Re: (ITS#7968) SIGSEGV shortly after reconnection performed by syncrepl due to synchronization conflicts
by hyc@symas.com
Leonid Yuriev wrote:
> Partially fixed.
> Patch is for current OPENLDAP_REL_ENG_2_4, but applicable for master.
Thanks, the patch makes sense. But if only partial, what else is still
crashing?
>
> Leonid.
>
> --
>
> The attached files is derived from OpenLDAP Software. All of the
> modifications
> to OpenLDAP Software represented in the following patch(es) were
> developed by
> Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned
> rights
> and/or interest in this work to any party. I, Leonid Yuriev am
> authorized by
> Peter-Service LLC, my employer, to release this work under the following
> terms.
>
> Peter-Service LLC hereby places the following modifications to OpenLDAP
> Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or
> without attribution and/or other notice.
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 5 months
Re: (ITS#7968) SIGSEGV shortly after reconnection performed by syncrepl due to synchronization conflicts
by leo@yuriev.ru
This is a multi-part message in MIME format.
--------------040002050003040401050402
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Partially fixed.
Patch is for current OPENLDAP_REL_ENG_2_4, but applicable for master.
Leonid.
--
The attached files is derived from OpenLDAP Software. All of the
modifications
to OpenLDAP Software represented in the following patch(es) were
developed by
Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned rights
and/or interest in this work to any party. I, Leonid Yuriev am authorized by
Peter-Service LLC, my employer, to release this work under the following
terms.
Peter-Service LLC hereby places the following modifications to OpenLDAP
Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or
without attribution and/or other notice.
--------------040002050003040401050402
Content-Type: text/x-patch;
name="slapd-syncrepl-locking.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="slapd-syncrepl-locking.patch"
commit e845cfba8b8c17d291fb810b762e2d2bdb22b016
Author: Leo Yuriev <leo(a)yuriev.ru>
Date: 2014-12-01 19:26:08 +0300
ITS#7968: add locking into syncrepl.
Mutex must be held even for a read-access of a cookie state,
as there may be a race with write in other thread.
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index caab9f5..eb7bec2 100644
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -926,6 +926,7 @@ do_syncrep2(
if ( syncCookie.ctxcsn ) {
int i, sid = slap_parse_csn_sid( syncCookie.ctxcsn );
check_syncprov( op, si );
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i =0; i<si->si_cookieState->cs_num; i++ ) {
/* new SID */
if ( sid < si->si_cookieState->cs_sids[i] )
@@ -935,15 +936,18 @@ do_syncrep2(
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN too old, ignoring %s (%s)\n",
si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val );
+ si->si_too_old = 1;
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
ldap_controls_free( rctrls );
rc = 0;
- si->si_too_old = 1;
goto done;
}
si->si_too_old = 0;
break;
}
}
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
+
/* check pending CSNs too */
while ( ldap_pvt_thread_mutex_trylock( &si->si_cookieState->cs_pmutex )) {
if ( slapd_shutdown ) {
@@ -953,6 +957,8 @@ do_syncrep2(
if ( !ldap_pvt_thread_pool_pausecheck( &connection_pool ))
ldap_pvt_thread_yield();
}
+
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i =0; i<si->si_cookieState->cs_pnum; i++ ) {
if ( sid < si->si_cookieState->cs_psids[i] )
break;
@@ -961,9 +967,10 @@ do_syncrep2(
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN pending, ignoring %s (%s)\n",
si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val );
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
ldap_controls_free( rctrls );
rc = 0;
- ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
goto done;
}
ber_bvreplace( &si->si_cookieState->cs_pvals[i],
@@ -978,6 +985,7 @@ do_syncrep2(
(struct sync_cookie *)&si->si_cookieState->cs_pvals,
i, sid, syncCookie.ctxcsn );
}
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
assert( punlock < 0 );
punlock = i;
} else if (si->si_too_old) {
@@ -1032,6 +1040,7 @@ do_syncrep2(
/* on failure, revert pending CSN */
if ( rc != LDAP_SUCCESS ) {
int i;
+ ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i = 0; i<si->si_cookieState->cs_num; i++ ) {
if ( si->si_cookieState->cs_sids[i] == si->si_cookieState->cs_psids[punlock] ) {
ber_bvreplace( &si->si_cookieState->cs_pvals[punlock],
@@ -1041,6 +1050,7 @@ do_syncrep2(
}
if ( i == si->si_cookieState->cs_num )
si->si_cookieState->cs_pvals[punlock].bv_val[0] = '\0';
+ ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
}
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
}
--------------040002050003040401050402--
8 years, 5 months
Re: (ITS#7989) wrong search results "scope one" with mdb backend
by quanah@zimbra.com
--On Monday, December 01, 2014 4:04 PM +0000 dab1818(a)gmail.com wrote:
> Full_Name: Dmitry Bakshaev
> Version: 2.4.38, 2.4.40
> OS: gentoo linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (87.249.250.7)
Duplicate of ITS#7975, fixed in master, closing.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
8 years, 5 months
(ITS#7989) wrong search results "scope one" with mdb backend
by dab1818@gmail.com
Full_Name: Dmitry Bakshaev
Version: 2.4.38, 2.4.40
OS: gentoo linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (87.249.250.7)
slapd.conf:
include /etc/openldap/schema/core.schema
pidfile /tmp/openldap-data-test/slapd.pid
argsfile /tmp/openldap-data-test/slapd.args
database mdb
directory /tmp/openldap-data-test
suffix "c=ru"
index objectClass eq
test.ldif:
dn: c=ru
objectClass: country
c: ru
dn: o=org,c=ru
objectClass: organization
o: org
dn: ou=unit,o=org,c=ru
objectClass: organizationalUnit
ou: unit
dn: ou=subunit,ou=unit,o=org,c=ru
objectClass: organizationalUnit
ou: subunit
dn: cn=pers,ou=unit,o=org,c=ru
objectClass: person
cn: pers
sn: pers
load test.ldif:
slapadd -f slapd.conf -l test.ldif -q
run slapd:
/usr/lib/openldap/slapd -f slapd.conf -d 127 -h "ldap:///"
execute query:
ldapsearch -H ldaps://localhost -b ou%ununit,o=org,c=ru -s one
"(objectclass=organizationalUnit)"
result contains wrong data (expects only ou=subunit,ou=unit,o=org,c=ru):
# unit, org, ru
dn: ou=unit,o=org,c=ru
objectClass: organizationalUnit
ou: unit
# subunit, unit, org, ru
dn: ou=subunit,ou=unit,o=org,c=ru
objectClass: organizationalUnit
ou: subunit
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
worked as expected:
1. on openldap-2.4.35 (with mdb 0.9.6) or below;
or 2. with "database bdb";
or 3. without "index objectClass eq".
8 years, 5 months
Re: (ITS#7832) Proposing ppolicy extended module for OpenLDAP
by dcoutadeur@linagora.com
Hi,
I am considering solutions to give the password policy module its
configuration in cn=config, and not in a flat configuration file.
However, If I create a ppm.la overlay to register a ppm configuration
schema, I won't be able to read it in the ppm.so which is loaded
dynamically by the ppolicy overlay.
Indeed, ppolicy is dynamically including the ppm.so code through
libtool, so there is no link at all between ppm.so and ppm.la.
Does anybody have an idea on how a module called by the ppolicy could
read some configuration in cn=config ?
Thanks in advance !
David
Le 12/11/2014 10:41, David Coutadeur a écrit :
>
> Hi,
>
> The ppm module is still alive, and is evolving.
> Last version is 1.2, and source code is now available on Github :
>
> https://github.com/davidcoutadeur/ppm
>
> There are also plans to package it.
> If anybody is interrested, I am always glad to hear about comments,
> ideas, improvements,...
>
> Sincerely,
>
> David
8 years, 5 months
