Full_Name: Frederic Jacquot
Version: 2.4.40
OS: Ubuntu 14.04.1 LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (134.214.252.20)
Hi,
I think I discovered a bug with OpenLDAP 2.4.40, using an mdb backend.
If you do a simple search request with no pagination and a SingleLevel (1)
scope, everything is ok. But if you enable pagination for the same search, the
base will also be returned in the search results. This breaks RFC 4511,
paragraph 4.5.1.2 (SearchRequest.scope) :
"…
[View More]singleLevel: The scope is constrained to the immediate subordinates of the
entry named by baseObject."
To reproduce the problem, I compiled a fresh OpenLDAP 2.4.40 with --enable-mdb.
I then created a root entry :
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o : my-domain
You can now compare search results.
This is for a simple search :
ldapsearch -s one -h localhost -b "dc=my-domain,dc=com" -w secret -D
"cn=Manager,dc=my-domain,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
Which is ok.
This is the same query with paged results enabled :
ldapsearch -s one -h 134.214.182.252 -b "dc=my-domain,dc=com" -w secret -D
"cn=Manager,dc=my-domain,dc=com" -E pr=100
# extended LDIF
#
# LDAPv3
# base <dc=my-domain,dc=com> with scope oneLevel
# filter: (objectclass=*)
# requesting: ALL
# with pagedResults control: size=100
#
# my-domain.com
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o: my-domain
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAUCAQAEAA==
pagedresults: cookie=
# numResponses: 2
# numEntries: 1
The base object is returned, but shouldn't be.
This behaviour shows an endless recursive directory hierarchy in some LDAP
browsers (sometimes crashing them). It can also create endless loops in some
applications querying the LDAP server (Canon Uniflow in my case).
Regards,
Frederic Jacquot
INSA Lyon
[View Less]
Full_Name: Jonathan Graehl
Version: n/a
OS: n/a
URL: ftp://ftp.openldap.org/incoming/0001-mdb_from_db-new-options-bugfix.patch
Submission from: (NULL) (104.174.227.200)
(see 0001-mdb_from_db-new-options-bugfix.patch)
mdb_from_db utility for direct import from Berkeley DB to mdb
Apparently this can only be distributed in binary form using older berkeley db
versions, but building the utility from source for bulk import should be fine.
Diana.Scannicchio(a)cern.ch wrote:
> Is there anybody that could help on this issue?=20
> this version of openldap is not usable, so I would like to understand which=
> is the problem and if can be fixed.
> Thank you and best regards,
The error message you're referring to was added in the patch for this ITS
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6851;selectid=6851
Check that you've configured appropriate credentials if you're using idassert on the target URI.
…
[View More]>
> Diana
>
>
> On 02 Feb 2015, at 20:56, diana.scannicchio(a)cern.ch wrote:
>
>> Should not, I did not enable it in the slapd.conf.
>> =20
>> Diana
>> =20
>> On 02 Feb 2015, at 20:34, <michael(a)stroeder.com> <michael(a)stroeder.com> w=
> ro=3D
>> te:
>> =20
>>> Is SSL/TLS part of the game?
>>> =3D20
>>> Ciao, Michael.
>>> =3D20
>>> =3D20
>>> =3D20
>>> =3D20
>> =20
>> -
>> Diana Scannicchio
>> University of California, Irvine
>> ATLAS TDAQ SysAdmin group
>> Office: +41 22 76 75240
>> OnCall: 164851
>> =20
>> =20
>> =20
>> =20
>> =20
>> =20
>> =20
>> =20
>> =20
>
> -
> Diana Scannicchio
> University of California, Irvine
> ATLAS TDAQ SysAdmin group
> Office: +41 22 76 75240
> OnCall: 164851
>
>
>
>
>
>
>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[View Less]
peter.driscoll(a)dionglobal.com wrote:
> Full_Name: Peter John Driscoll
> Version: openldap-2.4.40
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (203.3.133.17)
>
>
> Set this option does not turn on debugging.
>
> #define LDAP_DEBUG_ANY 0xffff
> const int optionValue = LDAP_DEBUG_ANY;
> CHECK_RESULT(ldap_set_option(m_ld, LDAP_OPT_DEBUG_LEVEL, &optionValue),
> "ldap_set_option debug level");
The …
[View More]ITS is for actual bug reports, not usage questions. Closing this ITS. Use the -technical mailing list for usage questions.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[View Less]
Is there anybody that could help on this issue?=20
this version of openldap is not usable, so I would like to understand which=
is the problem and if can be fixed.
Thank you and best regards,
Diana
On 02 Feb 2015, at 20:56, diana.scannicchio(a)cern.ch wrote:
> Should not, I did not enable it in the slapd.conf.
>=20
> Diana
>=20
> On 02 Feb 2015, at 20:34, <michael(a)stroeder.com> <michael(a)stroeder.com> w=
ro=3D
> te:
>=20
>> Is SSL/TLS part of the …
[View More]game?
>> =3D20
>> Ciao, Michael.
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>=20
> -
> Diana Scannicchio
> University of California, Irvine
> ATLAS TDAQ SysAdmin group
> Office: +41 22 76 75240
> OnCall: 164851
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
-
Diana Scannicchio
University of California, Irvine
ATLAS TDAQ SysAdmin group
Office: +41 22 76 75240
OnCall: 164851
[View Less]
Tobias.Helfenstein(a)wald-rlp.de wrote:
> sorry, I forgot to say that we have to use the version 2.4.39 from CentOS.
> So we checked out the repo and compiled the latest autogroup source code
> against the CentOS patched 2.4.39 slapd.
Of course, mixing sources can lead to seg faults.
Why didn't you compile the whole 2.4.40 release or even better the RE24 git
branch?
Export the RE24 git branch here:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs/h…
Ciao, Michael.
Hello,=0A=
=0A=
sorry, I forgot to say that we have to use the version 2.4.39 from CentOS.=
=0A=
So we checked out the repo and compiled the latest autogroup source code ag=
ainst the CentOS patched 2.4.39 slapd.=0A=
=0A=
When we tried to compile the autogroup source code provided with CentOS the=
n the module triggers a segmentation fault.=0A=
=0A=
Is it possible that the problem occurs because of the CentOS patches?=0A=
=0A=
Best regards=0A=
Tobias=0A=
________________________________________=…
[View More]0A=
Von: Michael Str=F6der [michael(a)stroeder.com]=0A=
Gesendet: Sonntag, 15. Februar 2015 20:16=0A=
An: Helfenstein, Tobias; openldap-its(a)OpenLDAP.org=0A=
Betreff: Re: (ITS#8058) OpenLDAP: module autogroup (memberof)=0A=
=0A=
tobias.helfenstein(a)wald-rlp.de wrote:=0A=
> Version: 2.4.39=0A=
>=0A=
> we have problems when activating the module autogroup (memberof).=0A=
=0A=
There were several fixes after 2.4.39.=0A=
=0A=
Could you please try RE24 branch from git repo?=0A=
=0A=
Ciao, Michael.=0A=
Mail wurde erfoglreich durch Sophos PureMessage auf Viren gepr=FCft.=
[View Less]
tobias.helfenstein(a)wald-rlp.de wrote:
> Version: 2.4.39
>
> we have problems when activating the module autogroup (memberof).
There were several fixes after 2.4.39.
Could you please try RE24 branch from git repo?
Ciao, Michael.
Full_Name: Tobias Helfenstein
Version: 2.4.39
OS: CentOS 7.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (87.165.195.65)
Hello,
we have problems when activating the module autogroup (memberof). We configured
the module like the described way in the README file.
If we add a new entry to the LDAP tree, the entry is added to the desired group
automatically. This is the expected behavior. We can add entries as much as
possible and there is no problem.
Now, if we delete one of …
[View More]the entries the slapd is very slow and hangs. The
action have to be aborted to continue, there is no debug output. Because of that
we have to restart the slapd daemon. But the restart takes a long time (3+
minutes).
After the restart we can delete only one entry, then the described problem
occurs again.
We think it is a bug an hope you can help us.
Thank you
[View Less]