0e47f0
sc_nextp = 0x27f0038
rc = 32768
sc = 0x27f0080
scp = 0x27f0080
#2 0x000000000044d539 in send_ldap_response (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:582
berbuf = {
buffer = "\005", '\000' <repeats 23 times>"\230,
SOR\177\000\000PB\016zR\177\000\000!\004`\377\377\377\377\377\236BWO\000\000\000\000\000\315\306\001",
'\000' <repeats 12 times>,
"@\237\274\001\000\000\000\000\230SOR\177\000\000\000\000\000\000\000\000\000\000W?\357\000\000\000\000\257\361\n\230R\177\000\000\000\000\000\000R\177\000\000
\000\000\000\000\000\000\000\000S/\230R\177\000\000\001\000\000\000\000\000\000\000\236BWO\000\000\000\000W?\357",
'\000' <repeats 12 times>,
"@\035x\a\000\000\000\000\b\255\v\002\000\000\000\000\000\a\277\001\000\000\000\000\a",
'\000' <repeats 47 times>"\300, sb\a\000\000\000\000\t\000\000\000\000\000\000",
ialign = 5, lalign = 5, falign = 7.00649232e-45, dalign =
2.4703282292062327e-323,
palign = 0x5 <Address 0x5 out of bounds>}
ber = 0x7f527a0e4200
rc = 0
bytes = <value optimized out>
__PRETTY_FUNCTION__ = "send_ldap_response"
#3 0x000000000044e22c in slap_send_ldap_result (op=0x7f527a0e5380,
rs=0x7f527a0e4f80) at result.c:860
tmp = 0x0
otext = 0x0
oref = 0x0
__PRETTY_FUNCTION__ = "slap_send_ldap_result"
#4 0x0000000000510730 in hdb_add (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at
add.c:511
bdb = 0x1bf0700
pdn = {bv_len = 50, bv_val = 0x76273ca
"ou=ldap,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it"}
p = <value optimized out>
oe = 0x20bad08
ei = 0x7783de0
textbuf = "\000\000\000\000\000\000\000\000\000DP\a\000\000\000\000\334\071w\a\000\000\000\000\200S\016zR\177\000\000\200O\016zR\177\000\000`\t\304\001\000\000\000\000\300\266\307\001\000\000\000\000\300\364\213\221R\177\000\000\000\000\000\000\000\000\000\000\320D\016zR\177\000\000\000\000\000\000\000\000\000\000\240F\016zR\177",
'\000' <repeats 26 times>"\300,
D\016zR\177\000\000\000\000\000\000\001\000\000\000\002\000\000\000\000\000\000\000\320\000w\a\001\000\000\000\b",
'\000' <repeats 31 times>, "\f", '\000' <repeats 23 times>,
"\020R\016zR\177\000\000\320\000w\a\000\000\000\000\241\000\000\000\000\000\000\000\020R\016zR\177\000\000\000\000\000\000\000\000\000\000\200S\016zR\177\000"
children = 0x0
entry = 0x1a99300
ltid = 0x0
lt2 = 0x1c69ce0
eid = 2243
opinfo = {boi_oe = {oe_next = {sle_next = 0x0}, oe_key = 0x0}, boi_txn =
0x1c6cd00, boi_locks = 0x0, boi_err = 0, boi_acl_cache = 0 '\000',
boi_flag = 0 '\000'}
---Type <return> to continue, or q <return> to quit---
lock = {off = 2389256, ndx = 993, gen = 962, mode = DB_LOCK_READ}
num_retries = <value optimized out>
success = 0
postread_ctrl = 0x0
ctrls = {0x0, 0x7f527a0e4558, 0xf, 0xffffffffffffffff, 0x1b7b4f0,
0x77b6381}
num_ctrls = <value optimized out>
#5 0x00000000004a49b7 in overlay_op_walk (op=0x7f527a0e5380, rs=0x7f527a0e4f80,
which=op_add, oi=0x1c40000, on=0x0) at backover.c:671
func = <value optimized out>
rc = 32768
#6 0x00000000004a5397 in over_op_func (op=0x7f527a0e5380, rs=<value optimized
out>, which=<value optimized out>) at backover.c:723
oi = <value optimized out>
on = <value optimized out>
be = 0x1b98d00
db = {bd_info = 0x8393a0, bd_self = 0x1b98d00,
be_ctrls =
"\000\000\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\000\000\001\001\001\001\001\000\000\000\000\000\000\000\000\001",
be_flags = 694536, be_restrictops = 0, be_requires = 6, be_ssf_set = {sss_ssf =
0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0,
sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0,
sss_simple_bind = 0}, be_suffix = 0x1c7aea0, be_nsuffix = 0x1c7b080,
be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0,
bv_val = 0x0}, be_rootdn = {bv_len = 32,
bv_val = 0x1aaee10 "cn=Manager,dc=my_dc1,dc=my_dc2.it"}, be_rootndn
= {bv_len = 32, bv_val = 0x1aaede0 "cn=manager,dc=my_dc1,dc=my_dc2.it"},
be_rootpw = {bv_len = 38, bv_val = 0x1aaed80 "{SSHA}mypw"},
be_max_deref_depth = 15, be_def_limit = {
lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = -1, lms_s_hard = 0,
lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0},
be_limits = 0x1af9080, be_acl = 0x0, be_dfltaccess = ACL_READ,
be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0},
be_update_refs = 0x0, be_pending_csn_list = 0x2061aa0, be_pcl_mutex =
{__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size =
'\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x1ca8000, be_pb = 0x0,
be_cf_ocs = 0x83eac0, be_private = 0x1bf0700, be_next = {stqe_next =
0x0}}
cb = {sc_next = 0x7f527a0e51b0, sc_response = 0x4a4640
<over_back_response>, sc_cleanup = 0, sc_private = 0x1c40000}
sc = <value optimized out>
rc = 32768
__PRETTY_FUNCTION__ = "over_op_func"
#7 0x000000000049b3cb in syncrepl_entry (op=0x7f527a0e5380, si=0x1ca8000) at
syncrepl.c:2842
rs_add = {sr_type = REP_RESULT, sr_tag = 105, sr_msgid = 0, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs =
0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {
r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata =
0x0}}, sr_flags = 0}
syncuuid_inserted = <value optimized out>
freecsn = 0
be = 0x1b98d00
ava = {aa_desc = 0x1a98a80, aa_value = {bv_len = 16, bv_val = 0x779f9e7
"?\344\025L\202C\003\275vc\027b_\343", <incomplete sequence \304>}}
dni = {new_entry = 0x20bad08, dn = {bv_len = 0, bv_val = 0x0}, ndn =
{bv_len = 0, bv_val = 0x0}, nnewSup = {bv_len = 0, bv_val = 0x0}, renamed = 0,
delOldRDN = 0, modlist = 0x7f527a0e5300, mods = 0x0, oldNcount = 0,
oldDesc = 0x0, newDesc = 0x0}
retry = <value optimized out>
cb = {sc_next = 0x0, sc_response = 0x493eb0 <null_callback>, sc_cleanup
= 0, sc_private = 0x1ca8000}
rs_search = {sr_type = REP_RESULT, sr_tag = 101, sr_msgid = 0, sr_err =
0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs =
0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {
r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata =
0x0}}, sr_flags = 0}
f = {f_choice = 163, f_un = {f_un_result = 2047758832, f_un_desc =
0x7f527a0e51f0, f_un_ava = 0x7f527a0e51f0, f_un_ssa = 0x7f527a0e51f0,
f_un_mra = 0x7f527a0e51f0, f_un_complex = 0x7f527a0e51f0}, f_next =
0x0}
rc = <value optimized out>
---Type <return> to continue, or q <return> to quit---
pdn = {bv_len = 0, bv_val = 0x0}
#8 do_syncrep2 (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:1012
match = <value optimized out>
cookie = {bv_len = 0, bv_val = 0x0}
rctrls = 0x7772cb0
rctrlp = <value optimized out>
syncUUIDs = 0x0
bdn = {bv_len = 60, bv_val = 0x1cf6e09
"cn=myldap05,ou=ldap,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it"}
syncUUID = {{bv_len = 16, bv_val = 0x779f9e7
"?\344\025L\202C\003\275vc\027b_\343", <incomplete sequence \304>}, {bv_len =
36,
bv_val = 0x27f0008 "da89e415-4c82-4303-bd76-6317625fe3c4"}}
si_tag = <value optimized out>
entry = 0x20bad08
punlock = -1
syncstate = 1
retdata = 0x7f527a0e5330
retoid = 0x1ca8258 ""
len = 0
berbuf = {
buffer = "\002\000\001", '\000' <repeats 29 times>"\340,
\371y\a\000\000\000\000\367\371y\a\000\000\000\000\367\371y\a", '\000' <repeats
28 times>"\200, \a\277\001\000\000\000\000X`\002\230R\177\000\000P\001\000\000\000\000\000\000\025\000\000\000\000\000\000\000\240\260\307\001\000\000\000\000\000\226\306\001\000\000\000\000\370'OR\177\000\000@\237\274\001",
'\000' <repeats 12 times>"\231,
\004\357\226R\177\000\000\000\000\000\000\000\000\000\000ilY\000\000\000\000\000\a\000\000\200\000\000\000\000\030O\016zR\177\000\000X2OR\177\000\000\202\030Y\000\000\000\000\000PO\016zR\177\000\000\202\030Y\000\000\000\000\000PO\016zR\177\000\000\\\031Y\000\000\000\000\000;\000\000\000\000\000\000\000\b
\245\002\000\000\000", ialign = 65538, lalign = 65538,
falign = 9.18382988e-41, dalign = 3.2380074297143616e-319, palign =
0x10002 <Address 0x10002 out of bounds>}
ber = 0x7f527a0e4cf0
msg = 0x29d6800
syncCookie = {ctxcsn = 0x0, sids = 0x0, numcsns = 0, rid = 0, octet_str
= {bv_len = 0, bv_val = 0x0}, sid = 0, sc_next = {stqe_next = 0x0}}
syncCookie_req = {ctxcsn = 0x0, sids = 0x0, numcsns = 0, rid = 1,
octet_str = {bv_len = 15, bv_val = 0x2a1e0c0 "rid=001,sid=00f"}, sid = 15,
sc_next = {stqe_next = 0x0}}
rc = 0
err = 0
modlist = 0x7504900
m = 0
tout_p = 0x0
tout = {tv_sec = 0, tv_usec = 0}
refreshDeletes = 0
empty = "empty"
#9 0x00000000004a0dc2 in do_syncrepl (ctx=<value optimized out>, arg=0x1aa4dd0)
at syncrepl.c:1522
rtask = 0x1aa4dd0
si = 0x1ca8000
conn = {c_struct_state = SLAP_C_UNINITIALIZED, c_conn_state =
SLAP_C_INVALID, c_conn_idx = -1, c_sd = 0, c_close_reason = 0x0, c_mutex =
{__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0, __list = {__prev = 0x0, __next = 0x0}},
__size = '\000' <repeats 39 times>, __align = 0}, c_sb = 0x0,
c_starttime = 0, c_activitytime = 0, c_connid = 18446744073709551615,
c_peer_domain = {bv_len = 0, bv_val = 0x5d0241 ""}, c_peer_name =
{bv_len = 0, bv_val = 0x5d0241 ""}, c_listener = 0x5a0d20, c_sasl_bind_mech = {
bv_len = 0, bv_val = 0x0}, c_sasl_dn = {bv_len = 0, bv_val = 0x0},
c_sasl_authz_dn = {bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x0,
c_authz_cookie = 0x0, c_authz = {sai_method = 0, sai_mech = {bv_len =
0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = {
bv_len = 0, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0,
sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 0, c_ops = {stqh_first = 0x0,
---Type <return> to continue, or q <return> to quit---
stqh_last = 0x0}, c_pending_ops = {stqh_first = 0x0, stqh_last =
0x0}, c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0},
c_write1_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0,
__wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0,
__broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align
= 0}, c_write2_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
__next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0},
c_write2_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0,
__wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0,
__broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align
= 0}, c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000',
c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_is_tls
= 0 '\000', c_needs_tls_accept = 0 '\000', c_sasl_layers = 0 '\000',
c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0,
c_sasl_extra = 0x0, c_sasl_bindop = 0x0, c_pagedresults_state = {ps_be = 0x0,
ps_size = 0, ps_count = 0, ps_cookie = 0, ps_cookieval = {bv_len =
0, bv_val = 0x0}}, c_n_ops_received = 0, c_n_ops_executing = 0,
c_n_ops_pending = 0, c_n_ops_completed = 0, c_n_get = 0, c_n_read = 0,
c_n_write = 0, c_extensions = 0x0, c_clientfunc = 0, c_clientarg = 0x0,
c_send_ldap_result = 0x44e0b0 <slap_send_ldap_result>,
c_send_search_entry = 0x44ed90 <slap_send_search_entry>,
c_send_search_reference = 0x44e6c0 <slap_send_search_reference>,
c_send_ldap_extended = 0x44dbe0 <slap_send_ldap_extended>,
c_send_ldap_intermediate = 0x44da80 <slap_send_ldap_intermediate>}
opbuf = {ob_op = {o_hdr = 0x7f527a0e54f0, o_tag = 104, o_time =
1331118750, o_tincr = 206, o_bd = 0x7f527a0e4660, o_req_dn = {bv_len = 60,
bv_val = 0x7627140
"cn=myldap05,ou=ldap,ou=mysystems,ou=groups,dc=my_dc1,dc=my_dc2.it"}, o_req_ndn
= {bv_len = 60,
bv_val = 0x76273c0
"cn=myldap05,ou=ldap,ou=mysystems,ou=groups,dc=my_dc1,dc=my_dc2.it°}, o_request
= {oq_add = {rs_modlist = 0x2,
rs_e = 0x20bad08}, oq_bind = {rb_method = 2, rb_cred = {bv_len =
34319624, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x83c8c0 "\001"},
rb_ssf = 2047758864, rb_mech = {bv_len = 48, bv_val = 0x27f0038
"\360G\016zR\177"}}, oq_compare = {rs_ava = 0x2}, oq_modify = {rs_mods = {
rs_modlist = 0x2, rs_no_opattrs = 8 '\b'}, rs_increment = 0},
oq_modrdn = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = 8 '\b'},
rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x83c8c0
"\001"}, rs_nnewrdn = {bv_len = 139992211804688,
bv_val = 0x30 <Address 0x30 out of bounds>}, rs_newSup =
0x27f0038, rs_nnewSup = 0x0}, oq_search = {rs_scope = 2, rs_deref = 0,
rs_slimit = 34319624, rs_tlimit = 0, rs_limit = 0x0,
rs_attrsonly = 0, rs_attrs = 0x83c8c0, rs_filter = 0x7f527a0e5210, rs_filterstr
= {
bv_len = 48, bv_val = 0x27f0038 "\360G\016zR\177"}},
oq_abandon = {rs_msgid = 2}, oq_cancel = {rs_msgid = 2}, oq_extended =
{rs_reqoid = {
bv_len = 2, bv_val = 0x20bad08 "\303\b"}, rs_flags = 0,
rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 2,
bv_val = 0x20bad08 "\303\b"}, rs_flags = 0, rs_reqdata =
0x0}, rs_old = {bv_len = 8636608, bv_val = 0x7f527a0e5210 "\243"}, rs_new = {
bv_len = 48, bv_val = 0x27f0038 "\360G\016zR\177"}, rs_mods =
0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0,
o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000',
o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000',
o_delete_glue_parent = 0 '\000', o_no_schema_check = 1 '\001',
o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 16 times>, "\002", '\000' <repeats 14
times>, o_controls = 0x7f527a0e5638, o_authz = {sai_method = 0, sai_mech = {
bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 32, bv_val =
0x1aaee10 "cn=Manager,dc=my_dc1,dc=my_dc2.it"}, sai_ndn = {bv_len = 32,
bv_val = 0x1aaede0 "cn=manager,dc=my_dc1,dc=my_dc2.it"}, sai_ssf
= 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0},
o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x27f0038, o_ctrls = 0x0,
o_csn = {bv_len = 40, bv_val = 0x77b6360 "\200\n|\a"}, o_private = 0x0,
o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}}, ob_hdr =
{oh_opid = 0, oh_connid = 1, oh_conn = 0x7f527a0e5740, oh_msgid = 0,
oh_protocol = 3, oh_tid = 139992211810048, oh_threadctx =
0x7f527a0e5a70, oh_tmpmemctx = 0x27aa2c0, oh_tmpmfuncs = 0x83cca0,
oh_counters = 0x895160, oh_log_prefix = "conn=-1 op=0", '\000'
<repeats 243 times>}, ob_controls = {0x0 <repeats 32 times>}}
op = 0x7f527a0e5380
rc = <value optimized out>
dostop = 0
s = <value optimized out>
i = <value optimized out>
defer = 1
fail = 0
freeinfo = 0
be = 0x1b98d00
#10 0x000000000056ae70 in ldap_int_thread_pool_wrapper (xpool=0x1b90000) at
tpool.c:688
pool = 0x1b90000
---Type <return> to continue, or q <return> to quit---
task = 0x206bca0
work_list = <value optimized out>
ctx = {ltu_id = 139992211810048, ltu_key = {{ltk_key = 0x490a10,
ltk_data = 0x27aa2c0, ltk_free = 0x490a30 <slap_sl_mem_destroy>}, {
ltk_key = 0x1c21000, ltk_data = 0x1c69600, ltk_free = 0x512780
<bdb_reader_free>}, {ltk_key = 0x4c1aa0, ltk_data = 0x2a68000,
ltk_free = 0x4c1b70 <search_stack_free>}, {ltk_key = 0x0, ltk_data
= 0x0, ltk_free = 0} <repeats 29 times>}}
kctx = <value optimized out>
keyslot = 576
hash = <value optimized out>
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#11 0x00007f5296ee97f1 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#12 0x00007f529488170d in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb) q
Please let me know if you keed other details.
Thanks
Marco
11 years, 6 months
Re: (ITS#7194) tlso_session_chkhost issue for OpenSSL TLS
by hyc@symas.com
dimosthenis.pettas(a)nsn.com wrote:
> Full_Name: Dimosthenis Pettas
> Version: 2.4.23
> OS: SOLARIS
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (62.159.77.167)
Thanks for the report, fixed in git master.
>
> I use OpenLDAP version 2.4.23 client to connect via TLS to an LDAP
> server(slapd).
> i initialize connection with an IPV6 address using url
> ldap://[fd00:1111:1111:72:20c:29ff:fec5:4ade]:389 and then try to extend
> connection to TLS with calling ldap_start_tls_s. when trying to match
> client-server certificates hosts inside tlso_session_chkhost in tls_o.c we try
> to determine client host type(IS_DNS,IS_IP4,IS_IP6) but for IPV6 it expects to
> find "[" at first position and "]" at latst one to determine IPV6 address:
>
> #ifdef LDAP_PF_INET6
> if (name[0] == '['&& strchr(name, ']')) {
> char *n2 = ldap_strdup(name+1);
> *strchr(n2, ']') = 0;
> if (inet_pton(AF_INET6, n2,&addr))
> ntype = IS_IP6;
> LDAP_FREE(n2);
> } else
>
> but it seems that [] have been removed inside ldap_url_parse_ext in Url.c:
>
>
> /* If [ip address]:port syntax, url is [ip and we skip the [ */
> ludp->lud_host = LDAP_STRDUP( url + is_v6 );
>
> So name is not [fd00:1111:1111:72:20c:29ff:fec5:4ade] but
> fd00:1111:1111:72:20c:29ff:fec5:4ade and code above fails to determine ntype =
> IS_IP6.
>
> i modified code to:
>
> #ifdef LDAP_PF_INET6
>
> if (inet_pton(AF_INET6, name,&addr))
> {
> ntype = IS_IP6;
>
> } else
> #endif
> if ((ptr = strrchr(name, '.'))&& isdigit((unsigned char)ptr[1])) {
> if (inet_aton(name, (struct in_addr *)&addr))
> {
> ntype = IS_IP4;
>
> }
> }
>
> letting functions inet_pton and inet_aton determing IP type.Scenario worked.
> Let me know if i miss anything or this should be corrected.
>
> Sorry for submitting again ,i wanted to correct email address
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11 years, 6 months
(ITS#7200) serverID 0 after serverID should fail loudly
by ebackes@symas.com
Full_Name: Emily Backes
Version: 2.4
OS: any
URL:
Submission from: (NULL) (98.155.30.248)
This is an enhancement request, based on discussions and common failing
use-cases we've encountered.
Very often, people configure:
serverID 1 ldap:...
serverID 2 ldap:...
...etc...
And for various reasons none of the ldap URIs match the local server and they
end up in a faux-mmr where every server believes itself to be zero, resulting in
great consternation when replication then fails awkwardly farther down the
line.
It's only meaningful to set serverID on "master" servers-- those accepting
changes, so it seems reasonable to require that one of the serverIDs matches.
This is probably easiest to enforce by requiring:
* If serverID is zero, mirrormode must be off. Turning mirrormode on should
require a non-zero serverID beforehand.
It would be nice to test this at serverID setting time, but that requires state
checking beyond what is easily provided to the config table, I think. Namely,
if any serverIDs are specified, one of them must match and set to a non-zero
value; any null serverID after all serverID num/uri pairs are considered should
cause the config change or slapd.conf to be rejected.
It's also possible that the is-this-a-local-change checks in syncprov.c may want
to handle serverID 0 CSNs specially; they must exist only as part of a shared
change-set that existed before the current mmr topology. New CSNs appearing
with serverID 0 are evidence of unrecoverable misconfiguration.
11 years, 6 months
(ITS#7199) back-mdb virtual process size unreasonable
by quanah@OpenLDAP.org
Full_Name: Quanah Gibson-Mount
Version: 2.4.29
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.108.184.39)
A slapd server with accesslog & primary DB, where primary DB is 131MB and
accesslog is 4.1MB has the following profile in top:
5929 zimbra 21 0 160g 105m 52m S 0.7 2.7 19:35.62 slapd
where 160g is the virtual size, 105m is RES, 52m is shared
160gb for this seems somewhat... obscene. ;)
My guess would be a memory leak?
11 years, 6 months