openldap-bugs October 2015

openldap-bugs@openldap.org

27 participants
119 discussions

Re: (ITS#8293) ldappasswd error text
by hyc＠symas.com 27 Oct '15

27 Oct '15

samueldarwin(a)yahoo.com wrote: > Full_Name: Sam Darwin > Version: openldap-2.4.31 > OS: Ubuntu 14.04 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.169.106.169) > > > Showing informative error messages is very important, especially with complex > software. In this case, the error was misleading, so maybe it can be > updated. > > $ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e > ppolicy > Enter LDAP Password: > Result: Constraint violation (19) > Additional info: Password fails quality checking policy > control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY= > ppolicy: error=6 (Password is too short for policy) > > It looks like the password is too short, right? > > Actually, the problem is completely different, which I discovered after some > time. > > -S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that > command. > > So, the real error was either that no password at all had been provided, or no > user had been provided, or both. It had not even requested a new password. > The new password was not too short, it was non-existent, which is something else > entirely. > > So, my request is to make the error reporting more sophisticated here, and any > place else that is analogous to this case. make the answer a bit more obvious. Your report is invalid. The ldappasswd(1) manpage clearly states that if you don't provide a new password, the server will be asked to generate one. In this particular case, the password the server generated was too short for your policy. The manpage also states clearly that if you don't specify [user] DN, it will change the password of the user that bound to the server. The error message was correct. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8293) ldappasswd error text
by samueldarwin＠yahoo.com 27 Oct '15

27 Oct '15

Full_Name: Sam Darwin Version: openldap-2.4.31 OS: Ubuntu 14.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.169.106.169) Showing informative error messages is very important, especially with complex software. In this case, the error was misleading, so maybe it can be updated. $ ldappasswd -D "uid=exampleuser,ou=users,dc=example,dc=net"h h ldap01 -W -e ppolicy Enter LDAP Password: Result: Constraint violation (19) Additional info: Password fails quality checking policy control: 1.3.6.1.4.1.42.2.27.8.5.1 false MAOBAQY= ppolicy: error=6 (Password is too short for policy) It looks like the password is too short, right? Actually, the problem is completely different, which I discovered after some time. -S "uid=exampleuser,ou=users,dc=example,dc=net" should also be added to that command. So, the real error was either that no password at all had been provided, or no user had been provided, or both. It had not even requested a new password. The new password was not too short, it was non-existent, which is something else entirely. So, my request is to make the error reporting more sophisticated here, and any place else that is analogous to this case. make the answer a bit more obvious.

1 0

(ITS#8292) Broken option parsing in tests:ldif-filter
by h.b.furuseth＠usit.uio.no 27 Oct '15

27 Oct '15

Full_Name: Hallvard B Furuseth Version: 2.4.42 OS: URL: Submission from: (NULL) (81.191.45.5) Submitted by: hallvard 'tests/progs/ldif-filter -s SPEC' fails if SPEC has no 'BACKEND='. Fixing.

1 0

Re: (ITS#8291) ./run -b hdb test007 fails
by michael＠stroeder.com 27 Oct '15

27 Oct '15

ondra(a)mistotebe.net wrote: > On Tue, Oct 27, 2015 at 08:24:08AM +0000, michael(a)stroeder.com wrote: >> Currently this test fails with git master >> 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2: >> >> michael@nb2:.../openldap/tests> ./run -b hdb test007 >> Cleaning up test run directory leftover from previous run. >> Running ./scripts/test007-slapmodify for hdb... >> running defines.sh >> Running slapadd to build slapd database... >> Testing modify, add, and delete using slapmodify... >> slapmodify failed (1)! >> >> I can provide more logs if needed. > > Yes please. I am curious which modify/delete failed as I can't > reproduce this failure. Strange: testrun/test.out has zero bytes. :-/ But the DB files are created. Other tests with -b hdb seem to work ok. Maybe it's just the test script? $ git status On branch master Your branch is up-to-date with 'origin/master'. nothing to commit, working directory clean Can't see a problem on my side. BTW: It works with mdb though. Ciao, Michael.

1 0

Re: (ITS#8291) ./run -b hdb test007 fails
by ondra＠mistotebe.net 27 Oct '15

27 Oct '15

On Tue, Oct 27, 2015 at 08:24:08AM +0000, michael(a)stroeder.com wrote: > Currently this test fails with git master > 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2: > > michael@nb2:.../openldap/tests> ./run -b hdb test007 > Cleaning up test run directory leftover from previous run. > Running ./scripts/test007-slapmodify for hdb... > running defines.sh > Running slapadd to build slapd database... > Testing modify, add, and delete using slapmodify... > slapmodify failed (1)! > > I can provide more logs if needed. Yes please. I am curious which modify/delete failed as I can't reproduce this failure. Cheers, Ondrej

1 0

(ITS#8291) ./run -b hdb test007 fails
by michael＠stroeder.com 27 Oct '15

27 Oct '15

Full_Name: Michael Str.der Version: master 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2 OS: openSUSE Linux URL: Submission from: (NULL) (213.240.180.113) Currently this test fails with git master 0d9b8ebe4bfe584e796f683be6203d4a4eb421a2: michael@nb2:/usr/src/michael/openldap-git/master/openldap/tests> ./run -b hdb test007 Cleaning up test run directory leftover from previous run. Running ./scripts/test007-slapmodify for hdb... running defines.sh Running slapadd to build slapd database... Testing modify, add, and delete using slapmodify... slapmodify failed (1)! I can provide more logs if needed.

1 0

Re: (ITS#8289) slapd seg faults with MOD_INCREMENT on derived attribute
by hyc＠symas.com 26 Oct '15

26 Oct '15

michael(a)stroeder.com wrote: > Full_Name: > Version: re24 > OS: openSUSE Linux > URL: > Submission from: (NULL) (213.240.180.113) > > > Attribute type declaration 'bar' with Integer syntax. > > 'foo' SUP 'bar' makes slapd crash when sending LDAP_MOD_INCREMENT on 'foo'. > > LDAP_MOD_INCREMENT on 'foo' works if it's not SUP 'bar' but directly declared > with Integer syntax. > > Fixed now in master -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8290) Our system has occured "Server is unwilling to perform" from slapd when syncrepl rid was changed.
by t-ogura＠az.jp.nec.com 26 Oct '15

26 Oct '15

Full_Name: Tom Ogura Version: 2.4.40 OS: Redhat Enterprise Linux 6.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (182.250.250.193) Our system use LDAP server. Master server connect two slave nodes , A and B. And, LDAP syncronization configure as below. B server <---> Master server <---> A server rid=27 rid=30 rid=32 Master server is set for LDAP syncronization in slapd.conf. ----- serverID 30 syncrepl rid=27 provider=ldap://xx.xx.xx.xx bindmethod=simple binddn="cn=xxxx" credentials="xxxx" searchbase="xxxx" schemachecking=off type=refreshAndPersist retry="2 30 30 +" syncrepl rid=32 provider=ldap://xx.xx.xx.xx bindmethod=simple binddn="cn=xxxx" credentials="xxxx" searchbase="xxxx" schemachecking=off type=refreshAndPersist retry="2 30 30 +" ----- When master server's slapd restart, B server's slapd disconnect to Master server's slapd. After master server 's slapd start, B server's slapd made Error log as below and didn't syncronize to LDAP updating data from B server to master server. slapd[12491]: do_syncrep2: rid=030 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform slapd[12491]: do_syncrep2: rid=030 (53) Server is unwilling to perform slapd[12491]: do_syncrepl: rid=030 rc -2 retrying (23 retries left) Why did it happen ?

1 0

Re: (ITS#8289) slapd seg faults with MOD_INCREMENT on derived attribute
by michael＠stroeder.com 26 Oct '15

26 Oct '15

The last lines before crash: 562eb075 => access_allowed: delete access to "cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount" requested 562eb075 => dn: [5] dc=stroeder,dc=de 562eb075 => acl_get: [5] matched 562eb075 => acl_get: [5] attr oathFailureCount 562eb075 => acl_mask: access to entry "cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount" requested 562eb075 => acl_mask: to all values by "cn=michael ströder+mail=michael(a)stroeder.com,ou=private,dc=stroeder,dc=de", (=0) 562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de 562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 562eb075 <= acl_mask: [1] mask: manage(=mwrscxd) 562eb075 => slap_access_allowed: delete access granted by manage(=mwrscxd) 562eb075 => access_allowed: delete access granted by manage(=mwrscxd) 562eb075 => access_allowed: result not in cache (oathFailureCount) 562eb075 => access_allowed: add access to "cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de" "oathFailureCount" requested 562eb075 => dn: [5] dc=stroeder,dc=de 562eb075 => acl_get: [5] matched 562eb075 => acl_get: [5] attr oathFailureCount 562eb075 => acl_mask: access to entry "cn=test-hotp-token-42,ou=Testing,dc=stroeder,dc=de", attr "oathFailureCount" requested 562eb075 => acl_mask: to value by "cn=michael ströder+mail=michael(a)stroeder.com,ou=private,dc=stroeder,dc=de", (=0) 562eb075 <= check a_group_pat: cn=slapd admins,ou=groups,dc=stroeder,dc=de 562eb075 <= acl_mask: [1] applying manage(=mwrscxd) (stop) 562eb075 <= acl_mask: [1] mask: manage(=mwrscxd) 562eb075 => slap_access_allowed: add access granted by manage(=mwrscxd) 562eb075 => access_allowed: add access granted by manage(=mwrscxd) 562eb075 acl: internal mod entryCSN: modify access granted 562eb075 acl: internal mod modifiersName: modify access granted 562eb075 acl: internal mod modifyTimestamp: modify access granted 562eb075 mdb_modify_internal: increment oathFailureCount Segmentation fault

1 0

(ITS#8289) slapd seg faults with MOD_INCREMENT on derived attribute
by michael＠stroeder.com 26 Oct '15

26 Oct '15

Full_Name: Version: re24 OS: openSUSE Linux URL: Submission from: (NULL) (213.240.180.113) Attribute type declaration 'bar' with Integer syntax. 'foo' SUP 'bar' makes slapd crash when sending LDAP_MOD_INCREMENT on 'foo'. LDAP_MOD_INCREMENT on 'foo' works if it's not SUP 'bar' but directly declared with Integer syntax.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2015