Re: (ITS#7919) slapd would not start with back-ldap database
by dieter@dkluenter.de
Am Tue, 12 Aug 2014 23:24:09 -0700
schrieb Howard Chu <hyc(a)symas.com>:
> dieter(a)dkluenter.de wrote:
> > Full_Name: Dieter
> > Version: 2.4.39
> > OS: openSuse-13.1
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (62.226.250.246)
> >
> >
> > When slapd configured with database ldap only, an error occurs,
> >
> > gdb) bt
> > #0 0x00007ffff7bb8038 in get_token (sp=3Dsp@entry=3D0x7fffffff9590,
> > token_val=3Dtoken_val@entry=3D0x7fffffff9598)
> > at schema.c:1018
> > #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=3Ds@entry=3D0x7
> > <Address 0x7 out of bounds>,
> > code=3Dcode@entry=3D0x7fffffff95f4, errp=3Derrp@entry=3D0x7fffffff=
95f8,
> > flags=3Dflags@entry=3D63) at schema.c:2461
> > #2 0x00005555555e7c1c in register_oc (def=3D0x7 <Address 0x7 out of
> > bounds>, soc=3D0x7ffff30a59d0 <pcocs+112>,
> > dupok=3Ddupok@entry=3D1) at oc.c:917
> > #3 0x00005555555935ee in init_config_ocs
> > (ocs=3Docs@entry=3D0x7ffff30a5960 <pcocs>) at config.c:556
> > #4 0x000055555558bf18 in config_register_schema (ct=3D0x7ffff30a54c0
> > <pccfg>, ocs=3D0x7ffff30a5960 <pcocs>)
> >
> >
> The trace indicates something initializing the proxycache overlay,
> which contradicts your statement that only back-ldap was configured.
Sorry, it is back-ldap with pcache and it seems to be a pcache
problem. When disabling pcache, slapd runs fine.
-Dieter=20
--=20
Dieter Kl=C3=BCnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53=C2=B037'09,95"N
10=C2=B008'02,42"E
6 years, 5 months
Re: (ITS#7918) error building back-ldap
by hyc@symas.com
dieter(a)dkluenter.de wrote:
> Full_Name: Dieter Klünter
> Version: openldap-OPENLDAP_REL_ENG_2_4-b046124
> OS: openSuse-13.1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (93.220.56.191)
>
>
> cd back-ldap; make -w all
> make[3]: Entering directory
> `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap'
> rm -f version.c
> ../../../build/mkversion -v "2.4.X" back_ldap > version.c
> /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
> -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c
Don't define LDAP_DEVEL unless you know what you're doing. Closing this ITS.
> cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
> init.c -o init.o
> /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
> -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c
> cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
> config.c -o config.o
> /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
> -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c
> cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
> search.c -o search.o
> /bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
> -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c
> cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
> bind.c -o bind.o
> bind.c: In function 'ldapack_k_proxy_authz_bind':
> bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this
> function)
> if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) {
> ^
> bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each
> function it appears in
> bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in
> this function)
> ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST;
> ^
> bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in
> this function)
> ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE,
> ^
> bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this
> function)
> } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) {
> ^
> bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this
> function)
> if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) &&
> ^
> make[3]: *** [bind.lo] Fehler 1
> make[3]: Leaving directory
> `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap'
> make[2]: *** [.backend] Fehler 1
> make[2]: Leaving directory
> `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd'
> make[1]: *** [all-common] Fehler 1
> make[1]: Leaving directory
> `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers'
> make: *** [all-common] Fehler 1
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6 years, 5 months
Re: (ITS#7919) slapd would not start with back-ldap database
by hyc@symas.com
dieter(a)dkluenter.de wrote:
> Full_Name: Dieter
> Version: 2.4.39
> OS: openSuse-13.1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (62.226.250.246)
>
>
> When slapd configured with database ldap only, an error occurs,
>
> gdb) bt
> #0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590,
> token_val=token_val@entry=0x7fffffff9598)
> at schema.c:1018
> #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out
> of bounds>,
> code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8,
> flags=flags@entry=63) at schema.c:2461
> #2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>,
> soc=0x7ffff30a59d0 <pcocs+112>,
> dupok=dupok@entry=1) at oc.c:917
> #3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>)
> at config.c:556
> #4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>,
> ocs=0x7ffff30a5960 <pcocs>)
>
>
The trace indicates something initializing the proxycache overlay, which
contradicts your statement that only back-ldap was configured.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6 years, 5 months
(ITS#7919) slapd would not start with back-ldap database
by dieter@dkluenter.de
Full_Name: Dieter
Version: 2.4.39
OS: openSuse-13.1
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.226.250.246)
When slapd configured with database ldap only, an error occurs,
gdb) bt
#0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590,
token_val=token_val@entry=0x7fffffff9598)
at schema.c:1018
#1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out
of bounds>,
code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8,
flags=flags@entry=63) at schema.c:2461
#2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>,
soc=0x7ffff30a59d0 <pcocs+112>,
dupok=dupok@entry=1) at oc.c:917
#3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>)
at config.c:556
#4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>,
ocs=0x7ffff30a5960 <pcocs>)
6 years, 5 months
(ITS#7918) error building back-ldap
by dieter@dkluenter.de
Full_Name: Dieter Klünter
Version: openldap-OPENLDAP_REL_ENG_2_4-b046124
OS: openSuse-13.1
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (93.220.56.191)
cd back-ldap; make -w all
make[3]: Entering directory
`/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap'
rm -f version.c
../../../build/mkversion -v "2.4.X" back_ldap > version.c
/bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
-m64 -I../../../include -I../../../include -I.. -I./.. -c init.c
cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
init.c -o init.o
/bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
-m64 -I../../../include -I../../../include -I.. -I./.. -c config.c
cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
config.c -o config.o
/bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
-m64 -I../../../include -I../../../include -I.. -I./.. -c search.c
cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
search.c -o search.o
/bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3
-m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c
cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c
bind.c -o bind.o
bind.c: In function 'ldapack_k_proxy_authz_bind':
bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this
function)
if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) {
^
bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each
function it appears in
bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in
this function)
ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST;
^
bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in
this function)
ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE,
^
bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this
function)
} else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) {
^
bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this
function)
if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) &&
^
make[3]: *** [bind.lo] Fehler 1
make[3]: Leaving directory
`/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap'
make[2]: *** [.backend] Fehler 1
make[2]: Leaving directory
`/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd'
make[1]: *** [all-common] Fehler 1
make[1]: Leaving directory
`/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers'
make: *** [all-common] Fehler 1
6 years, 5 months
(ITS#7917) LMDB: bug in mdb_dbi_open creating subDB
by hyc@openldap.org
Full_Name: Howard Chu
Version: 2.4
OS: Solaris/Sparc
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.155.233.73)
Submitted by: hyc
mdb_dbi_open may use "dummy" after it has gone out of scope, when creating a new
named subDB. This never caused any problem under gcc, but breaks using the Sun C
compiler when debugging is enabled and optimization is disabled. A fix is coming
shortly.
6 years, 5 months
Re: (ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by quanah@zimbra.com
--On Wednesday, August 06, 2014 11:26 AM +0000 anshman.osc(a)gmail.com wrote:
> Full_Name: Anshuman
> Version: 2.4.23
2.4.23 is 4+ years old. In addition, the ITS system is for filing bugs,
not for asking usage questions. You need to (a) upgrade to a current
release or (b) contact the vendor of your massively out of date packages.
For (a), I suggest packages from either Symas or the LTB project if you are
not able to build OpenLDAP yourself.
This ITS will be closed.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
6 years, 5 months
(ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by anshman.osc@gmail.com
Full_Name: Anshuman
Version: 2.4.23
OS: RHEL 6.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.241.211.15)
Hello,
I am trying to get the ppolicy to lock account after N unsuccessful attempts. To
accomplish this, I defined the overlay policy in slapd.conf, and also attached
the pwdPolicySubentry to the user object.
It is able to detect the password policy, because the number of times
"pwdFailureTime" appears is always 1 less than the value I set for
"pwdMaxFailure" in the password policy.
So, if I set pwdMaxFailure=4, the count pwdFailureTime stops growing after 3.
However, the pwdAccountLockedTime is never set.
Up until release 2.3.x adding a rootdn entry to the slapd.conf solved this
issue. But today we are trying to upgrade to 2.4.23, and this "fix" no longer
works.
Could someone please let me know what needs to be done to make this work?
-- slapd.conf---
# Load dynamic backend modules:
modulepath /usr/lib64/openldap
moduleload ppolicy.la
moduleload auditlog.la
overlay ppolicy
ppolicy_default "cn=Standard,ou=Policies,dc=mycompany,dc=com"
ppolicy_use_lockout
6 years, 5 months
Re: (ITS#7906) segv when changing olcDbDirectory with ppolicy running
by ebackes@symas.com
> While testing out the new mdb_copy compaction, I tried switching a live instance
> to use a different db path via MOD to change olcDbDirectory.
> This results in repeatable segv in ppolicy.c:ppolicy_connection_destroy, where
> conn refers to the correction making the change that is likely in the process of
> disconnecting, and pwcons is NULL.
There are more pwcons hits than just ppolicy_connection_destroy,
looking for the others but at a minimum ppolicy_restrict.
--
Emily Backes
Symas Corporation
ebackes(a)symas.com
6 years, 5 months
Re: (ITS#7915) pcache and translucent crashes OL
by hyc@symas.com
nvoutsin(a)gmail.com wrote:
> Full_Name: Nikos Voutsinas
> Version: 2.4.39
> OS: Debian
> URL: http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(bdb)-pcache(bd... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(bdb)-pcache(bd... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(bdb)-pcache%md... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(bdb)-pcache(md... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(mdb)-pcache(md... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(mdb)-pcache(md... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-trasnlucent(mdb)-pcache(bd... http://users.uoa.gr/~nvoutsin/OpenLdap_ITS/add-translucent(mdb)-pcache(bd...
> Submission from: (NULL) (5.54.11.83)
Thanks for the report, fixed in git master.
> The combination of translucent and pcache overlays crashes OL or makes it
> unresponsive. Any attempt to modify an object on the replica by using the
> following ldif:
>
> dn: uid=joe,dc=foo,dc=com
> changetype: modify
> add: description
> description: first
> -
>
> dn: uid=joe,dc=foo,dc=com
> changetype: modify
> replace: description
> description: second
> -
>
> cause OL to fail either during the modification or on the subsequent operation.
> Specifically, OL behaves differently depending on the type of database backends
> that are used for translucent and pcache DBs, as it is shown below:
>
> translucent db,pcache db: comment
> bdb,bdb: freezes on the second modify op
> bdb,mdb: crashes on the secend modify op (invalid pointer)
> mdb,mdb: completes the modify ops. crashes on the first search on object
> mdb,bdb: completes the modify ops. crashes, if not on the first, then on
> subsequent op
>
> Attached files: a)the cn=config ldif for each of the above cases and b)the
> corresponding debug output during the modification of the user object or if that
> completes during the subsequent search on it.
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6 years, 5 months
