openldap-bugs February 2014

openldap-bugs@openldap.org

16 participants
28 discussions

Re: (ITS#7801) test033-glue-syncrepl with bdb/hdb gets stuck on ppc64
by hyc＠symas.com 28 Feb '14

28 Feb '14

jsynacek(a)redhat.com wrote: > Full_Name: Jan Synacek > Version: 2.4.39 > OS: GNU/Linux > URL: > Submission from: (NULL) (209.132.186.34) > > > I configured openldap with --enable-bdb, --enable-hdb and --enable-mdb. No other > options were used. > Reproduced on a ppc64 system with kernel 3.10.0. > > # ./run -b hdb test033-glue-syncrepl > Cleaning up test run directory leftover from previous run. > Running ./scripts/test033-glue-syncrepl for hdb... > running defines.sh > Running slapadd to build glued slapd databases... > Starting slapd 1 on TCP/IP port 9011... > Using ldapsearch to check that slapd 1 is running... > Starting slapd 2 on TCP/IP port 9012... > Using ldapsearch to check that slapd 2 is running... > Using ldapadd to populate subtree="ou=Information Technology > Division,ou=People,dc=example,dc=com" on port 9011... > Using ldapadd to populate subtree="ou=Groups,dc=example,dc=com" on port 9012... > > After that, there is no output. First thing to look at is a gdb stack trace of both slapds, to see what threads are actually stuck and where. Also look at the log files in the testrun directory to see what was the last operation being performed. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7807) rebind-as-user in slapd-meta not running
by pierangelo.masarati＠polimi.it 28 Feb '14

28 Feb '14

On 02/28/2014 11:00 AM, theedgeu2(a)live.com wrote: > Full_Name: Angel Martinez > Version: 2.4.39 > OS: Red Hat Linux 6.4 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.71.18.36) > > > I'm trying to configure a LDAP proxy with slapd-meta. > > I have several suffixs over several instances that shares the same user > accounts. It's posible that one user had access to several targets. > > The targets are: > > * Users: ou=users, dc=test, dc=com (here resides all accounts) > > * Target1: ou=target1, dc=test, dc=com > > * Target2: ou=target2, dc=test, dc=com > > These 3 suffix are on 3 differents instances. > > The instances where target1 and target2 are also have another suffix: ou=users, > dc=test, dc=com. This suffix is replicated from the first instance (Users) > > Normally, the users connect throught the proxy, but sometimes will connect > directly to the others instances. > > Basically this is the slapd.conf of the proxy: > > database meta > chase-referrals yes > rebind-as-user yes > > suffix "ou=users,dc=test,dc=com" > uri "ldap://192.168.1.34:3891/ou=users,dc=test,dc=com" > > suffix "ou=target1,dc=test,dc=com" > uri "ldap://192.168.1.34:3892/ou=target1,dc=test,dc=com" > > suffix "ou=target2,dc=test,dc=com" > uri "ldap://192.168.1.34:3893/ou=target2,dc=test,dc=com" > > When a user connects to the proxy with cn=user1,ou=users,dc=test,dc=com, the > user is validated against the first target (ou=users) and can search over this > suffix, but if this user try to search something over other target (for example > ou=target1) the proxy does not use the credentials of the user and do an > anonymous bind to target1, so the search doesn't run. > > I thought that rebind-as-user resolve this but doesn't run. > > I've tried using idassert-bind mode=self bindmethod=simple > binddn="cn=adminuser,ou=users,dc=test,dc=com" credentials="password" and runs > ok, but I prefer not to use an administrative account to connect the proxy with > the targets. > > Is there something I'm missing? Yes, you did not read slapd-meta(5) man page. rebind-as-user is used in a totally different context. What you need is idassert-bind. Please direct further conversation to <openldap-technical(a)openldap.org>. This ITS will be closed. p. -- Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano

1 0

(ITS#7808)
by theEdgeU2＠live.com 28 Feb '14

28 Feb '14

I'm sorry but ITS#7807 is the same as this. Regards

1 0

(ITS#7808) rebind-as-user in slapd-meta not running
by theedgeu2＠live.com 28 Feb '14

28 Feb '14

Full_Name: Angel Martinez Version: 2.4.39 OS: Red Hat Linux 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (217.71.18.36) I'm trying to configure a LDAP proxy with slapd-meta. I have several suffixs over several instances that shares the same user accounts. It's posible that one user had access to several targets. The targets are: * Users: ou=users, dc=test, dc=com (here resides all accounts) * Target1: ou=target1, dc=test, dc=com * Target2: ou=target2, dc=test, dc=com These 3 suffix are on 3 differents instances. The instances where target1 and target2 are also have another suffix: ou=users, dc=test, dc=com. This suffix is replicated from the first instance (Users) Normally, the users connect throught the proxy, but sometimes will connect directly to the others instances. Basically this is the slapd.conf of the proxy: database meta chase-referrals yes rebind-as-user yes suffix "ou=users,dc=test,dc=com" uri "ldap://192.168.1.34:3891/ou=users,dc=test,dc=com" suffix "ou=target1,dc=test,dc=com" uri "ldap://192.168.1.34:3892/ou=target1,dc=test,dc=com" suffix "ou=target2,dc=test,dc=com" uri "ldap://192.168.1.34:3893/ou=target2,dc=test,dc=com" When a user connects to the proxy with cn=user1,ou=users,dc=test,dc=com, the user is validated against the first target (ou=users) and can search over this suffix, but if this user try to search something over other target (for example ou=target1) the proxy does not use the credentials of the user and do an anonymous bind to target1, so the search doesn't run. I thought that rebind-as-user resolve this but doesn't run. I've tried using idassert-bind mode=self bindmethod=simple binddn="cn=adminuser,ou=users,dc=test,dc=com" credentials="password" and runs ok, but I prefer not to use an administrative account to connect the proxy with the targets. Is there something I'm missing? Thanks

1 0

(ITS#7807) rebind-as-user in slapd-meta not running
by theedgeu2＠live.com 28 Feb '14

28 Feb '14

1 0

RE: (ITS#7805) fatal region error detected; run recovery
by quanah＠zimbra.com 27 Feb '14

27 Feb '14

--On Thursday, February 27, 2014 8:22 AM +0000 venkatachalam.dk(a)accenture.com wrote: > Hi , > > Below is the LDAP version used in the server , I have provided wrongly , > version is : 2.3.43-12 > > openldap-clients-2.3.43-12.el5 > openldap-2.3.43-12.el5 > openldap-2.3.43-12.el5 OpenLDAP 2.3 reached end of life in 2008. The current supported release series is OpenLDAP 2.4. I.e., you're using a release that hasn't been had any further development in nearly 6 years. I'd strongly advise you to look at the packages from Symas or the LTB project if you are unable to compile OpenLDAP yourself. If you wish to continue using the utterly broken and outdated packages provided by RedHat, then you need to file tickets with RedHat for support. Regards, Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#7805) fatal region error detected; run recovery
by ualex73＠gmail.com 27 Feb '14

27 Feb '14

--001a11c2f5ea1bbd3804f35f38ba Content-Type: text/plain; charset=ISO-8859-1 This is a RedHat supplied version, so you need to contact them for support. 2014-02-27 9:24 GMT+01:00 <venkatachalam.dk(a)accenture.com>: > Hi , > > Below is the LDAP version used in the server , I have provided wrongly , > version is : 2.3.43-12 > > openldap-clients-2.3.43-12.el5 > openldap-2.3.43-12.el5 > openldap-2.3.43-12.el5 > > Thanks > Venkat > > -----Original Message----- > From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] > Sent: 26 February 2014 23:11 > To: Dk, Venkatachalam; openldap-its(a)openldap.org > Subject: Re: (ITS#7805) fatal region error detected; run recovery > > --On Wednesday, February 26, 2014 10:17 AM +0000 > venkatachalam.dk(a)accenture.com wrote: > > > Full_Name: Venkatachalam > > Version: 2.4.3.1 > > There is no such OpenLDAP release. If you are using the build provided by > RHEL, then the correct contact is RedHat. Generally, it is very wise to > avoid RH's build of OpenLDAP. > > --Quanah > > > > -- > > Quanah Gibson-Mount > Architect - Server > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > > > ________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. . > > ______________________________________________________________________________________ > > www.accenture.com > > > > --001a11c2f5ea1bbd3804f35f38ba Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">This is a RedHat supplied version, so you need to contact = them for support. </div><div class=3D"gmail_extra"> <div class=3D= "gmail_quote">2014-02-27 9:24 GMT+01:00 <<a href=3D"m= ailto:venkatachalam.dk@accenture.com" target=3D"_blank">venkatachalam.dk@ac= centure.com</a>>: <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex">Hi , Below is the LDAP version used in the server , I have provided wrongly , ve= rsion is : 2.3.43-12 openldap-clients-2.3.43-12.el5 openldap-2.3.43-12.el5 openldap-2.3.43-12.el5 Thanks Venkat <div><div class=3D"h5"> -----Original Message----- From: Quanah Gibson-Mount [mailto:<a href=3D"mailto:quanah@zimbra.com">quan= ah(a)zimbra.com</a>] Sent: 26 February 2014 23:11 To: Dk, Venkatachalam; <a href=3D"mailto:openldap-its@openldap.org">openlda= p-its(a)openldap.org</a> Subject: Re: (ITS#7805) fatal region error detected; run recovery --On Wednesday, February 26, 2014 10:17 AM +0000 <a href=3D"mailto:venkatac= halam.dk(a)accenture.com">venkatachalam.dk(a)accenture.com</a> wrote: > Full_Name: Venkatachalam > Version: 2.4.3.1 There is no such OpenLDAP release. =A0If you are using the build provided b= y RHEL, then the correct contact is RedHat. =A0Generally, it is very wise t= o avoid RH's build of OpenLDAP. --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: =A0the leader in open source messaging and collaboration </div></div>________________________________ This message is for the designated recipient only and may contain privilege= d, proprietary, or otherwise confidential information. If you have received= it in error, please notify the sender immediately and delete the original.= Any other use of the e-mail by you is prohibited. Where allowed by local l= aw, electronic communications with Accenture and its affiliates, including = e-mail and instant messaging (including content), may be scanned by our sys= tems for the purposes of information security and assessment of internal co= mpliance with Accenture policy. . ___________________________________________________________________________= ___________ <a href=3D"http://www.accenture.com" target=3D"_blank">www.accenture.com</a= > </blockquote></div> </div> --001a11c2f5ea1bbd3804f35f38ba--

1 0

RE: (ITS#7805) fatal region error detected; run recovery
by venkatachalam.dk＠accenture.com 27 Feb '14

27 Feb '14

Hi , Below is the LDAP version used in the server , I have provided wrongly , version is : 2.3.43-12 openldap-clients-2.3.43-12.el5 openldap-2.3.43-12.el5 openldap-2.3.43-12.el5 Thanks Venkat -----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: 26 February 2014 23:11 To: Dk, Venkatachalam; openldap-its(a)openldap.org Subject: Re: (ITS#7805) fatal region error detected; run recovery --On Wednesday, February 26, 2014 10:17 AM +0000 venkatachalam.dk(a)accenture.com wrote: > Full_Name: Venkatachalam > Version: 2.4.3.1 There is no such OpenLDAP release. If you are using the build provided by RHEL, then the correct contact is RedHat. Generally, it is very wise to avoid RH's build of OpenLDAP. --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. . ______________________________________________________________________________________ www.accenture.com

1 0

Re: (ITS#7806) memory leak in contrib/ldapc++/LDAPAsynConnection.cpp
by hyc＠symas.com 26 Feb '14

26 Feb '14

kevpatt(a)khptech.com wrote: > Full_Name: Kevin H. Patterson > Version: git master HEAD > OS: macosx 10.9.1 > URL: http://campus.hartland.edu/temp/0001-fixed-memory-leak-in-LDAPAsynConnectio… > Submission from: (NULL) (65.207.4.130) > > > In libldapcpp, there is a memory leak in the LDAPAsynConnection class. > ldap_initialize() allocates memory which is never freed. This memory (ld > structure) should be freed by a call to ldap_unbind() in the class destructor > and other places where the ld structure is replaced with a new one. > > I have included a patch against git master HEAD below. Thanks for the patch, committed to master. > > --- > >>From c9b4b1a2638eec20f35c2eae31f0471cc61a21ff Mon Sep 17 00:00:00 2001 > From: "Kevin H. Patterson" <kevpatt(a)khptech.com> > Date: Wed, 26 Feb 2014 13:08:24 -0500 > Subject: [PATCH] fixed memory leak in LDAPAsynConnection.cpp > > --- > contrib/ldapc++/src/LDAPAsynConnection.cpp | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/contrib/ldapc++/src/LDAPAsynConnection.cpp > b/contrib/ldapc++/src/LDAPAsynConnection.cpp > index 894f8ba..582d2b5 100644 > --- a/contrib/ldapc++/src/LDAPAsynConnection.cpp > +++ b/contrib/ldapc++/src/LDAPAsynConnection.cpp > @@ -43,7 +43,10 @@ LDAPAsynConnection::LDAPAsynConnection(const string& url, int > port, > this->setConstraints(cons); > } > > -LDAPAsynConnection::~LDAPAsynConnection(){} > +LDAPAsynConnection::~LDAPAsynConnection(){ > + unbind(); > + delete m_constr; > +} > > void LDAPAsynConnection::init(const string& hostname, int port){ > DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::init" << endl); > @@ -51,6 +54,8 @@ void LDAPAsynConnection::init(const string& hostname, int > port){ > " hostname:" << hostname << endl > << " port:" << port << endl); > > + unbind(); > + > m_uri.setScheme("ldap"); > m_uri.setHost(hostname); > m_uri.setPort(port); > @@ -66,6 +71,8 @@ void LDAPAsynConnection::init(const string& hostname, int > port){ > } > > void LDAPAsynConnection::initialize(const std::string& uri){ > + unbind(); > + > m_uri.setURLString(uri); > int ret = ldap_initialize(&cur_session, m_uri.getURLString().c_str()); > if ( ret != LDAP_SUCCESS ) { > @@ -277,6 +284,7 @@ void LDAPAsynConnection::unbind(){ > > void LDAPAsynConnection::setConstraints(LDAPConstraints *cons){ > DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setConstraints()" << endl); > + delete m_constr; > m_constr=cons; > } > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7806) memory leak in contrib/ldapc++/LDAPAsynConnection.cpp
by kevpatt＠khptech.com 26 Feb '14

26 Feb '14

Full_Name: Kevin H. Patterson Version: git master HEAD OS: macosx 10.9.1 URL: http://campus.hartland.edu/temp/0001-fixed-memory-leak-in-LDAPAsynConnectio… Submission from: (NULL) (65.207.4.130) In libldapcpp, there is a memory leak in the LDAPAsynConnection class. ldap_initialize() allocates memory which is never freed. This memory (ld structure) should be freed by a call to ldap_unbind() in the class destructor and other places where the ld structure is replaced with a new one. I have included a patch against git master HEAD below. --- >From c9b4b1a2638eec20f35c2eae31f0471cc61a21ff Mon Sep 17 00:00:00 2001 From: "Kevin H. Patterson" <kevpatt(a)khptech.com> Date: Wed, 26 Feb 2014 13:08:24 -0500 Subject: [PATCH] fixed memory leak in LDAPAsynConnection.cpp --- contrib/ldapc++/src/LDAPAsynConnection.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/ldapc++/src/LDAPAsynConnection.cpp b/contrib/ldapc++/src/LDAPAsynConnection.cpp index 894f8ba..582d2b5 100644 --- a/contrib/ldapc++/src/LDAPAsynConnection.cpp +++ b/contrib/ldapc++/src/LDAPAsynConnection.cpp @@ -43,7 +43,10 @@ LDAPAsynConnection::LDAPAsynConnection(const string& url, int port, this->setConstraints(cons); } -LDAPAsynConnection::~LDAPAsynConnection(){} +LDAPAsynConnection::~LDAPAsynConnection(){ + unbind(); + delete m_constr; +} void LDAPAsynConnection::init(const string& hostname, int port){ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::init" << endl); @@ -51,6 +54,8 @@ void LDAPAsynConnection::init(const string& hostname, int port){ " hostname:" << hostname << endl << " port:" << port << endl); + unbind(); + m_uri.setScheme("ldap"); m_uri.setHost(hostname); m_uri.setPort(port); @@ -66,6 +71,8 @@ void LDAPAsynConnection::init(const string& hostname, int port){ } void LDAPAsynConnection::initialize(const std::string& uri){ + unbind(); + m_uri.setURLString(uri); int ret = ldap_initialize(&cur_session, m_uri.getURLString().c_str()); if ( ret != LDAP_SUCCESS ) { @@ -277,6 +284,7 @@ void LDAPAsynConnection::unbind(){ void LDAPAsynConnection::setConstraints(LDAPConstraints *cons){ DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setConstraints()" << endl); + delete m_constr; m_constr=cons; } -- 1.8.3.4 (Apple Git-47)

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2014