December 2014 - openldap-bugs

Re: (ITS#8005) crash when multiple olcDbURI are defined for chaining

by hyc＠symas.com

Khosrow Ebrahimpour wrote: > > On 12/17/2014 03:22 PM, Howard Chu wrote: >>>> Note that test032-chain in the test suite tests a config with two URIs >>>> and it passes successfully. >>> From what I see although test032 tests two URIs, it doesn't test two >>> URIs defined in the same olcDbURI field. The crash I've discovered only >>> occurs when two URIs are defined at the same time. And like I mentioned >>> in the issue report, this should be valid according to the man-page. No. slapo-chain(5) states explicitly: chain-uri <ldapuri> This directive instantiates a new underlying ldap database and instructs it about which URI to contact to chase referrals. As opposed to what stated in slapd-ldap(5), only one URI can appear after this directive; Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

Re: (ITS#8005) crash when multiple olcDbURI are defined for chaining

by khosrow.ebrahimpour＠ssc-spc.gc.ca

On 12/16/2014 04:47 PM, Howard Chu wrote: > Khosrow Ebrahimpour wrote: >> >> On 12/15/2014 01:20 PM, Howard Chu wrote: >>> khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >>>> On 12/15/2014 12:09 PM, Howard Chu wrote: >>>>> khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >>>>>> Full_Name: K. Ebrahimpour >>>>>> Version: RE24 (commit dbc6741750de79b852ec9f728abb8b1425b6f03f) >>>>>> OS: Ubuntu 14.04.1 >>>>>> URL: https://gist.github.com/khosrow/cc6640cad9275a2cd041 >>>>>> Submission from: (NULL) (205.211.133.128) >>>>> >>>>>> Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also >>>>>> able to >>>>>> replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise. >>>>> >>>>> The current release is 2.4.40. For such old releases you should >>>>> contact Ubuntu for support. >>>>> >>>> I may not have been clear enough on which versions I have tested. >>>> Please >>>> see the *VERSION* field in the ITS submission form for the correct >>>> version. >>>> >>>> To clarify, I have tested and reproduced the bug on the following >>>> versions: >>>> >>>> * 2.4.28 on Ubuntu 12.04 (official Ubuntu package) >>>> * 2.4.31 on Ubuntu 14.04 (official Ubuntu package) >>>> * RE24 commit #dbc6741750de79b852ec9f728abb8b1425b6f03f on Ubuntu >>>> 14.04 >>>> (from OpenLDAP git repo) >>>> >>>> I understand the two first instances are old releases, I simply tested >>>> the bug on progressively newer versions of the software. Are you >>>> saying >>>> that the third tested version is also old? >>> >>> That commit ID is a few months old, from before 2.4.40 was released. >>> We are currently preparing to release 2.4.41, so yes, it's old. >>> >> Bug confirmed and replicated against OPENLDAP_REL_ENG_2_4 branch on >> commit 87c3614bee6de3a29ff95e311b2870322f1e35f0. I have updated the gist >> (in the bug report) with a new crash log from the replica server. > > Note that test032-chain in the test suite tests a config with two URIs > and it passes successfully. From what I see although test032 tests two URIs, it doesn't test two URIs defined in the same olcDbURI field. The crash I've discovered only occurs when two URIs are defined at the same time. And like I mentioned in the issue report, this should be valid according to the man-page. > > 1) provide a gdb stack trace of your crash > 2) provide a complete config that reproduces your crash, including the > data and commands used. Crash data now available at http://khosrow.ca/its8005 > > It might be easiest for you to edit the test032 setup to match yours. > Thanks,

8 years, 5 months

1
0
0 / 0

Re: (ITS#8008) proxyauth with saslmech EXTERNAL not working

by hyc＠symas.com

hyc(a)symas.com wrote: > Looks like you've compiled without DEBUG enabled, otherwise your 2.4.26 > build would have died with an assert() failure there. > > Send a complete config that reproduces the issue. Repeating myself: > Also give the complete > command you used. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

Re: (ITS#8008) proxyauth with saslmech EXTERNAL not working

by hyc＠symas.com

Dirk Kastens wrote: > Hi, > > I have attached my config directory. For future reference - just use slapcat -n0. The slapd config database internal format will not always be a directory tree, but slapcat will always do the right thing. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

(ITS#7780) constraint_attribute <attr> <size|count> 0 cause segfault

by hyc＠symas.com

Hello Ondrej, I tried your patch but it breaks test064-constraint. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

Re: (ITS#8005) crash when multiple olcDbURI are defined for chaining

by hyc＠symas.com

Khosrow Ebrahimpour wrote: > > On 12/15/2014 01:20 PM, Howard Chu wrote: >> khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >>> On 12/15/2014 12:09 PM, Howard Chu wrote: >>>> khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >>>>> Full_Name: K. Ebrahimpour >>>>> Version: RE24 (commit dbc6741750de79b852ec9f728abb8b1425b6f03f) >>>>> OS: Ubuntu 14.04.1 >>>>> URL: https://gist.github.com/khosrow/cc6640cad9275a2cd041 >>>>> Submission from: (NULL) (205.211.133.128) >>>> >>>>> Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also >>>>> able to >>>>> replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise. >>>> >>>> The current release is 2.4.40. For such old releases you should >>>> contact Ubuntu for support. >>>> >>> I may not have been clear enough on which versions I have tested. Please >>> see the *VERSION* field in the ITS submission form for the correct >>> version. >>> >>> To clarify, I have tested and reproduced the bug on the following >>> versions: >>> >>> * 2.4.28 on Ubuntu 12.04 (official Ubuntu package) >>> * 2.4.31 on Ubuntu 14.04 (official Ubuntu package) >>> * RE24 commit #dbc6741750de79b852ec9f728abb8b1425b6f03f on Ubuntu 14.04 >>> (from OpenLDAP git repo) >>> >>> I understand the two first instances are old releases, I simply tested >>> the bug on progressively newer versions of the software. Are you saying >>> that the third tested version is also old? >> >> That commit ID is a few months old, from before 2.4.40 was released. >> We are currently preparing to release 2.4.41, so yes, it's old. >> > Bug confirmed and replicated against OPENLDAP_REL_ENG_2_4 branch on > commit 87c3614bee6de3a29ff95e311b2870322f1e35f0. I have updated the gist > (in the bug report) with a new crash log from the replica server. Note that test032-chain in the test suite tests a config with two URIs and it passes successfully. 1) provide a gdb stack trace of your crash 2) provide a complete config that reproduces your crash, including the data and commands used. It might be easiest for you to edit the test032 setup to match yours. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

Re: (ITS#8005) crash when multiple olcDbURI are defined for chaining

by khosrow.ebrahimpour＠ssc-spc.gc.ca

On 12/15/2014 01:20 PM, Howard Chu wrote: > khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >> On 12/15/2014 12:09 PM, Howard Chu wrote: >>> khosrow.ebrahimpour(a)ssc-spc.gc.ca wrote: >>>> Full_Name: K. Ebrahimpour >>>> Version: RE24 (commit dbc6741750de79b852ec9f728abb8b1425b6f03f) >>>> OS: Ubuntu 14.04.1 >>>> URL: https://gist.github.com/khosrow/cc6640cad9275a2cd041 >>>> Submission from: (NULL) (205.211.133.128) >>> >>>> Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also >>>> able to >>>> replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise. >>> >>> The current release is 2.4.40. For such old releases you should >>> contact Ubuntu for support. >>> >> I may not have been clear enough on which versions I have tested. Please >> see the *VERSION* field in the ITS submission form for the correct >> version. >> >> To clarify, I have tested and reproduced the bug on the following >> versions: >> >> * 2.4.28 on Ubuntu 12.04 (official Ubuntu package) >> * 2.4.31 on Ubuntu 14.04 (official Ubuntu package) >> * RE24 commit #dbc6741750de79b852ec9f728abb8b1425b6f03f on Ubuntu 14.04 >> (from OpenLDAP git repo) >> >> I understand the two first instances are old releases, I simply tested >> the bug on progressively newer versions of the software. Are you saying >> that the third tested version is also old? > > That commit ID is a few months old, from before 2.4.40 was released. > We are currently preparing to release 2.4.41, so yes, it's old. > Bug confirmed and replicated against OPENLDAP_REL_ENG_2_4 branch on commit 87c3614bee6de3a29ff95e311b2870322f1e35f0. I have updated the gist (in the bug report) with a new crash log from the replica server. -- Khosrow

8 years, 5 months

1
0
0 / 0

Re: (ITS#8008) proxyauth with saslmech EXTERNAL not working

by hyc＠symas.com

dkastens(a)uos.de wrote: > Full_Name: Dirk Kastens > Version: 2.4.40 > OS: RedHat SL 7.0 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2001:638:508:3d0:8d09:a681:a06e:29f0) > > > This is a duplicate of bug #7993 that has been closed. > > Meanwhile I compiled openldap myself. > > At first, I compiled openldap-2.4.40. I configured ldap as a replica server. It > connects with saslmech EXTERNAL to the master server. > When I configure idassert-bind with saslmech EXTERNAL and try to change an > entry, ldapmodify fails with > > ldap_modify: Other (e.g., implementation specific) error (80) > > slapd logs the message: > --------------------------- > send_ldap_result: referral="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" > >>> dnPrettyNormal: > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> > <<< dnPrettyNormal: > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de>, > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> > conn=1000 op=1 ldap_chain_op: > ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" > -> "ldap://ldap-master.rz.uni-osnabrueck.de" > conn=1000 op=1 ldap_chain_op: > ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de": > URI="ldap://ldap-master.rz.uni-osnabrueck.de" found in cache > =>ldap_back_getconn: conn=1000 op=1: lc=0x7faca820bc70 inserted refcnt=1 > rc=0 > Error: ldap_back_is_proxy_authz returned 0, misconfigured URI? > send_ldap_result: conn=1000 op=1 p=3 > send_ldap_result: err=80 matched="" text="misconfigured URI?" > send_ldap_result: conn=1000 op=1 p=3 > send_ldap_result: err=80 matched="" text="" > send_ldap_response: msgid=2 tag=103 err=80 > --------------------------- > > Then I compiled openldap-2.4.26 and used the same configuration. The modify with > saslmech EXTERNAL succeeded: > > --------------------------- > send_ldap_result: conn=1001 op=1 p=3 > send_ldap_result: err=10 matched="" text="" > send_ldap_result: referral="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" > >>> dnPrettyNormal: > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> > <<< dnPrettyNormal: > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de>, > <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> > conn=1001 op=1 ldap_chain_op: > ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" > -> "ldap://ldap-master.rz.uni-osnabrueck.de" > conn=1001 op=1 ldap_chain_op: > ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de": > URI="ldap://ldap-master.rz.uni-osnabrueck.de" found in cache > =>ldap_back_getconn: conn=1001 op=1: lc=0x7f4f201fe6f0 inserted refcnt=1 > rc=0 > send_ldap_result: conn=1001 op=1 p=3 > send_ldap_result: err=0 matched="" text="" > send_ldap_response: msgid=2 tag=103 err=0 > --------------------------- > > With a quick look I found out, that the function ldap_back_dobind_int in > server/slapd/back-ldap/bind.c differs. In 2.4.26 you have: > > --------------------------- > if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) { > if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( > &bindcred ) ) { > /* if we got here, it shouldn't return result */ > rc = ldap_back_is_proxy_authz( op, rs, > LDAP_BACK_DONTSEND, &binddn, &bindcred );A A assert( rc == > 1 ); > } > rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, > &bindcred ); > goto done; > } > --------------------------- > > while in 2.4.40 there is: > > --------------------------- > if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) { > if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) > { > /* if we got here, it shouldn't return result */ > rc = ldap_back_is_proxy_authz( op, rs, > LDAP_BACK_DONTSEND, &binddn,2&bindcred ); > if ( rc != 1 ) { > Debug( LDAP_DEBUG_ANY, "Error: ldap_back_is_proxy_authz " > "returned %d, misconfigured URI?\n", rc, 0, 0 ); > rs->sr_err = LDAP_OTHER; > rs->sr_text = "misconfigured URI?"; > LP_P_BACK_CONN_ISBOUND_CLEAR( lc ); > if ( sendok & LDAP_BACK_SENDERR ) { > send_ldap_result( op, rs ); > } > goto done; > } > rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, > &bindcred ); > goto done; > } > -------------------------- > > This is where the error message comes from ("misconfigured URI?") Looks like you've compiled without DEBUG enabled, otherwise your 2.4.26 build would have died with an assert() failure there. Send a complete config that reproduces the issue. Also give the complete command you used. So far this just looks like a misconfiguration to me. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

8 years, 5 months

1
0
0 / 0

(ITS#8008) proxyauth with saslmech EXTERNAL not working

by dkastens＠uos.de

Full_Name: Dirk Kastens Version: 2.4.40 OS: RedHat SL 7.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:638:508:3d0:8d09:a681:a06e:29f0) This is a duplicate of bug #7993 that has been closed. Meanwhile I compiled openldap myself. At first, I compiled openldap-2.4.40. I configured ldap as a replica server. It connects with saslmech EXTERNAL to the master server. When I configure idassert-bind with saslmech EXTERNAL and try to change an entry, ldapmodify fails with ldap_modify: Other (e.g., implementation specific) error (80) slapd logs the message: --------------------------- send_ldap_result: referral="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" >>> dnPrettyNormal: <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> <<< dnPrettyNormal: <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de>, <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> conn=1000 op=1 ldap_chain_op: ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" -> "ldap://ldap-master.rz.uni-osnabrueck.de" conn=1000 op=1 ldap_chain_op: ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de": URI="ldap://ldap-master.rz.uni-osnabrueck.de" found in cache =>ldap_back_getconn: conn=1000 op=1: lc=0x7faca820bc70 inserted refcnt=1 rc=0 Error: ldap_back_is_proxy_authz returned 0, misconfigured URI? send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=80 matched="" text="misconfigured URI?" send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=80 matched="" text="" send_ldap_response: msgid=2 tag=103 err=80 --------------------------- Then I compiled openldap-2.4.26 and used the same configuration. The modify with saslmech EXTERNAL succeeded: --------------------------- send_ldap_result: conn=1001 op=1 p=3 send_ldap_result: err=10 matched="" text="" send_ldap_result: referral="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" >>> dnPrettyNormal: <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> <<< dnPrettyNormal: <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de>, <uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de> conn=1001 op=1 ldap_chain_op: ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de" -> "ldap://ldap-master.rz.uni-osnabrueck.de" conn=1001 op=1 ldap_chain_op: ref="ldap://ldap-master.rz.uni-osnabrueck.de/uid=xmuster,ou=people,dc=uni-osnabrueck,dc=de": URI="ldap://ldap-master.rz.uni-osnabrueck.de" found in cache =>ldap_back_getconn: conn=1001 op=1: lc=0x7f4f201fe6f0 inserted refcnt=1 rc=0 send_ldap_result: conn=1001 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=2 tag=103 err=0 --------------------------- With a quick look I found out, that the function ldap_back_dobind_int in server/slapd/back-ldap/bind.c differs. In 2.4.26 you have: --------------------------- if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) { if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) { /* if we got here, it shouldn't return result */ rc = ldap_back_is_proxy_authz( op, rs, LDAP_BACK_DONTSEND, &binddn, &bindcred );A A assert( rc == 1 ); } rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred ); goto done; } --------------------------- while in 2.4.40 there is: --------------------------- if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) { if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) { /* if we got here, it shouldn't return result */ rc = ldap_back_is_proxy_authz( op, rs, LDAP_BACK_DONTSEND, &binddn,2&bindcred ); if ( rc != 1 ) { Debug( LDAP_DEBUG_ANY, "Error: ldap_back_is_proxy_authz " "returned %d, misconfigured URI?\n", rc, 0, 0 ); rs->sr_err = LDAP_OTHER; rs->sr_text = "misconfigured URI?"; LP_P_BACK_CONN_ISBOUND_CLEAR( lc ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } goto done; } rc = ldap_back_proxy_authz_bind( lc, op, rs, sendok, &binddn, &bindcred ); goto done; } -------------------------- This is where the error message comes from ("misconfigured URI?")

8 years, 5 months

1
0
0 / 0

(ITS#8007) Add option for restricting max entry size

by hyc＠openldap.org

Full_Name: Howard Chu Version: 2.5 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.233.73) Submitted by: hyc Sometimes it would be useful to control how large an entry may be stored.

8 years, 5 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2014