openldap-bugs March 2012

openldap-bugs@openldap.org

28 participants
78 discussions

(ITS#7205) olcSuffix does not support modifications
by elecharny＠apache.org 13 Mar '12

13 Mar '12

Full_Name: Emmanuel Lecharny Version: 2.4.24 OS: Ubuntu URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.226.4.211) The olcSuffix AT, which is not declared as SINGLE-VALUED, does not support more than one value. Per se, the definition of this AT should be explicit about it. However, this is not the main issue. Trying to modify its value using such a LDIF file : dn: olcDatabase={3}ldif,cn=config changetype: modify delete: olcSuffix olcSuffix: cn=test2 - add: olcSuffix olcSuffix: cn=test3 - leads to an error : #!ERROR [LDAP: error code 80 - <olcSuffix> Only one suffix is allowed on this ldif backend] It seems that there is an internal check that is done to insure that the olcSuffix does not contain more than one value, bypassing the AT definition, and that this check is not correctly done when a modify operation is sent. Deleting the olcSuffix AT and injcting a new one works.

1 0

(ITS#7204) test044-dynlist broken with --disable-monitor
by h.b.furuseth＠usit.uio.no 09 Mar '12

09 Mar '12

Full_Name: Hallvard B Furuseth Version: 2.4->2.4.30 OS: Linux x86_64 URL: Submission from: (NULL) (195.1.106.125) Submitted by: hallvard test044-dynlist uses olcDatabase={2}$BACKEND,cn=config. This breaks when back-monitor is omitted as database {1}. Fixing.

1 0

(ITS#7203) approxIndexer should not return zero-length keys
by hyc＠OpenLDAP.org 09 Mar '12

09 Mar '12

Full_Name: Howard Chu Version: any OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.94.188.8) Submitted by: hyc The approxIndexer generates a key for every word in the input string. Short words produce no actual key value, and leave a slot in the list of keys with bv_len=0. These results should be omitted; the underlying database can't do anything with zero length keys anyway.

1 0

Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
by ondrej.kuznik＠acision.com 09 Mar '12

09 Mar '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/12/2012 12:27 PM, hyc(a)symas.com wrote: > This ITS still appears to me to be invalid. bconfig treats all siblings *of > the same type* as a single ordering. Your demonstration code is claiming your > entries are all of the same type, even though they aren't. I.e., all entries > in cn=config of a given type have only one distinguished naming attribute. You > have used olcTestAttrOne and olcTestAttrTwo for the same type, so cn=config > doesn't distinguish them in its sort order. I tried implementing a check for Cft_Misc that considers only siblings of the same distinguished naming attribute: ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987.patch During an IRC conversation in January you suggested not renumbering Cft_Misc entries at all, like the patch below. Such a change might however affect other overlays since captive backends seem to be regarded as Cft_Misc entries too, based on my tests with it: ftp://ftp.openldap.org/incoming/ondrej-kuznik-20120309-ITS-6987-no-renumber… The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Acision. Acision has not assigned rights and/or interest in this work to any party. I, Ondrej Kuznik am authorized by Acision, my employer, to release this work under the following terms. The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2012 Acision Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. - -- Ondrej Kuznik -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9aHu0ACgkQ9GWxeeH+cXvpGgCeN5iMhB6iyq3MjFJVx45AWmX+ uykAnjidKeewlH1EhlBBr+BTFgxZNodM =+FEP -----END PGP SIGNATURE----- This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.

1 0

(ITS#7202) slapo-memeberof crashing OL 2.4.30
by marco.pizzoli＠gmail.com 09 Mar '12

09 Mar '12

Full_Name: Marco Pizzoli Version: 2.4.30 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.174.164.11) Hi, I'm facing crashes with openldap 2.4.30 (actually the RE24 of the day before the release, but nothing changed in the meantime). I have a consumer starting from scratch with an empty db. During his starting he populates his db by connecting to 4 servers which are part of a 4-way multi-master cluster. They are running a previous version of OpenLDAP. We are doing an upgrade of our deployment just to solve an issue we face from time to time consisting in data corruption. This bug, which is not the target of this ITS, is able to trigger a crash of the slave slapd 2.4.30. During the first synchronization the consumer is receiving the entire db and I can see on this slave, in the logs, coming two odd entries, like this one: ldap15.log:Feb 28 15:45:02 ldap15 slapd[5219]: conn=-1 op=0: memberof_value_modify DN="p?v#007" add memberOf="cn=mynetbk,ou=allnetbk,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it" failed err=32 and after that slapd crashes. I produced a core dump and generated the full back trace. And I can see this is due to slapo-memberof. This is my memberof configuration: overlay memberof memberof-group-oc groupOfNames memberof-member-ad member memberof-memberof-ad memberOf memberof-dn cn=Manager,dc=my_dc1,dc=my_dc2.it memberof-dangling ignore memberof-dangling-error 80 memberof-refint FALSE Here is the output. As I said, this output is taken from a slapd 2.4.30. The platform is Linux x86_64. [ldap@ldap15 ~]$ gdb /opt/openldap/libexec/slapd /tmp/core.11359 GNU gdb (GDB) Red Hat Enterprise Linux (7.2-48.el6) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /opt/openldap-PRE2.4.30/libexec/slapd...done. [New Thread 11363] [New Thread 11361] [New Thread 11359] [New Thread 11360] [New Thread 11365] [New Thread 11362] [New Thread 11364] Missing separate debuginfo for /opt/berkeleydb/lib/libdb-5.2.so Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/25/3444cedd507ae54ca793376010c027664ab639 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/29/1997818b36184bdbf6921e2b597f1d961122a4 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/87/d14b81be9ec6d6a7a515d61d8b15d4b9e9f439 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/d1/a0f526dbc9986c4c167ccc2d7f72496c16a8e5 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/ca/ba01f02f5db752891321c3a3a871b72d827634 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/72/29edebf6dad9245753fbca44c3395edfee0999 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/e9/1d213453b9bef5f9ff991e0cbba93114595cca Missing separate debuginfo for /opt/openldap/libexec/openldap/lastbind.so.0 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/13/d1a7451281081ce9fcf0a3db11144b63819464 Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/a3/c9c4184844cd493c88212b73f82893500554fb Missing separate debuginfo for /opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2 Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/5b/6df9a919708465a54252a0e5b402de239475d3 Missing separate debuginfo for Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/08/f634a1d22deff00461d50a7699dacdc97657bf Reading symbols from /usr/lib64/libltdl.so.7...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libltdl.so.7 Reading symbols from /opt/berkeleydb/lib/libdb-5.2.so...(no debugging symbols found)...done. Loaded symbols for /opt/berkeleydb/lib/libdb-5.2.so Reading symbols from /usr/lib64/perl5/CORE/libperl.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/perl5/CORE/libperl.so Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libnsl.so.1 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libm.so.6 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /lib64/libutil.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libutil.so.1 Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /usr/lib64/libodbc.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libodbc.so.2 Reading symbols from /usr/lib64/libicuuc.so.42...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libicuuc.so.42 Reading symbols from /usr/lib64/libicudata.so.42...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libicudata.so.42 Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libsasl2.so.2 Reading symbols from /usr/lib64/libssl.so.10...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libssl.so.10 Reading symbols from /usr/lib64/libcrypto.so.10...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libcrypto.so.10 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /usr/lib64/libtcmalloc.so.0...done. Loaded symbols for /usr/lib64/libtcmalloc.so.0 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /lib64/libfreebl3.so...(no debugging symbols found)...done. Loaded symbols for /lib64/libfreebl3.so Reading symbols from /usr/lib64/libstdc++.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libstdc++.so.6 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 Reading symbols from /lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libgssapi_krb5.so.2 Reading symbols from /lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /lib64/libkrb5.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /lib64/libk5crypto.so.3 Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libz.so.1 Reading symbols from /usr/lib64/libunwind.so.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libunwind.so.8 Reading symbols from /lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_files.so.2 Reading symbols from /lib64/libnss_ldap.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libnss_ldap.so.2 Reading symbols from /usr/lib64/sasl2/libsasldb.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/sasl2/libsasldb.so Reading symbols from /lib64/libdb-4.7.so...(no debugging symbols found)...done. Loaded symbols for /lib64/libdb-4.7.so Reading symbols from /usr/lib64/sasl2/libanonymous.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/sasl2/libanonymous.so Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/memberof-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/accesslog-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/auditlog-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/ppolicy-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/sssvlv-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/syncprov-2.4.so.2 Reading symbols from /opt/openldap/libexec/openldap/lastbind.so.0...(no debugging symbols found)...done. Loaded symbols for /opt/openldap/libexec/openldap/lastbind.so.0 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/constraint-2.4.so.2 Reading symbols from /opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2...done. Loaded symbols for /opt/openldap-PRE2.4.30/libexec/openldap/valsort-2.4.so.2 Core was generated by `/opt/openldap//libexec/slapd -h ldap://10.10.114.15:389 ldaps://10.10.114.15:63'. Program terminated with signal 11, Segmentation fault. #0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value optimized out>) at memberof.c:1273 1273 memberof.c: No such file or directory. in memberof.c Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6.x86_64 db4-4.7.25-16.el6.x86_64 glibc-2.12-1.47.el6.x86_64 google-perftools-1.7-1.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64 libicu-4.2.1-9.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libstdc++-4.4.6-3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libunwind-1.0.1-1.el6.x86_64 nss-pam-ldapd-0.7.5-14.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-20.el6.x86_64 perl-libs-5.10.1-119.el6_1.1.x86_64 unixODBC-2.2.14-11.el6.x86_64 zlib-1.2.3-27.el6.x86_64 (gdb) bt #0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value optimized out>) at memberof.c:1273 #1 0x000000000044c9ae in slap_response_play (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:507 #2 0x000000000044d539 in send_ldap_response (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:582 #3 0x000000000044e22c in slap_send_ldap_result (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:860 #4 0x0000000000510730 in hdb_add (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at add.c:511 #5 0x00000000004a49b7 in overlay_op_walk (op=0x7f527a0e5380, rs=0x7f527a0e4f80, which=op_add, oi=0x1c40000, on=0x0) at backover.c:671 #6 0x00000000004a5397 in over_op_func (op=0x7f527a0e5380, rs=<value optimized out>, which=<value optimized out>) at backover.c:723 #7 0x000000000049b3cb in syncrepl_entry (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:2842 #8 do_syncrep2 (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:1012 #9 0x00000000004a0dc2 in do_syncrepl (ctx=<value optimized out>, arg=0x1aa4dd0) at syncrepl.c:1522 #10 0x000000000056ae70 in ldap_int_thread_pool_wrapper (xpool=0x1b90000) at tpool.c:688 #11 0x00007f5296ee97f1 in start_thread () from /lib64/libpthread.so.0 #12 0x00007f529488170d in clone () from /lib64/libc.so.6 (gdb) bt full #0 0x00007f5291ed6245 in memberof_res_add (op=0x7f527a0e5380, rs=<value optimized out>) at memberof.c:1273 a = 0x220c530 mci = <value optimized out> on = <value optimized out> mo = 0x1b7b4f0 i = <value optimized out> #1 0x000000000044c9ae in slap_response_play (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:507 sc_next = 0x7f527a0e47f0 sc_nextp = 0x27f0038 rc = 32768 sc = 0x27f0080 scp = 0x27f0080 #2 0x000000000044d539 in send_ldap_response (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:582 berbuf = { buffer = "\005", '\000' <repeats 23 times>"\230, SOR\177\000\000PB\016zR\177\000\000!\004`\377\377\377\377\377\236BWO\000\000\000\000\000\315\306\001", '\000' <repeats 12 times>, "@\237\274\001\000\000\000\000\230SOR\177\000\000\000\000\000\000\000\000\000\000W?\357\000\000\000\000\257\361\n\230R\177\000\000\000\000\000\000R\177\000\000 \000\000\000\000\000\000\000\000S/\230R\177\000\000\001\000\000\000\000\000\000\000\236BWO\000\000\000\000W?\357", '\000' <repeats 12 times>, "@\035x\a\000\000\000\000\b\255\v\002\000\000\000\000\000\a\277\001\000\000\000\000\a", '\000' <repeats 47 times>"\300, sb\a\000\000\000\000\t\000\000\000\000\000\000", ialign = 5, lalign = 5, falign = 7.00649232e-45, dalign = 2.4703282292062327e-323, palign = 0x5 <Address 0x5 out of bounds>} ber = 0x7f527a0e4200 rc = 0 bytes = <value optimized out> __PRETTY_FUNCTION__ = "send_ldap_response" #3 0x000000000044e22c in slap_send_ldap_result (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at result.c:860 tmp = 0x0 otext = 0x0 oref = 0x0 __PRETTY_FUNCTION__ = "slap_send_ldap_result" #4 0x0000000000510730 in hdb_add (op=0x7f527a0e5380, rs=0x7f527a0e4f80) at add.c:511 bdb = 0x1bf0700 pdn = {bv_len = 50, bv_val = 0x76273ca "ou=ldap,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it"} p = <value optimized out> oe = 0x20bad08 ei = 0x7783de0 textbuf = "\000\000\000\000\000\000\000\000\000DP\a\000\000\000\000\334\071w\a\000\000\000\000\200S\016zR\177\000\000\200O\016zR\177\000\000`\t\304\001\000\000\000\000\300\266\307\001\000\000\000\000\300\364\213\221R\177\000\000\000\000\000\000\000\000\000\000\320D\016zR\177\000\000\000\000\000\000\000\000\000\000\240F\016zR\177", '\000' <repeats 26 times>"\300, D\016zR\177\000\000\000\000\000\000\001\000\000\000\002\000\000\000\000\000\000\000\320\000w\a\001\000\000\000\b", '\000' <repeats 31 times>, "\f", '\000' <repeats 23 times>, "\020R\016zR\177\000\000\320\000w\a\000\000\000\000\241\000\000\000\000\000\000\000\020R\016zR\177\000\000\000\000\000\000\000\000\000\000\200S\016zR\177\000" children = 0x0 entry = 0x1a99300 ltid = 0x0 lt2 = 0x1c69ce0 eid = 2243 opinfo = {boi_oe = {oe_next = {sle_next = 0x0}, oe_key = 0x0}, boi_txn = 0x1c6cd00, boi_locks = 0x0, boi_err = 0, boi_acl_cache = 0 '\000', boi_flag = 0 '\000'} ---Type <return> to continue, or q <return> to quit--- lock = {off = 2389256, ndx = 993, gen = 962, mode = DB_LOCK_READ} num_retries = <value optimized out> success = 0 postread_ctrl = 0x0 ctrls = {0x0, 0x7f527a0e4558, 0xf, 0xffffffffffffffff, 0x1b7b4f0, 0x77b6381} num_ctrls = <value optimized out> #5 0x00000000004a49b7 in overlay_op_walk (op=0x7f527a0e5380, rs=0x7f527a0e4f80, which=op_add, oi=0x1c40000, on=0x0) at backover.c:671 func = <value optimized out> rc = 32768 #6 0x00000000004a5397 in over_op_func (op=0x7f527a0e5380, rs=<value optimized out>, which=<value optimized out>) at backover.c:723 oi = <value optimized out> on = <value optimized out> be = 0x1b98d00 db = {bd_info = 0x8393a0, bd_self = 0x1b98d00, be_ctrls = "\000\000\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001\000\000\001\001\001\001\001\000\000\000\000\000\000\000\000\001", be_flags = 694536, be_restrictops = 0, be_requires = 6, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x1c7aea0, be_nsuffix = 0x1c7b080, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 32, bv_val = 0x1aaee10 "cn=Manager,dc=my_dc1,dc=my_dc2.it"}, be_rootndn = {bv_len = 32, bv_val = 0x1aaede0 "cn=manager,dc=my_dc1,dc=my_dc2.it"}, be_rootpw = {bv_len = 38, bv_val = 0x1aaed80 "{SSHA}mypw"}, be_max_deref_depth = 15, be_def_limit = { lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = -1, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x1af9080, be_acl = 0x0, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x2061aa0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x1ca8000, be_pb = 0x0, be_cf_ocs = 0x83eac0, be_private = 0x1bf0700, be_next = {stqe_next = 0x0}} cb = {sc_next = 0x7f527a0e51b0, sc_response = 0x4a4640 <over_back_response>, sc_cleanup = 0, sc_private = 0x1c40000} sc = <value optimized out> rc = 32768 __PRETTY_FUNCTION__ = "over_op_func" #7 0x000000000049b3cb in syncrepl_entry (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:2842 rs_add = {sr_type = REP_RESULT, sr_tag = 105, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = { sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = { r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} syncuuid_inserted = <value optimized out> freecsn = 0 be = 0x1b98d00 ava = {aa_desc = 0x1a98a80, aa_value = {bv_len = 16, bv_val = 0x779f9e7 "?\344\025L\202C\003\275vc\027b_\343", <incomplete sequence \304>}} dni = {new_entry = 0x20bad08, dn = {bv_len = 0, bv_val = 0x0}, ndn = {bv_len = 0, bv_val = 0x0}, nnewSup = {bv_len = 0, bv_val = 0x0}, renamed = 0, delOldRDN = 0, modlist = 0x7f527a0e5300, mods = 0x0, oldNcount = 0, oldDesc = 0x0, newDesc = 0x0} retry = <value optimized out> cb = {sc_next = 0x0, sc_response = 0x493eb0 <null_callback>, sc_cleanup = 0, sc_private = 0x1ca8000} rs_search = {sr_type = REP_RESULT, sr_tag = 101, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = { sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = { r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} f = {f_choice = 163, f_un = {f_un_result = 2047758832, f_un_desc = 0x7f527a0e51f0, f_un_ava = 0x7f527a0e51f0, f_un_ssa = 0x7f527a0e51f0, f_un_mra = 0x7f527a0e51f0, f_un_complex = 0x7f527a0e51f0}, f_next = 0x0} rc = <value optimized out> ---Type <return> to continue, or q <return> to quit--- pdn = {bv_len = 0, bv_val = 0x0} #8 do_syncrep2 (op=0x7f527a0e5380, si=0x1ca8000) at syncrepl.c:1012 match = <value optimized out> cookie = {bv_len = 0, bv_val = 0x0} rctrls = 0x7772cb0 rctrlp = <value optimized out> syncUUIDs = 0x0 bdn = {bv_len = 60, bv_val = 0x1cf6e09 "cn=myldap05,ou=ldap,ou=systems,ou=mygroups,dc=my_dc1,dc=my_dc2.it"} syncUUID = {{bv_len = 16, bv_val = 0x779f9e7 "?\344\025L\202C\003\275vc\027b_\343", <incomplete sequence \304>}, {bv_len = 36, bv_val = 0x27f0008 "da89e415-4c82-4303-bd76-6317625fe3c4"}} si_tag = <value optimized out> entry = 0x20bad08 punlock = -1 syncstate = 1 retdata = 0x7f527a0e5330 retoid = 0x1ca8258 "" len = 0 berbuf = { buffer = "\002\000\001", '\000' <repeats 29 times>"\340, \371y\a\000\000\000\000\367\371y\a\000\000\000\000\367\371y\a", '\000' <repeats 28 times>"\200, \a\277\001\000\000\000\000X`\002\230R\177\000\000P\001\000\000\000\000\000\000\025\000\000\000\000\000\000\000\240\260\307\001\000\000\000\000\000\226\306\001\000\000\000\000\370'OR\177\000\000@\237\274\001", '\000' <repeats 12 times>"\231, \004\357\226R\177\000\000\000\000\000\000\000\000\000\000ilY\000\000\000\000\000\a\000\000\200\000\000\000\000\030O\016zR\177\000\000X2OR\177\000\000\202\030Y\000\000\000\000\000PO\016zR\177\000\000\202\030Y\000\000\000\000\000PO\016zR\177\000\000\\\031Y\000\000\000\000\000;\000\000\000\000\000\000\000\b \245\002\000\000\000", ialign = 65538, lalign = 65538, falign = 9.18382988e-41, dalign = 3.2380074297143616e-319, palign = 0x10002 <Address 0x10002 out of bounds>} ber = 0x7f527a0e4cf0 msg = 0x29d6800 syncCookie = {ctxcsn = 0x0, sids = 0x0, numcsns = 0, rid = 0, octet_str = {bv_len = 0, bv_val = 0x0}, sid = 0, sc_next = {stqe_next = 0x0}} syncCookie_req = {ctxcsn = 0x0, sids = 0x0, numcsns = 0, rid = 1, octet_str = {bv_len = 15, bv_val = 0x2a1e0c0 "rid=001,sid=00f"}, sid = 15, sc_next = {stqe_next = 0x0}} rc = 0 err = 0 modlist = 0x7504900 m = 0 tout_p = 0x0 tout = {tv_sec = 0, tv_usec = 0} refreshDeletes = 0 empty = "empty" #9 0x00000000004a0dc2 in do_syncrepl (ctx=<value optimized out>, arg=0x1aa4dd0) at syncrepl.c:1522 rtask = 0x1aa4dd0 si = 0x1ca8000 conn = {c_struct_state = SLAP_C_UNINITIALIZED, c_conn_state = SLAP_C_INVALID, c_conn_idx = -1, c_sd = 0, c_close_reason = 0x0, c_mutex = {__data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_sb = 0x0, c_starttime = 0, c_activitytime = 0, c_connid = 18446744073709551615, c_peer_domain = {bv_len = 0, bv_val = 0x5d0241 ""}, c_peer_name = {bv_len = 0, bv_val = 0x5d0241 ""}, c_listener = 0x5a0d20, c_sasl_bind_mech = { bv_len = 0, bv_val = 0x0}, c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = {bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x0, c_authz_cookie = 0x0, c_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = { bv_len = 0, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 0, c_ops = {stqh_first = 0x0, ---Type <return> to continue, or q <return> to quit--- stqh_last = 0x0}, c_pending_ops = {stqh_first = 0x0, stqh_last = 0x0}, c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_write2_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write2_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000', c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_is_tls = 0 '\000', c_needs_tls_accept = 0 '\000', c_sasl_layers = 0 '\000', c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0, c_sasl_extra = 0x0, c_sasl_bindop = 0x0, c_pagedresults_state = {ps_be = 0x0, ps_size = 0, ps_count = 0, ps_cookie = 0, ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 0, c_n_ops_executing = 0, c_n_ops_pending = 0, c_n_ops_completed = 0, c_n_get = 0, c_n_read = 0, c_n_write = 0, c_extensions = 0x0, c_clientfunc = 0, c_clientarg = 0x0, c_send_ldap_result = 0x44e0b0 <slap_send_ldap_result>, c_send_search_entry = 0x44ed90 <slap_send_search_entry>, c_send_search_reference = 0x44e6c0 <slap_send_search_reference>, c_send_ldap_extended = 0x44dbe0 <slap_send_ldap_extended>, c_send_ldap_intermediate = 0x44da80 <slap_send_ldap_intermediate>} opbuf = {ob_op = {o_hdr = 0x7f527a0e54f0, o_tag = 104, o_time = 1331118750, o_tincr = 206, o_bd = 0x7f527a0e4660, o_req_dn = {bv_len = 60, bv_val = 0x7627140 "cn=myldap05,ou=ldap,ou=mysystems,ou=groups,dc=my_dc1,dc=my_dc2.it"}, o_req_ndn = {bv_len = 60, bv_val = 0x76273c0 "cn=myldap05,ou=ldap,ou=mysystems,ou=groups,dc=my_dc1,dc=my_dc2.it°}, o_request = {oq_add = {rs_modlist = 0x2, rs_e = 0x20bad08}, oq_bind = {rb_method = 2, rb_cred = {bv_len = 34319624, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x83c8c0 "\001"}, rb_ssf = 2047758864, rb_mech = {bv_len = 48, bv_val = 0x27f0038 "\360G\016zR\177"}}, oq_compare = {rs_ava = 0x2}, oq_modify = {rs_mods = { rs_modlist = 0x2, rs_no_opattrs = 8 '\b'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x2, rs_no_opattrs = 8 '\b'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x83c8c0 "\001"}, rs_nnewrdn = {bv_len = 139992211804688, bv_val = 0x30 <Address 0x30 out of bounds>}, rs_newSup = 0x27f0038, rs_nnewSup = 0x0}, oq_search = {rs_scope = 2, rs_deref = 0, rs_slimit = 34319624, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x83c8c0, rs_filter = 0x7f527a0e5210, rs_filterstr = { bv_len = 48, bv_val = 0x27f0038 "\360G\016zR\177"}}, oq_abandon = {rs_msgid = 2}, oq_cancel = {rs_msgid = 2}, oq_extended = {rs_reqoid = { bv_len = 2, bv_val = 0x20bad08 "\303\b"}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 2, bv_val = 0x20bad08 "\303\b"}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 8636608, bv_val = 0x7f527a0e5210 "\243"}, rs_new = { bv_len = 48, bv_val = 0x27f0038 "\360G\016zR\177"}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 1 '\001', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' <repeats 16 times>, "\002", '\000' <repeats 14 times>, o_controls = 0x7f527a0e5638, o_authz = {sai_method = 0, sai_mech = { bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 32, bv_val = 0x1aaee10 "cn=Manager,dc=my_dc1,dc=my_dc2.it"}, sai_ndn = {bv_len = 32, bv_val = 0x1aaede0 "cn=manager,dc=my_dc1,dc=my_dc2.it"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x27f0038, o_ctrls = 0x0, o_csn = {bv_len = 40, bv_val = 0x77b6360 "\200\n|\a"}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}}, ob_hdr = {oh_opid = 0, oh_connid = 1, oh_conn = 0x7f527a0e5740, oh_msgid = 0, oh_protocol = 3, oh_tid = 139992211810048, oh_threadctx = 0x7f527a0e5a70, oh_tmpmemctx = 0x27aa2c0, oh_tmpmfuncs = 0x83cca0, oh_counters = 0x895160, oh_log_prefix = "conn=-1 op=0", '\000' <repeats 243 times>}, ob_controls = {0x0 <repeats 32 times>}} op = 0x7f527a0e5380 rc = <value optimized out> dostop = 0 s = <value optimized out> i = <value optimized out> defer = 1 fail = 0 freeinfo = 0 be = 0x1b98d00 #10 0x000000000056ae70 in ldap_int_thread_pool_wrapper (xpool=0x1b90000) at tpool.c:688 pool = 0x1b90000 ---Type <return> to continue, or q <return> to quit--- task = 0x206bca0 work_list = <value optimized out> ctx = {ltu_id = 139992211810048, ltu_key = {{ltk_key = 0x490a10, ltk_data = 0x27aa2c0, ltk_free = 0x490a30 <slap_sl_mem_destroy>}, { ltk_key = 0x1c21000, ltk_data = 0x1c69600, ltk_free = 0x512780 <bdb_reader_free>}, {ltk_key = 0x4c1aa0, ltk_data = 0x2a68000, ltk_free = 0x4c1b70 <search_stack_free>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} <repeats 29 times>}} kctx = <value optimized out> keyslot = 576 hash = <value optimized out> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #11 0x00007f5296ee97f1 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #12 0x00007f529488170d in clone () from /lib64/libc.so.6 No symbol table info available. (gdb) q Please let me know if you keed other details. Thanks Marco

1 0

Re: (ITS#7194) tlso_session_chkhost issue for OpenSSL TLS
by hyc＠symas.com 08 Mar '12

08 Mar '12

dimosthenis.pettas(a)nsn.com wrote: > Full_Name: Dimosthenis Pettas > Version: 2.4.23 > OS: SOLARIS > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (62.159.77.167) Thanks for the report, fixed in git master. > > I use OpenLDAP version 2.4.23 client to connect via TLS to an LDAP > server(slapd). > i initialize connection with an IPV6 address using url > ldap://[fd00:1111:1111:72:20c:29ff:fec5:4ade]:389 and then try to extend > connection to TLS with calling ldap_start_tls_s. when trying to match > client-server certificates hosts inside tlso_session_chkhost in tls_o.c we try > to determine client host type(IS_DNS,IS_IP4,IS_IP6) but for IPV6 it expects to > find "[" at first position and "]" at latst one to determine IPV6 address: > > #ifdef LDAP_PF_INET6 > if (name[0] == '['&& strchr(name, ']')) { > char *n2 = ldap_strdup(name+1); > *strchr(n2, ']') = 0; > if (inet_pton(AF_INET6, n2,&addr)) > ntype = IS_IP6; > LDAP_FREE(n2); > } else > > but it seems that [] have been removed inside ldap_url_parse_ext in Url.c: > > > /* If [ip address]:port syntax, url is [ip and we skip the [ */ > ludp->lud_host = LDAP_STRDUP( url + is_v6 ); > > So name is not [fd00:1111:1111:72:20c:29ff:fec5:4ade] but > fd00:1111:1111:72:20c:29ff:fec5:4ade and code above fails to determine ntype = > IS_IP6. > > i modified code to: > > #ifdef LDAP_PF_INET6 > > if (inet_pton(AF_INET6, name,&addr)) > { > ntype = IS_IP6; > > } else > #endif > if ((ptr = strrchr(name, '.'))&& isdigit((unsigned char)ptr[1])) { > if (inet_aton(name, (struct in_addr *)&addr)) > { > ntype = IS_IP4; > > } > } > > letting functions inet_pton and inet_aton determing IP type.Scenario worked. > Let me know if i miss anything or this should be corrected. > > Sorry for submitting again ,i wanted to correct email address > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7188) slapschema.8 manpage formatting problems
by hyc＠symas.com 08 Mar '12

08 Mar '12

peb(a)mppmu.mpg.de wrote: > Full_Name: Peter Breitenlohner > Version: 2.4.30 > OS: Linux.GNU > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (134.107.24.63) > > > The slapschema.8 manpage exhibits some formatting problems (already present in > 2.4.23 and maybe earlier): > > In line 30 a font change '\fR' is misspelled as '\FR' > > Line 56 ought to end after the word 'slapschema'; the rest should be on a > separate line. > > Thanks for the report, fixed in git master. In the future, please submit actual diffs/patches. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7201) back-shell slapd.conf->cn=config conversion broken
by quanah＠OpenLDAP.org 07 Mar '12

07 Mar '12

Full_Name: Quanah Gibson-Mount Version: 2.4.28 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.108.184.39) As reported to the debian bug tracker. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662940

1 0

(ITS#7200) serverID 0 after serverID should fail loudly
by ebackes＠symas.com 05 Mar '12

05 Mar '12

Full_Name: Emily Backes Version: 2.4 OS: any URL: Submission from: (NULL) (98.155.30.248) This is an enhancement request, based on discussions and common failing use-cases we've encountered. Very often, people configure: serverID 1 ldap:... serverID 2 ldap:... ...etc... And for various reasons none of the ldap URIs match the local server and they end up in a faux-mmr where every server believes itself to be zero, resulting in great consternation when replication then fails awkwardly farther down the line. It's only meaningful to set serverID on "master" servers-- those accepting changes, so it seems reasonable to require that one of the serverIDs matches. This is probably easiest to enforce by requiring: * If serverID is zero, mirrormode must be off. Turning mirrormode on should require a non-zero serverID beforehand. It would be nice to test this at serverID setting time, but that requires state checking beyond what is easily provided to the config table, I think. Namely, if any serverIDs are specified, one of them must match and set to a non-zero value; any null serverID after all serverID num/uri pairs are considered should cause the config change or slapd.conf to be rejected. It's also possible that the is-this-a-local-change checks in syncprov.c may want to handle serverID 0 CSNs specially; they must exist only as part of a shared change-set that existed before the current mmr topology. New CSNs appearing with serverID 0 are evidence of unrecoverable misconfiguration.

1 0

(ITS#7199) back-mdb virtual process size unreasonable
by quanah＠OpenLDAP.org 05 Mar '12

05 Mar '12

Full_Name: Quanah Gibson-Mount Version: 2.4.29 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.108.184.39) A slapd server with accesslog & primary DB, where primary DB is 131MB and accesslog is 4.1MB has the following profile in top: 5929 zimbra 21 0 160g 105m 52m S 0.7 2.7 19:35.62 slapd where 160g is the virtual size, 105m is RES, 52m is shared 160gb for this seems somewhat... obscene. ;) My guess would be a memory leak?

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2012