openldap-bugs October 2015

openldap-bugs@openldap.org

27 participants
119 discussions

ITS#8267
by ingo.voss＠gmail.com 11 Oct '15

11 Oct '15

Hello, after rereading, I=E2=80=99ve made a few changes in the manual page, so tha= t the old tar package can be discarded. Please use instead the old package now: ftp://ftp.openldap.org/incoming/contrib-slapd-modules-unicodepw-151011.tar Thanks, kindly regards Ingo Voss

1 0

(ITS#8268) slapd-ldap quarantine, per configuration retries fail
by nvoutsin＠gmai.com 11 Oct '15

11 Oct '15

Full_Name: Nikos Voutsinas Version: 2.4.42 OS: Solaris/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.38.193.214) Hi, In a 4-nodes MMR deployment with a 2-nodes LDAP Proxy Front-ends, we have repeatedly noticed that whenever the connection recovery method falls into the quarantine code, it fails. i.e. when all the back-end ldap servers become unavailable, for some reason, slapd-ldap fails to follow the retry scheme that is dictated by olcDbQuarantine. In our case we set olcDbQuarantine to: 10,30;60,+ and when we got a temporary network timeout from all back-end ldap server this is what we saw in the slapd logs. Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0 ldap_back_retry: retrying URI="ldap://back01 ldap://back02" DN="" Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0: ldap_back_quarantine enter. Oct 7 21:31:08 proxy slapd[330]: conn=632759 op=0: ldap_back_getconn quarantine retry block #0 try #0. After that the only method to recover was either to restart the whole process or reset the value of olcDbQuarantine. Thanks, Nikos

1 0

(ITS#8267) contributing a new overlay unicodepw
by ingo.voss＠gmail.com 10 Oct '15

10 Oct '15

Full_Name: Ingo Voss Version: OS: URL: ftp://ftp.openldap.org/incoming/contrib-slapd-modules-unicodepw.tar Submission from: (NULL) (78.53.86.212) Hello, I wrote a small overlay, that restricts all LDAP modification requests, so that only password changes for MS unicodePwd are possible. All other LDAP requests will not be observed. If someone needs a read-only proxy (in a e.g. dmz) for an MS Active Directory, but password changes must be possible, then unicodepw is the right overlay. For more informations, a manual page is included. Kindly regards Ingo Voss

1 0

(ITS#8266) empty ldapmodify refused with slapo-unique
by geert＠hendrickx.be 08 Oct '15

08 Oct '15

Full_Name: Geert Hendrickx Version: 2.4.42 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.123.14.2) When slapo-unique constraints are in effect, it seems empty updates are no longer allowed: $ ldapmodify -x -h localhost -D cn=Manager,dc=my-domain,dc=com -w secret dn: cn=test1,dc=my-domain,dc=com changetype: modifyA%A modifying entry "cn=test1,dc=my-domain,dc=com" ldap_modify: Invalid syntax (21) additional info: unique_modify() got null op.orm_modlist Why is this considered invalid syntax? Without slapo-unique constraint, empty updates like these are accepted.

1 0

Re: (ITS#8263) Broken cursor tracking in mdb_cursor_put()
by h.b.furuseth＠usit.uio.no 07 Oct '15

07 Oct '15

On 07/10/15 07:37, Howard Chu wrote: > Note: It's tempting to just merge the new xcursor_init2 function into > xcursor_init1 since they're very similar, but that's a bad idea. The > xcursor_init1 function really is meant for init'ing an unused cursor; > it's expected that immediately after, a full cursor-positioning action > will occur. > > xcursor_init2 is meant for xcursors that have already been positioned, > in which case their physical position is updated in order to keep their > logical position unchanged. Maybe you should document that in the code instead of in a mail message.

1 0

Re: (ITS#8263) Broken cursor tracking in mdb_cursor_put()
by hyc＠symas.com 07 Oct '15

07 Oct '15

h.b.furuseth(a)usit.uio.no wrote: > Full_Name: Hallvard B Furuseth > Version: mdb.master, 8b46dcc26d1e9897ab1da3a4a164cad4a4479a52 > OS: Linux x86_64 > URL: ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-151005.c > Submission from: (NULL) (81.191.45.5) > Submitted by: hallvard > > > The test program catches several cursor tracking bugs. > It works when the DUPSORT sub-DB is created immediately: Yes, when using a fake page we init the subcursor with the fake page. When using a full sub-DB we left the subcursor pointing to the sub-DB but otherwise uninit'd. > > $ ./a.out 1500 > mn_flags = 6 <repeated 22 times> Fixed now in mdb.master. Note: It's tempting to just merge the new xcursor_init2 function into xcursor_init1 since they're very similar, but that's a bad idea. The xcursor_init1 function really is meant for init'ing an unused cursor; it's expected that immediately after, a full cursor-positioning action will occur. xcursor_init2 is meant for xcursors that have already been positioned, in which case their physical position is updated in order to keep their logical position unchanged. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8265) RFE: resultCode counters in cn=monitor
by michael＠stroeder.com 06 Oct '15

06 Oct '15

Full_Name: Michael Str.der Version: HEAD OS: URL: Submission from: (NULL) (84.181.161.13) It would be handy especially for security monitoring if one could observe counters for several result codes in cn=monitor. E.g. correlating the number of bind requests with 49 counter is much easier and gives better performance than extracting log lines (if those are available at all). Maybe a tree like this: cn=monitor cn=Results monitoredResultCode=0 monitoredInfo: <counter> monitoredResultCode=49 monitoredInfo: <counter> This should probably configurable because there are so many also custom result code: database monitor monitor_resultcodes 0,49

1 0

Re: (ITS#8264) LMDB mdb_del in a cursor causes data loss in certain situations
by hyc＠symas.com 06 Oct '15

06 Oct '15

hyc(a)symas.com wrote: > Unable to reproduce. Ah, the error went away if you reran with an existing DB. After deleting the DB the problem showed up. Fixed now in mdb.master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8264) LMDB mdb_del in a cursor causes data loss in certain situations
by hyc＠symas.com 06 Oct '15

06 Oct '15

malyn(a)strangeGizmo.com wrote: > Full_Name: Michael Alyn Miller > Version: LMDB 0.9.14, Git head > OS: Windows 8.1 x64, NixOS 14.12 x64 > URL: ftp://ftp.openldap.org/incoming/michael-alyn-miller-151005.c > Submission from: (NULL) (96.251.78.237) > > > I have a helper library that sits on top of LMDB and testing some of the > abstractions in that library has exposed a bug in LMDB related to deleting items > while inside of a cursor. I have reduced the repro down to a test case that > operates directly against LMDB. > > The test in question adds three groups of keys to the database (each with a > different prefix) and then deletes the third group of keys. The deletion is > done by scanning all of the keys with that prefix using a cursor. > mdb_cursor_del works correctly and deletes only the targeted keys, whereas > mdb_del causes nine extra keys (not in that group/prefix) to be deleted. > I have tested this code against LMDB 0.9.14 and Git head 8b46dcc. Please let me > know if you need any additional information. Thank you for your time! Unable to reproduce. violino:~/OD/mdb/libraries/liblmdb> gcc -g -c michael-alyn-miller-151005.c violino:~/OD/mdb/libraries/liblmdb> gcc -o mic michael-alyn-miller-151005.o -pthread liblmdb.a violino:~/OD/mdb/libraries/liblmdb> ./mic Num items after deletion using mdb_cursor_del: 44 (correct) Num items after deletion using mdb_del: 44 (correct) violino:~/OD/mdb/libraries/liblmdb> git log commit 8b46dcc26d1e9897ab1da3a4a164cad4a4479a52 Author: Howard Chu <hyc(a)openldap.org> Date: Sun Oct 4 01:56:25 2015 +0100 ITS#8258 fix rebalance/split The tree height can also increase during rebalance, not just shrink. This can happen if update_key needs to split a parent branch page. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8264) LMDB mdb_del in a cursor causes data loss in certain situations
by malyn＠strangeGizmo.com 06 Oct '15

06 Oct '15

Full_Name: Michael Alyn Miller Version: LMDB 0.9.14, Git head OS: Windows 8.1 x64, NixOS 14.12 x64 URL: ftp://ftp.openldap.org/incoming/michael-alyn-miller-151005.c Submission from: (NULL) (96.251.78.237) I have a helper library that sits on top of LMDB and testing some of the abstractions in that library has exposed a bug in LMDB related to deleting items while inside of a cursor. I have reduced the repro down to a test case that operates directly against LMDB. The test in question adds three groups of keys to the database (each with a different prefix) and then deletes the third group of keys. The deletion is done by scanning all of the keys with that prefix using a cursor. mdb_cursor_del works correctly and deletes only the targeted keys, whereas mdb_del causes nine extra keys (not in that group/prefix) to be deleted. Note that most of my test runs (with different test data) do not exhibit this behavior: the targeted keys, and only the targeted keys, are deleted as expected. Something about these specific keys and values triggers the bug. I assume that other keys will also trigger the bug, but these are the ones that I have converted into an LMDB-based test. The referenced test runs twice: once with mdb_cursor_del and once with mdb_del. You can mdb_dump the data before and after each deletion to see the extra keys that are being removed. The incorrectly deleted keys are all consecutive and begin with 02000000000000003a; the nine keys after and including 02...3aa4... are the ones that are incorrectly deleted. Only keys beginning with 03000000000000003a should have been deleted (so it is interesting to note that the nine keys immediately preceding the targeted keys were the ones that were incorrectly deleted). Is it valid to delete keys with mdb_del while inside of a cursor? If not, then ignore this bug report and I will modify my helper library. That said, I do expose more than just delete to my callers during cursor scans (they can mdb_put new items during a scan), which is why my library uses mdb_del and not mdb_cursor_del in this scenario. I have tested this code against LMDB 0.9.14 and Git head 8b46dcc. Please let me know if you need any additional information. Thank you for your time!

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2015