openldap-bugs May 2013

openldap-bugs@openldap.org

30 participants
83 discussions

Re: (ITS#7581) adding meta backend in cn=config with ldapadd / ldapmodify
by hyc＠symas.com 23 May '13

23 May '13

hyc(a)symas.com wrote: > dcoutadeur(a)linagora.com wrote: >> Full_Name: dcoutadeur >> Version: 2.4.35 / git >> OS: openSuse 11.3 x86_64 >> URL: >> Submission from: (NULL) (80.67.162.201) >> >> >> I apologize in advance if this is not considered as a bug, but I thought this >> ticket should help the community anyway... >> >> The problem is that it seems impossible to add meta backend in cn=config thanks >> to ldapadd / ldapmodify clients. I thought the major interest for cn=config was >> precisely to let administrators change the configuration in a remote way, but >> maybe new database configuration is an exception ? > > Seems we need some rework here to allow this case. Currently bconfig assumes > that the olcDatabaseConfig entry is sufficient by itself, and any child > entries underneath are just optional. It doesn't handle the case where the > olcDatabaseConfig entry is basically an incomplete config. Should work now in git master, please test. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by michael＠stroeder.com 23 May '13

23 May '13

pa(a)marcelot.net wrote: > On 23 mai 2013, at 16:31, Howard Chu <hyc(a)symas.com> wrote: >> Don't do that. > > Sure, that's why I have a *bad* workaround to not update the 'objectClass' > attribute even if the original and my generated one don't match. IMO this is not a *bad* workaround. I think it's good practice in a UI client to *not* automagically modify attribute 'objectClass' without explicit user interaction asking for modification. Ciao, Michael.

1 0

Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by michael＠stroeder.com 23 May '13

23 May '13

This is a cryptographically signed message in MIME format. --------------ms090403020009030408070805 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable pa(a)marcelot.net wrote: > It looks like it's not possible to modify the 'objectClass' attribute o= f > configuration entries. >=20 > I have some code generating entries for OpenLDAP configuration from a U= I utility > and updating existing configuration entries in DIT. > This code generates entries with the 'objectClass' attribute containing= the full > object class hierarchy (all the way to 'top') and not only the highest > structural object class (which is the case of default OpenLDAP configur= ation). >=20 > When updating the configuration in the DIT, the code then tries to comp= lete the > 'objectClass' attribute with the full list of object classes. > That operations ends with "error code 53- UnwillingToPerform". >=20 >=20 > Here's an example on the "cn=3Dconfig" entry: > #!RESULT ERROR > #!CONNECTION ldap://10.211.55.13:389 > #!DATE 2013-05-22T14:56:03.039 > #!ERROR [LDAP: error code 53 - UnwillingToPerform] > dn: cn=3Dconfig > changetype: modify > replace: objectClass > objectClass: olcConfig > objectClass: olcGlobal > objectClass: top It's not necessarily a bug. I think LDAP clients should not act too "smart" and therefore should not automagically add object classes from the structural object class chain i= f they are not already present. You will run into issues with various LDAP server implementations - at least according to experiences I made with conducting interop testing with web2ldap and several server implementatio= ns. A schema-aware client could auto-complete structural object class chain i= f adding a new entry though. But again: Don't be too smart. May I ask which UI utility you're using? Ciao, Michael. --------------ms090403020009030408070805 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/ kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB 1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0 Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1 c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/ BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3 LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2 KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4 B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt 5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z 5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1 3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV 0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9 ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNTIzMTcyNjAwWjAjBgkq hkiG9w0BCQQxFgQUigp5LllXS15xuHzQioG6nuOqOi0wbAYJKoZIhvcNAQkPMV8wXTALBglg hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBoAYJKwYBBAGCNxAEMYGSMIGP MHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQL ExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRl ciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wgaIGCyqGSIb3DQEJEAILMYGS oIGPMHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENl bnRlciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wDQYJKoZIhvcNAQEBBQAE ggEAKbzYGPYLZcAWjv0/WTjtlgavVd5dN7dbpT+jLvQpMT32iabw4pq+S4R1giJFoTpmy9PT bhM6G4EI2k0G62FScEMTYSrARYtm4S6MafnNOqntIYFqEY0VrSzK7Zc0Xpcw49SIoNrSQ8zT PlqtPVzvSMOLHFwYJSzdmvYgw2SYUGsibYaeG0VqlWzL693QVSDIb2Mn9jaCBvd7LHFwuOlN stfl7ITPkm6eJ79LcA9l6NVx/bWnDx/sgSDFciFz3NvA5NCyzLmJq1ObFukvI3qPYUS2xtLY glQ4lTiM7EbfGrXwKDO72J6FueGj6PLQ831+hh6gZr9PMKBvazoPhUvSEQAAAAAAAA== --------------ms090403020009030408070805--

1 0

Re: (ITS#7581) adding meta backend in cn=config with ldapadd / ldapmodify
by hyc＠symas.com 23 May '13

23 May '13

dcoutadeur(a)linagora.com wrote: > Full_Name: dcoutadeur > Version: 2.4.35 / git > OS: openSuse 11.3 x86_64 > URL: > Submission from: (NULL) (80.67.162.201) > > > I apologize in advance if this is not considered as a bug, but I thought this > ticket should help the community anyway... > > The problem is that it seems impossible to add meta backend in cn=config thanks > to ldapadd / ldapmodify clients. I thought the major interest for cn=config was > precisely to let administrators change the configuration in a remote way, but > maybe new database configuration is an exception ? Seems we need some rework here to allow this case. Currently bconfig assumes that the olcDatabaseConfig entry is sufficient by itself, and any child entries underneath are just optional. It doesn't handle the case where the olcDatabaseConfig entry is basically an incomplete config. > > Here are the technical elements : > > Content of meta.ldif : > > dn: olcDatabase={2}meta,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMetaConfig > olcDatabase: {2}meta > olcSuffix: dc=foo,dc=com > > debug information in slapd, after the command : > ldapadd -H "ldap://localhost:389" -D "cn=config" -W -f meta.ldif > > 518220f1 conn=1002 op=1 ADD dn="olcDatabase={2}meta,cn=config" > 518220f1 meta_back_db_open: no targets defined > 518220f1 backend_startup_one (type=meta, suffix="dc=foo,dc=com"): bi_db_open > failed! (1) > 518220f1 olcSuffix: value #0: <olcSuffix> failed startup (dc=foo,dc=com)! > > However, I can add this entry via slapadd : > > dn: olcDatabase={2}meta,cn=config > objectClass: olcDatabaseConfig > objectClass: olcMetaConfig > olcDatabase: {2}meta > olcSuffix: dc=foo,dc=com > olcAddContentAcl: FALSE > olcLastMod: TRUE > olcMaxDerefDepth: 15 > olcReadOnly: FALSE > olcSyncUseSubentry: FALSE > olcMonitoring: FALSE > olcDbOnErr: continue > olcDbPseudoRootBindDefer: TRUE > olcDbSingleConn: FALSE > olcDbUseTemporaryConn: FALSE > olcDbConnectionPoolMax: 16 > olcDbBindTimeout: 100000 > olcDbCancel: abandon > olcDbChaseReferrals: FALSE > olcDbNoRefs: FALSE > olcDbNoUndefFilter: FALSE > olcDbNretries: 10 > olcDbProtocolVersion: 3 > olcDbRebindAsUser: FALSE > olcDbSessionTrackingRequest: FALSE > olcDbTFSupport: no > structuralObjectClass: olcMetaConfig > entryUUID: cf8afa3a-a284-4ac8-b60e-9431b0807ed4 > creatorsName: cn=config > createTimestamp: 20130430162302Z > entryCSN: 20130430162302.509672Z#000000#000#000000 > modifiersName: cn=config > modifyTimestamp: 20130430162302Z > > The fact is I don't have a metatarget configuration, because this is a subentry > of olcDatabase={2}meta,cn=config, thus I must add the latter entry first. > > > Also notice that I can't do a slapadd with just the meta configuration. (the > ldif above). If I do this, I have an error : > slapadd: could not add entry dn="olcDatabase={2}meta,cn=config" (line=1): > autocreation of "olcDatabase={-1}frontend" failed > > I had to make a backup of the full configuration, and then add the meta > configuration and import the resulting file. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by pa＠marcelot.net 23 May '13

23 May '13

On 23 mai 2013, at 16:31, Howard Chu <hyc(a)symas.com> wrote: > pa(a)marcelot.net wrote: >> Full_Name: Pierre-Arnaud Marcelot >> Version: 2.4.35 >> OS: Linux Mint >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (78.226.4.211) >> >> >> Hi, >> >> It looks like it's not possible to modify the 'objectClass' attribute of >> configuration entries. > > Correct. The config DIT has very rigid schema and layout rules. Indeed. >> I have some code generating entries for OpenLDAP configuration from a UI utility >> and updating existing configuration entries in DIT. >> This code generates entries with the 'objectClass' attribute containing the full >> object class hierarchy (all the way to 'top') and not only the highest >> structural object class (which is the case of default OpenLDAP configuration). >> >> When updating the configuration in the DIT, the code then tries to complete the >> 'objectClass' attribute with the full list of object classes. >> That operations ends with "error code 53- UnwillingToPerform". > > Don't do that. Sure, that's why I have a *bad* workaround to not update the 'objectClass' attribute even if the original and my generated one don't match. Still, looking at LDAP standards, that doesn't seem to be a naughty operation at all and nothing is really wrong with the resulting entry. Regards, Pierre-Arnaud >> Here's an example on the "cn=config" entry: >> #!RESULT ERROR >> #!CONNECTION ldap://10.211.55.13:389 >> #!DATE 2013-05-22T14:56:03.039 >> #!ERROR [LDAP: error code 53 - UnwillingToPerform] >> dn: cn=config >> changetype: modify >> replace: objectClass >> objectClass: olcConfig >> objectClass: olcGlobal >> objectClass: top >> - >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by hyc＠symas.com 23 May '13

23 May '13

pa(a)marcelot.net wrote: > Full_Name: Pierre-Arnaud Marcelot > Version: 2.4.35 > OS: Linux Mint > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (78.226.4.211) > > > Hi, > > It looks like it's not possible to modify the 'objectClass' attribute of > configuration entries. Correct. The config DIT has very rigid schema and layout rules. > I have some code generating entries for OpenLDAP configuration from a UI utility > and updating existing configuration entries in DIT. > This code generates entries with the 'objectClass' attribute containing the full > object class hierarchy (all the way to 'top') and not only the highest > structural object class (which is the case of default OpenLDAP configuration). > > When updating the configuration in the DIT, the code then tries to complete the > 'objectClass' attribute with the full list of object classes. > That operations ends with "error code 53- UnwillingToPerform". Don't do that. > Here's an example on the "cn=config" entry: > #!RESULT ERROR > #!CONNECTION ldap://10.211.55.13:389 > #!DATE 2013-05-22T14:56:03.039 > #!ERROR [LDAP: error code 53 - UnwillingToPerform] > dn: cn=config > changetype: modify > replace: objectClass > objectClass: olcConfig > objectClass: olcGlobal > objectClass: top > - > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by pa＠marcelot.net 23 May '13

23 May '13

Full_Name: Pierre-Arnaud Marcelot Version: 2.4.35 OS: Linux Mint URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.226.4.211) Hi, It looks like it's not possible to modify the 'objectClass' attribute of configuration entries. I have some code generating entries for OpenLDAP configuration from a UI utility and updating existing configuration entries in DIT. This code generates entries with the 'objectClass' attribute containing the full object class hierarchy (all the way to 'top') and not only the highest structural object class (which is the case of default OpenLDAP configuration). When updating the configuration in the DIT, the code then tries to complete the 'objectClass' attribute with the full list of object classes. That operations ends with "error code 53- UnwillingToPerform". Here's an example on the "cn=config" entry: #!RESULT ERROR #!CONNECTION ldap://10.211.55.13:389 #!DATE 2013-05-22T14:56:03.039 #!ERROR [LDAP: error code 53 - UnwillingToPerform] dn: cn=config changetype: modify replace: objectClass objectClass: olcConfig objectClass: olcGlobal objectClass: top -

1 0

(ITS#7596)
by nzipsi＠gmail.com 22 May '13

22 May '13

--bcaec53af1e4a1ae7704dd5c4ab8 Content-Type: text/plain; charset=UTF-8 Tested my idea about patching it, and it didn't work. There's something, somewhere, that doesn't like values of 0, and so doesn't include the graceAuthN warning in the returned password control if ngut is 0. I still believe what I have described above is an error, but I don't know enough about C or the internal structure of OpenLDAP to figure out why it's not working, and how (or even if) it can be fixed. --bcaec53af1e4a1ae7704dd5c4ab8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Tested my idea about patching it, and it didn't work. = There's something, somewhere, that doesn't like values of 0, and so= doesn't include the graceAuthN warning in the returned password contro= l if ngut is 0. I still believe what I have described above is an error, bu= t I don't know enough about C or the internal structure of OpenLDAP to = figure out why it's not working, and how (or even if) it can be fixed.<= /div> --bcaec53af1e4a1ae7704dd5c4ab8--

1 0

Re: (ITS#7597) migration of sunone 5.2 to openldap 2.4
by quanah＠zimbra.com 22 May '13

22 May '13

--On Tuesday, May 21, 2013 8:38 AM +0000 univadisitisteam(a)hcl.com wrote: > Full_Name: venkatesh > Version: 2.4 > OS: RH5.6 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (155.91.28.231) > > > HI Team, > > We have a requirement for migrating existing Sun One 5.2 DS to open ldap > 2.4 Authentication.Please guide me how to do this migration. The ITS system is for reporting bugs with OpenLDAP. For migration help, I would advise you contact a company such as Symas (http://www.symas.com) that specializes in helping people with such migrations. You could also try asking for general help on -technical, but results may vary. This ITS will be closed. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7604) back-mdb abort after searching modrdn'd enry
by quanah＠OpenLDAP.org 22 May '13

22 May '13

Full_Name: Quanah Gibson-Mount Version: RE24 5/14/2013 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.58.125) Searching on an entry that has been renamed via modrdn can trigger an abort. It appears that modrdn periodically fails causing random corruption in the db.

1 0

← Newer
1
2
3
4
5
6
7
8
9
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2013