openldap-bugs December 2014

openldap-bugs@openldap.org

24 participants
95 discussions

Re: (ITS#7968) SIGSEGV shortly after reconnection performed by syncrepl due to synchronization conflicts
by hyc＠symas.com 01 Dec '14

01 Dec '14

Leonid Yuriev wrote: > Partially fixed. > Patch is for current OPENLDAP_REL_ENG_2_4, but applicable for master. Thanks, the patch makes sense. But if only partial, what else is still crashing? > > Leonid. > > -- > > The attached files is derived from OpenLDAP Software. All of the > modifications > to OpenLDAP Software represented in the following patch(es) were > developed by > Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned > rights > and/or interest in this work to any party. I, Leonid Yuriev am > authorized by > Peter-Service LLC, my employer, to release this work under the following > terms. > > Peter-Service LLC hereby places the following modifications to OpenLDAP > Software > (and only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or > without attribution and/or other notice. > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7968) SIGSEGV shortly after reconnection performed by syncrepl due to synchronization conflicts
by leo＠yuriev.ru 01 Dec '14

01 Dec '14

This is a multi-part message in MIME format. --------------040002050003040401050402 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Partially fixed. Patch is for current OPENLDAP_REL_ENG_2_4, but applicable for master. Leonid. -- The attached files is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned rights and/or interest in this work to any party. I, Leonid Yuriev am authorized by Peter-Service LLC, my employer, to release this work under the following terms. Peter-Service LLC hereby places the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. --------------040002050003040401050402 Content-Type: text/x-patch; name="slapd-syncrepl-locking.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="slapd-syncrepl-locking.patch" commit e845cfba8b8c17d291fb810b762e2d2bdb22b016 Author: Leo Yuriev <leo(a)yuriev.ru> Date: 2014-12-01 19:26:08 +0300 ITS#7968: add locking into syncrepl. Mutex must be held even for a read-access of a cookie state, as there may be a race with write in other thread. diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index caab9f5..eb7bec2 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -926,6 +926,7 @@ do_syncrep2( if ( syncCookie.ctxcsn ) { int i, sid = slap_parse_csn_sid( syncCookie.ctxcsn ); check_syncprov( op, si ); + ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex ); for ( i =0; i<si->si_cookieState->cs_num; i++ ) { /* new SID */ if ( sid < si->si_cookieState->cs_sids[i] ) @@ -935,15 +936,18 @@ do_syncrep2( bdn.bv_val[bdn.bv_len] = '\0'; Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN too old, ignoring %s (%s)\n", si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val ); + si->si_too_old = 1; + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex ); ldap_controls_free( rctrls ); rc = 0; - si->si_too_old = 1; goto done; } si->si_too_old = 0; break; } } + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex ); + /* check pending CSNs too */ while ( ldap_pvt_thread_mutex_trylock( &si->si_cookieState->cs_pmutex )) { if ( slapd_shutdown ) { @@ -953,6 +957,8 @@ do_syncrep2( if ( !ldap_pvt_thread_pool_pausecheck( &connection_pool )) ldap_pvt_thread_yield(); } + + ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex ); for ( i =0; i<si->si_cookieState->cs_pnum; i++ ) { if ( sid < si->si_cookieState->cs_psids[i] ) break; @@ -961,9 +967,10 @@ do_syncrep2( bdn.bv_val[bdn.bv_len] = '\0'; Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN pending, ignoring %s (%s)\n", si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val ); + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex ); + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex ); ldap_controls_free( rctrls ); rc = 0; - ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex ); goto done; } ber_bvreplace( &si->si_cookieState->cs_pvals[i], @@ -978,6 +985,7 @@ do_syncrep2( (struct sync_cookie *)&si->si_cookieState->cs_pvals, i, sid, syncCookie.ctxcsn ); } + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex ); assert( punlock < 0 ); punlock = i; } else if (si->si_too_old) { @@ -1032,6 +1040,7 @@ do_syncrep2( /* on failure, revert pending CSN */ if ( rc != LDAP_SUCCESS ) { int i; + ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex ); for ( i = 0; i<si->si_cookieState->cs_num; i++ ) { if ( si->si_cookieState->cs_sids[i] == si->si_cookieState->cs_psids[punlock] ) { ber_bvreplace( &si->si_cookieState->cs_pvals[punlock], @@ -1041,6 +1050,7 @@ do_syncrep2( } if ( i == si->si_cookieState->cs_num ) si->si_cookieState->cs_pvals[punlock].bv_val[0] = '\0'; + ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex ); } ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex ); } --------------040002050003040401050402--

1 0

Re: (ITS#7989) wrong search results "scope one" with mdb backend
by quanah＠zimbra.com 01 Dec '14

01 Dec '14

--On Monday, December 01, 2014 4:04 PM +0000 dab1818(a)gmail.com wrote: > Full_Name: Dmitry Bakshaev > Version: 2.4.38, 2.4.40 > OS: gentoo linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (87.249.250.7) Duplicate of ITS#7975, fixed in master, closing. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7989) wrong search results "scope one" with mdb backend
by dab1818＠gmail.com 01 Dec '14

01 Dec '14

Full_Name: Dmitry Bakshaev Version: 2.4.38, 2.4.40 OS: gentoo linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (87.249.250.7) slapd.conf: include /etc/openldap/schema/core.schema pidfile /tmp/openldap-data-test/slapd.pid argsfile /tmp/openldap-data-test/slapd.args database mdb directory /tmp/openldap-data-test suffix "c=ru" index objectClass eq test.ldif: dn: c=ru objectClass: country c: ru dn: o=org,c=ru objectClass: organization o: org dn: ou=unit,o=org,c=ru objectClass: organizationalUnit ou: unit dn: ou=subunit,ou=unit,o=org,c=ru objectClass: organizationalUnit ou: subunit dn: cn=pers,ou=unit,o=org,c=ru objectClass: person cn: pers sn: pers load test.ldif: slapadd -f slapd.conf -l test.ldif -q run slapd: /usr/lib/openldap/slapd -f slapd.conf -d 127 -h "ldap:///" execute query: ldapsearch -H ldaps://localhost -b ou%ununit,o=org,c=ru -s one "(objectclass=organizationalUnit)" result contains wrong data (expects only ou=subunit,ou=unit,o=org,c=ru): # unit, org, ru dn: ou=unit,o=org,c=ru objectClass: organizationalUnit ou: unit # subunit, unit, org, ru dn: ou=subunit,ou=unit,o=org,c=ru objectClass: organizationalUnit ou: subunit # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 worked as expected: 1. on openldap-2.4.35 (with mdb 0.9.6) or below; or 2. with "database bdb"; or 3. without "index objectClass eq".

1 0

Re: (ITS#7832) Proposing ppolicy extended module for OpenLDAP
by dcoutadeur＠linagora.com 01 Dec '14

01 Dec '14

Hi, I am considering solutions to give the password policy module its configuration in cn=config, and not in a flat configuration file. However, If I create a ppm.la overlay to register a ppm configuration schema, I won't be able to read it in the ppm.so which is loaded dynamically by the ppolicy overlay. Indeed, ppolicy is dynamically including the ppm.so code through libtool, so there is no link at all between ppm.so and ppm.la. Does anybody have an idea on how a module called by the ppolicy could read some configuration in cn=config ? Thanks in advance ! David Le 12/11/2014 10:41, David Coutadeur a écrit : > > Hi, > > The ppm module is still alive, and is evolving. > Last version is 1.2, and source code is now available on Github : > > https://github.com/davidcoutadeur/ppm > > There are also plans to package it. > If anybody is interrested, I am always glad to hear about comments, > ideas, improvements,... > > Sincerely, > > David

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2014