Re: (ITS#8293) ldappasswd error text
by hyc@symas.com
samueldarwin(a)yahoo.com wrote:
> Full_Name: Sam Darwin
> Version: openldap-2.4.31
> OS: Ubuntu 14.04
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.169.106.169)
>
>
> Showing informative error messages is very important, especially with complex
> software. In this case, the error was misleading, so maybe it can be
> updated.
>
> $ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e
> ppolicy
> Enter LDAP Password:
> Result: Constraint violation (19)
> Additional info: Password fails quality checking policy
> control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY=
> ppolicy: error=6 (Password is too short for policy)
>
> It looks like the password is too short, right?
>
> Actually, the problem is completely different, which I discovered after some
> time.
>
> -S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that
> command.
>
> So, the real error was either that no password at all had been provided, or no
> user had been provided, or both. It had not even requested a new password.
> The new password was not too short, it was non-existent, which is something else
> entirely.
>
> So, my request is to make the error reporting more sophisticated here, and any
> place else that is analogous to this case. make the answer a bit more obvious.
Your report is invalid. The ldappasswd(1) manpage clearly states that if you
don't provide a new password, the server will be asked to generate one. In
this particular case, the password the server generated was too short for your
policy.
The manpage also states clearly that if you don't specify [user] DN, it will
change the password of the user that bound to the server.
The error message was correct.
Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
7 years, 7 months
(ITS#8293) ldappasswd error text
by samueldarwin@yahoo.com
Full_Name: Sam Darwin
Version: openldap-2.4.31
OS: Ubuntu 14.04
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.169.106.169)
Showing informative error messages is very important, especially with complex
software. In this case, the error was misleading, so maybe it can be
updated.
$ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e
ppolicy
Enter LDAP Password:
Result: Constraint violation (19)
Additional info: Password fails quality checking policy
control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY=
ppolicy: error=6 (Password is too short for policy)
It looks like the password is too short, right?
Actually, the problem is completely different, which I discovered after some
time.
-S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that
command.
So, the real error was either that no password at all had been provided, or no
user had been provided, or both. It had not even requested a new password.
The new password was not too short, it was non-existent, which is something else
entirely.
So, my request is to make the error reporting more sophisticated here, and any
place else that is analogous to this case. make the answer a bit more obvious.
7 years, 7 months
(ITS#8292) Broken option parsing in tests:ldif-filter
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: 2.4.42
OS:
URL:
Submission from: (NULL) (81.191.45.5)
Submitted by: hallvard
'tests/progs/ldif-filter -s SPEC' fails if SPEC has no 'BACKEND='.
Fixing.
7 years, 7 months
Re: (ITS#8291) ./run -b hdb test007 fails
by michael@stroeder.com
ondra(a)mistotebe.net wrote:
> On Tue, Oct 27, 2015 at 08:24:08AM +0000, michael(a)stroeder.com wrote:
>> Currently this test fails with git master
>> 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2:
>>
>> michael@nb2:.../openldap/tests> ./run -b hdb test007
>> Cleaning up test run directory leftover from previous run.
>> Running ./scripts/test007-slapmodify for hdb...
>> running defines.sh
>> Running slapadd to build slapd database...
>> Testing modify, add, and delete using slapmodify...
>> slapmodify failed (1)!
>>
>> I can provide more logs if needed.
>
> Yes please. I am curious which modify/delete failed as I can't
> reproduce this failure.
Strange: testrun/test.out has zero bytes. :-/
But the DB files are created.
Other tests with -b hdb seem to work ok.
Maybe it's just the test script?
$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working directory clean
Can't see a problem on my side.
BTW: It works with mdb though.
Ciao, Michael.
7 years, 7 months
Re: (ITS#8291) ./run -b hdb test007 fails
by ondra@mistotebe.net
On Tue, Oct 27, 2015 at 08:24:08AM +0000, michael(a)stroeder.com wrote:
> Currently this test fails with git master
> 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2:
>
> michael@nb2:.../openldap/tests> ./run -b hdb test007
> Cleaning up test run directory leftover from previous run.
> Running ./scripts/test007-slapmodify for hdb...
> running defines.sh
> Running slapadd to build slapd database...
> Testing modify, add, and delete using slapmodify...
> slapmodify failed (1)!
>
> I can provide more logs if needed.
Yes please. I am curious which modify/delete failed as I can't
reproduce this failure.
Cheers,
Ondrej
7 years, 7 months
(ITS#8291) ./run -b hdb test007 fails
by michael@stroeder.com
Full_Name: Michael Str.der
Version: master 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2
OS: openSUSE Linux
URL:
Submission from: (NULL) (213.240.180.113)
Currently this test fails with git master
0d9b8ebe4bfe584e796f683be6203d4a4eb421a2:
michael@nb2:/usr/src/michael/openldap-git/master/openldap/tests> ./run -b hdb
test007
Cleaning up test run directory leftover from previous run.
Running ./scripts/test007-slapmodify for hdb...
running defines.sh
Running slapadd to build slapd database...
Testing modify, add, and delete using slapmodify...
slapmodify failed (1)!
I can provide more logs if needed.
7 years, 7 months
(ITS#8290) Our system has occured "Server is unwilling to perform" from slapd when syncrepl rid was changed.
by t-ogura@az.jp.nec.com
Full_Name: Tom Ogura
Version: 2.4.40
OS: Redhat Enterprise Linux 6.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (182.250.250.193)
Our system use LDAP server.
Master server connect two slave nodes , A and B. And, LDAP syncronization
configure as below.
B server <---> Master server <---> A server
rid=27 rid=30 rid=32
Master server is set for LDAP syncronization in slapd.conf.
-----
serverID 30
syncrepl rid=27
provider=ldap://xx.xx.xx.xx
bindmethod=simple
binddn="cn=xxxx"
credentials="xxxx"
searchbase="xxxx"
schemachecking=off
type=refreshAndPersist
retry="2 30 30 +"
syncrepl rid=32
provider=ldap://xx.xx.xx.xx
bindmethod=simple
binddn="cn=xxxx"
credentials="xxxx"
searchbase="xxxx"
schemachecking=off
type=refreshAndPersist
retry="2 30 30 +"
-----
When master server's slapd restart, B server's slapd disconnect to Master
server's slapd.
After master server 's slapd start, B server's slapd made Error log as below and
didn't syncronize to LDAP updating data from B server to master server.
slapd[12491]: do_syncrep2: rid=030 LDAP_RES_SEARCH_RESULT (53) Server is
unwilling to perform
slapd[12491]: do_syncrep2: rid=030 (53) Server is unwilling to perform
slapd[12491]: do_syncrepl: rid=030 rc -2 retrying (23 retries left)
Why did it happen ?
7 years, 7 months
Re: (ITS#8289) slapd seg faults with MOD_INCREMENT on derived attribute
by michael@stroeder.com
The last lines before crash:
562eb075 => access_allowed: delete access to
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount" requested
562eb075 => dn: [5] dc=stroeder,dc=de
562eb075 => acl_get: [5] matched
562eb075 => acl_get: [5] attr oathFailureCount
562eb075 => acl_mask: access to entry
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount"
requested
562eb075 => acl_mask: to all values by "cn=michael
ströder+mail=michael(a)stroeder.com,ou=private,dc=stroeder,dc=de", (=0)
562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de
562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop)
562eb075 <= acl_mask: [1] mask: manage(=mwrscxd)
562eb075 => slap_access_allowed: delete access granted by manage(=mwrscxd)
562eb075 => access_allowed: delete access granted by manage(=mwrscxd)
562eb075 => access_allowed: result not in cache (oathFailureCount)
562eb075 => access_allowed: add access to
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount" requested
562eb075 => dn: [5] dc=stroeder,dc=de
562eb075 => acl_get: [5] matched
562eb075 => acl_get: [5] attr oathFailureCount
562eb075 => acl_mask: access to entry
"cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount"
requested
562eb075 => acl_mask: to value by "cn=michael
ströder+mail=michael(a)stroeder.com,ou=private,dc=stroeder,dc=de", (=0)
562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de
562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop)
562eb075 <= acl_mask: [1] mask: manage(=mwrscxd)
562eb075 => slap_access_allowed: add access granted by manage(=mwrscxd)
562eb075 => access_allowed: add access granted by manage(=mwrscxd)
562eb075 acl: internal mod entryCSN: modify access granted
562eb075 acl: internal mod modifiersName: modify access granted
562eb075 acl: internal mod modifyTimestamp: modify access granted
562eb075 mdb_modify_internal: increment oathFailureCount
Segmentation fault
7 years, 7 months
(ITS#8289) slapd seg faults with MOD_INCREMENT on derived attribute
by michael@stroeder.com
Full_Name:
Version: re24
OS: openSUSE Linux
URL:
Submission from: (NULL) (213.240.180.113)
Attribute type declaration 'bar' with Integer syntax.
'foo' SUP 'bar' makes slapd crash when sending LDAP_MOD_INCREMENT on 'foo'.
LDAP_MOD_INCREMENT on 'foo' works if it's not SUP 'bar' but directly declared
with Integer syntax.
7 years, 7 months