openldap-bugs August 2014

openldap-bugs@openldap.org

16 participants
39 discussions

Re: (ITS#7919) slapd would not start with back-ldap database
by dieter＠dkluenter.de 13 Aug '14

13 Aug '14

Am Tue, 12 Aug 2014 23:24:09 -0700 schrieb Howard Chu <hyc(a)symas.com>: > dieter(a)dkluenter.de wrote: > > Full_Name: Dieter > > Version: 2.4.39 > > OS: openSuse-13.1 > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (62.226.250.246) > > > > > > When slapd configured with database ldap only, an error occurs, > > > > gdb) bt > > #0 0x00007ffff7bb8038 in get_token (sp=3Dsp@entry=3D0x7fffffff9590, > > token_val=3Dtoken_val@entry=3D0x7fffffff9598) > > at schema.c:1018 > > #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=3Ds@entry=3D0x7 > > <Address 0x7 out of bounds>, > > code=3Dcode@entry=3D0x7fffffff95f4, errp=3Derrp@entry=3D0x7fffffff= 95f8, > > flags=3Dflags@entry=3D63) at schema.c:2461 > > #2 0x00005555555e7c1c in register_oc (def=3D0x7 <Address 0x7 out of > > bounds>, soc=3D0x7ffff30a59d0 <pcocs+112>, > > dupok=3Ddupok@entry=3D1) at oc.c:917 > > #3 0x00005555555935ee in init_config_ocs > > (ocs=3Docs@entry=3D0x7ffff30a5960 <pcocs>) at config.c:556 > > #4 0x000055555558bf18 in config_register_schema (ct=3D0x7ffff30a54c0 > > <pccfg>, ocs=3D0x7ffff30a5960 <pcocs>) > > > > > The trace indicates something initializing the proxycache overlay, > which contradicts your statement that only back-ldap was configured. Sorry, it is back-ldap with pcache and it seems to be a pcache problem. When disabling pcache, slapd runs fine. -Dieter=20 --=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E

1 0

Re: (ITS#7918) error building back-ldap
by hyc＠symas.com 12 Aug '14

12 Aug '14

dieter(a)dkluenter.de wrote: > Full_Name: Dieter Klünter > Version: openldap-OPENLDAP_REL_ENG_2_4-b046124 > OS: openSuse-13.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (93.220.56.191) > > > cd back-ldap; make -w all > make[3]: Entering directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' > rm -f version.c > ../../../build/mkversion -v "2.4.X" back_ldap > version.c > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c Don't define LDAP_DEVEL unless you know what you're doing. Closing this ITS. > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > init.c -o init.o > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > config.c -o config.o > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > search.c -o search.o > /bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > bind.c -o bind.o > bind.c: In function 'ldapack_k_proxy_authz_bind': > bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this > function) > if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) { > ^ > bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each > function it appears in > bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in > this function) > ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST; > ^ > bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in > this function) > ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, > ^ > bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this > function) > } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) { > ^ > bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this > function) > if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) && > ^ > make[3]: *** [bind.lo] Fehler 1 > make[3]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' > make[2]: *** [.backend] Fehler 1 > make[2]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd' > make[1]: *** [all-common] Fehler 1 > make[1]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers' > make: *** [all-common] Fehler 1 > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7919) slapd would not start with back-ldap database
by hyc＠symas.com 12 Aug '14

12 Aug '14

dieter(a)dkluenter.de wrote: > Full_Name: Dieter > Version: 2.4.39 > OS: openSuse-13.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (62.226.250.246) > > > When slapd configured with database ldap only, an error occurs, > > gdb) bt > #0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590, > token_val=token_val@entry=0x7fffffff9598) > at schema.c:1018 > #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out > of bounds>, > code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8, > flags=flags@entry=63) at schema.c:2461 > #2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>, > soc=0x7ffff30a59d0 <pcocs+112>, > dupok=dupok@entry=1) at oc.c:917 > #3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>) > at config.c:556 > #4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>, > ocs=0x7ffff30a5960 <pcocs>) > > The trace indicates something initializing the proxycache overlay, which contradicts your statement that only back-ldap was configured. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7919) slapd would not start with back-ldap database
by dieter＠dkluenter.de 12 Aug '14

12 Aug '14

Full_Name: Dieter Version: 2.4.39 OS: openSuse-13.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.226.250.246) When slapd configured with database ldap only, an error occurs, gdb) bt #0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590, token_val=token_val@entry=0x7fffffff9598) at schema.c:1018 #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out of bounds>, code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8, flags=flags@entry=63) at schema.c:2461 #2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>, soc=0x7ffff30a59d0 <pcocs+112>, dupok=dupok@entry=1) at oc.c:917 #3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>) at config.c:556 #4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>, ocs=0x7ffff30a5960 <pcocs>)

1 0

(ITS#7918) error building back-ldap
by dieter＠dkluenter.de 12 Aug '14

12 Aug '14

Full_Name: Dieter Klünter Version: openldap-OPENLDAP_REL_ENG_2_4-b046124 OS: openSuse-13.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (93.220.56.191) cd back-ldap; make -w all make[3]: Entering directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' rm -f version.c ../../../build/mkversion -v "2.4.X" back_ldap > version.c /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c -o init.o /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c -o config.o /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c -o search.o /bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c -o bind.o bind.c: In function 'ldapack_k_proxy_authz_bind': bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this function) if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) { ^ bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each function it appears in bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in this function) ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST; ^ bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in this function) ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, ^ bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this function) } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) { ^ bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this function) if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) && ^ make[3]: *** [bind.lo] Fehler 1 make[3]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' make[2]: *** [.backend] Fehler 1 make[2]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd' make[1]: *** [all-common] Fehler 1 make[1]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers' make: *** [all-common] Fehler 1

1 0

(ITS#7917) LMDB: bug in mdb_dbi_open creating subDB
by hyc＠openldap.org 11 Aug '14

11 Aug '14

Full_Name: Howard Chu Version: 2.4 OS: Solaris/Sparc URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.233.73) Submitted by: hyc mdb_dbi_open may use "dummy" after it has gone out of scope, when creating a new named subDB. This never caused any problem under gcc, but breaks using the Sun C compiler when debugging is enabled and optimization is disabled. A fix is coming shortly.

1 0

Re: (ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by quanah＠zimbra.com 06 Aug '14

06 Aug '14

--On Wednesday, August 06, 2014 11:26 AM +0000 anshman.osc(a)gmail.com wrote: > Full_Name: Anshuman > Version: 2.4.23 2.4.23 is 4+ years old. In addition, the ITS system is for filing bugs, not for asking usage questions. You need to (a) upgrade to a current release or (b) contact the vendor of your massively out of date packages. For (a), I suggest packages from either Symas or the LTB project if you are not able to build OpenLDAP yourself. This ITS will be closed. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by anshman.osc＠gmail.com 06 Aug '14

06 Aug '14

Full_Name: Anshuman Version: 2.4.23 OS: RHEL 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (198.241.211.15) Hello, I am trying to get the ppolicy to lock account after N unsuccessful attempts. To accomplish this, I defined the overlay policy in slapd.conf, and also attached the pwdPolicySubentry to the user object. It is able to detect the password policy, because the number of times "pwdFailureTime" appears is always 1 less than the value I set for "pwdMaxFailure" in the password policy. So, if I set pwdMaxFailure=4, the count pwdFailureTime stops growing after 3. However, the pwdAccountLockedTime is never set. Up until release 2.3.x adding a rootdn entry to the slapd.conf solved this issue. But today we are trying to upgrade to 2.4.23, and this "fix" no longer works. Could someone please let me know what needs to be done to make this work? -- slapd.conf--- # Load dynamic backend modules: modulepath /usr/lib64/openldap moduleload ppolicy.la moduleload auditlog.la overlay ppolicy ppolicy_default "cn=Standard,ou=Policies,dc=mycompany,dc=com" ppolicy_use_lockout

1 0

Re: (ITS#7906) segv when changing olcDbDirectory with ppolicy running
by ebackes＠symas.com 05 Aug '14

05 Aug '14

> While testing out the new mdb_copy compaction, I tried switching a live instance > to use a different db path via MOD to change olcDbDirectory. > This results in repeatable segv in ppolicy.c:ppolicy_connection_destroy, where > conn refers to the correction making the change that is likely in the process of > disconnecting, and pwcons is NULL. There are more pwcons hits than just ppolicy_connection_destroy, looking for the others but at a minimum ppolicy_restrict. -- Emily Backes Symas Corporation ebackes(a)symas.com

1 0

Re: (ITS#7915) pcache and translucent crashes OL
by hyc＠symas.com 04 Aug '14

04 Aug '14

nvoutsin(a)gmail.com wrote: > Full_Name: Nikos Voutsinas > Version: 2.4.39 > OS: Debian > URL: http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(bdb)-pcache(bdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(bdb)-pcache(bdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(bdb)-pcache%mdmd… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(bdb)-pcache(mdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(mdb)-pcache(mdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(mdb)-pcache(mdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(mdb)-pcache(bdb)… http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(mdb)-pcache(bdb)… > Submission from: (NULL) (5.54.11.83) Thanks for the report, fixed in git master. > The combination of translucent and pcache overlays crashes OL or makes it > unresponsive. Any attempt to modify an object on the replica by using the > following ldif: > > dn: uid=joe,dc=foo,dc=com > changetype: modify > add: description > description: first > - > > dn: uid=joe,dc=foo,dc=com > changetype: modify > replace: description > description: second > - > > cause OL to fail either during the modification or on the subsequent operation. > Specifically, OL behaves differently depending on the type of database backends > that are used for translucent and pcache DBs, as it is shown below: > > translucent db,pcache db: comment > bdb,bdb: freezes on the second modify op > bdb,mdb: crashes on the secend modify op (invalid pointer) > mdb,mdb: completes the modify ops. crashes on the first search on object > mdb,bdb: completes the modify ops. crashes, if not on the first, then on > subsequent op > > Attached files: a)the cn=config ldif for each of the above cases and b)the > corresponding debug output during the modification of the user object or if that > completes during the subsequent search on it. > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2014