Re: (ITS#7645) various TLSProtocolMin issues
by guenther@sendmail.com
[Post-facto. Howard has already committed this]
I believe there's two other doc changes that should be added for this:
1) syncrepl accepts tls_protocol_min as a suboption too,
2) for consistency, perhaps slapd-ldap(5) and slapd-meta(5) should use the
same <major>[.<minor>] syntax for the value as ldap.conf(5) and
slapd.conf(5) ?
First two chunks below are for (1), second two for (2).
Philip Guenther
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index af8beb3..2f8e656 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -1786,6 +1786,7 @@ FALSE, meaning the contextCSN is stored in the context entry.
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
+.B [tls_protocol_min=<major>[.<minor>]]
.B [suffixmassage=<real DN>]
.B [logbase=<base DN>]
.B [logfilter=<filter str>]
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 70116df..8840e3a 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1763,6 +1763,7 @@ the contextCSN is stored in the context entry.
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
+.B [tls_protocol_min=<major>[.<minor>]]
.B [suffixmassage=<real DN>]
.B [logbase=<base DN>]
.B [logfilter=<filter str>]
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 98969e0..8df818c 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -114,7 +114,7 @@ needs to be created.
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
-.B [tls_protocol_min=<version>]
+.B [tls_protocol_min=<major>[.<minor>]]
.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index a4020b5..9a326d5 100644
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -381,7 +381,7 @@ for details on the syntax of this field.
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_ciphersuite=<ciphers>]
-.B [tls_protocol_min=<version>]
+.B [tls_protocol_min=<major>[.<minor>]]
.B [tls_crlcheck=none|peer|all]
.RS
Allows to define the parameters of the authentication method that is
10 years, 4 months
Re: (ITS#7653) Test Build Version 2.4.36 hangs
by quanah@zimbra.com
--On July 31, 2013 6:51:18 AM +0000 howard.allison(a)pensionsversicherung.at
wrote:
> Full_Name: Howard Allison
> Version: 2.4.36
> OS: AIX
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.153.217.248)
>
>
> AIX 6.1 Using IBM VAC Compiler
> Configure and Build works, test hangs at test005
Hi, thanks for the report. Unfortunately, your stack trace only shows a
single thread out of multiple threads. This thread is waiting on another
thread to complete a task. Please submit a full backtrace of all threads.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 4 months
(ITS#7656) Build: Installing LMDB on OS X
by john@jahewson.com
Full_Name: John Hewson
Version: 2.4.35
OS: OS X 10.8.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.175.89.135)
I can't install liblmdb on OS X because its Makefile assumes that cp can
handle multiple source files, rather than the basic POSIX cp, which can't.
This leads to the situation on OS X where:
cp source1 source2 dest
throws an error.
The breaks the LMDB Makefile, because its install attempts to do:
ILIBS = liblmdb.a liblmdb.so
...
cp $(IPROGS) $(DESTDIR)$(prefix)/bin
Most makefiles I've encountered use a for loop for copying multiple files,
so the fix for the Makefile is to change `install` to:
install: $(ILIBS) $(IPROGS) $(IHDRS)
for f in $(IPROGS); do cp $$f $(DESTDIR)$(prefix)/bin; done
for f in $(ILIBS); do cp $$f $(DESTDIR)$(prefix)/lib; done
for f in $(IHDRS); do cp $$f $(DESTDIR)$(prefix)/include; done
for f in $(IDOCS); do cp $$f $(DESTDIR)$(prefix)/man/man1; done
Then LMDB builds and installs successfully on OS X.
10 years, 4 months
Re: (ITS#7655) segfault during initial mirror of multimaster delta replication
by quanah@zimbra.com
--On Sunday, August 04, 2013 4:27 PM +0000 hans.freitag(a)entiretec.com wrote:
> Full_Name: Hans Freitag
> Version: 2.4.35 and 33
> OS: SLES 11SP2
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.200.138.3)
>
>
> I have a Multimaster Delta replication setup here with bdb on a 18 GB
> Database.
>
> After a crash due to a full disk I made a new database on one node ans
> started over.
>
> The empty node started to replicate, from the full one but after a while
> (approx. 2GB) it crashed with a segfault:
>
> Aug 4 11:45:32 mhr-dd-lda-01 kernel: [52189.476209] slapd[10158]:
> segfault at 20 ip 00007ff97ebfabc0 sp 00007ff6e57e6b38 error 4 in
> libc-2.11.1.so[7ff97eb79000+155000]
>
> So i thought, maybe it is not e good Idea to put in a package for SP2 in a
> machine running SP1 so my first attempt to solve was an upgrade. After the
> upgrade I got this:
>
> Aug 4 12:46:29 mhr-dd-lda-01 kernel: [ 1414.757587] slapd[3704]:
> segfault at 20 ip 00007fc82eee6182 sp 00007fc592e0acf0 error 4 in
> slapd[7fc82ee7a000+1e6000]
>
> So I created a brandnew openldap RPM 2.4.35 rpm to try out if the problem
> is maybe related to the 2.4.33 version I am running. But fail:
>
> Aug 4 13:47:19 mhr-dd-lda-01 kernel: [ 5063.074410] slapd[8749]:
> segfault at 20 ip 00007fcbc1b537dc sp 00007fc92624fb88 error 4 in
> slapd[7fcbc1ac8000+1ea000]
>
> At the moment I deactivated the accesslogging on the node which seems to
> work. I will know for sure in a few hours. ;-) I can try to reproduce
> that on a backup node next week. Whenn all the main nodes are up and
> running again. :)
I would suggest you build with debugging symbols, enable core files, and
provide a backtrace of the problem. What you have provided does not give
any useful information for debugging purposes. You also fail to state the
backend you are using (back-bdb or back-hdb).
For information on how to provide a backtrace:
<http://www.openldap.org/faq/data/cache/59.html>
Regards,
Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 4 months
(ITS#7655) segfault during initial mirror of multimaster delta replication
by hans.freitag@entiretec.com
Full_Name: Hans Freitag
Version: 2.4.35 and 33
OS: SLES 11SP2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.200.138.3)
I have a Multimaster Delta replication setup here with bdb on a 18 GB Database.
After a crash due to a full disk I made a new database on one node ans started
over.
The empty node started to replicate, from the full one but after a while
(approx. 2GB) it crashed with a segfault:
Aug 4 11:45:32 mhr-dd-lda-01 kernel: [52189.476209] slapd[10158]: segfault at
20 ip 00007ff97ebfabc0 sp 00007ff6e57e6b38 error 4 in
libc-2.11.1.so[7ff97eb79000+155000]
So i thought, maybe it is not e good Idea to put in a package for SP2 in a
machine running SP1 so my first attempt to solve was an upgrade. After the
upgrade I got this:
Aug 4 12:46:29 mhr-dd-lda-01 kernel: [ 1414.757587] slapd[3704]: segfault at 20
ip 00007fc82eee6182 sp 00007fc592e0acf0 error 4 in slapd[7fc82ee7a000+1e6000]
So I created a brandnew openldap RPM 2.4.35 rpm to try out if the problem is
maybe related to the 2.4.33 version I am running. But fail:
Aug 4 13:47:19 mhr-dd-lda-01 kernel: [ 5063.074410] slapd[8749]: segfault at 20
ip 00007fcbc1b537dc sp 00007fc92624fb88 error 4 in slapd[7fcbc1ac8000+1ea000]
At the moment I deactivated the accesslogging on the node which seems to work. I
will know for sure in a few hours. ;-) I can try to reproduce that on a backup
node next week. Whenn all the main nodes are up and running again. :)
10 years, 4 months
(ITS#7654) [PATCH] back-meta/config.c: #include "ldif.h"
by fumiyas@osstech.co.jp
Full_Name: SATOH Fumiyasu
Version: master
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (240b:10:2640:bf0:222:5fff:fe95:3cda)
>From 9d009b4890586354e94be92f4ddb2462e9d18158 Mon Sep 17 00:00:00 2001
From: SATOH Fumiyasu <fumiyas(a)osstech.co.jp>
Date: Fri, 2 Aug 2013 18:20:05 +0900
Subject: [PATCH] back-meta/config.c: #include "ldif.h"
---
servers/slapd/back-meta/config.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/servers/slapd/back-meta/config.c
b/servers/slapd/back-meta/config.c
index 0be9ed8..a23f5ef 100644
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -30,6 +30,7 @@
#include "slap.h"
#include "config.h"
#include "lutil.h"
+#include "ldif.h"
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
--
1.8.3.2
10 years, 4 months
Re: (ITS#7651) LMDB: Uncontrolled database when opened from multiple processes
by h.b.furuseth@usit.uio.no
Howard Chu writes:
> h.b.furuseth(a)usit.uio.no wrote:
>> I'd call this two doc bugs:
>>
>> Something should mention that once a page has been used, the file will
>> never shrink below that page. (Can't quite say that the file never
>> shrinks, since WRITEMAP and Windows will set it to exact re-configurable
>> mapsize in some cases. If I remember correctly.)
>
> You cannot shrink the mapsize below that last used page, and the last used
> page is a non-decreasing number.
Yes. Duh, that's already roughly stated under mdb_env_set_mapsize().
>> mdb_env_copy() and mdb_env_copyfd() should document that
>>
>> @node This call can trigger siginficant file size growth if run in
>> parallel with write transactions, because it employs a read-only
>> transaction. See long-lived transactions under Caveats.
I'll add this one though.
>> I wonder that means these functions should have a flag parameter.
>> For some databases, users might prefer a _write_ transaction while
>> reading the DB, blocking writes while copying.
>
> No one has ever wanted a hot-backup function that halts writes. You
> might as well not do a hot-backup at all.
Yes, nevermind about a mdb_env_copy() flag. An mdb_txn_begin
timeout would make it a viable choice - but if that is implemented
someday, those two behaviors together could go in an MDB_env flag.
--
Hallvard
10 years, 4 months
