openldap-bugs April 2017

openldap-bugs@openldap.org

25 participants
116 discussions

(ITS#8639) Remove support for LANMAN
by quanah＠openldap.org 14 Apr '17

14 Apr '17

Full_Name: Quanah Gibson-Mount Version: 2.4.44 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) We should remove support for LANMAN hashes from OpenLDAP starting with the 2.5 release series.

1 0

Re: (ITS#8636) Invalid DESC for deltaCRL schema definition
by quanah＠symas.com 14 Apr '17

14 Apr '17

--On Thursday, April 13, 2017 9:58 AM +0000 james(a)turnersoft.co.uk wrote: > A more appropriate definition would be something like: > > DESC 'RFC2587: delta CRL' Technically RFC2587 has been obsoleted by RFC4523. It looks like the core schema file has never been appropriately updated to reflect this, however. RFC4523 has an explicit DESC field for deltaCRL that's probably better to use. Will discuss with the team to see what we want to do. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8638) Recursive mutex in libldap_r
by hyc＠symas.com 14 Apr '17

14 Apr '17

Ond=C5=99ej Kuzn=C3=ADk wrote: > On Fri, Apr 14, 2017 at 01:14:08PM +0000, hyc(a)symas.com wrote: >> okuznik(a)symas.com wrote: >>> Integrating with libevent, I would find it useful if libldap_r provid= ed a >>> recursive mutex as well, since this is what libevent uses. >> >> You mean libldap_r/rmutex.c ? > > Hmm, I see that now, but is quite heavy weight if this already exists i= n > many implementations natively, often at no cost at all. What if I > renamed the current ldap_pvt_*_rmutex_* functions to ldap_int_* and > deferred to them in the two implementations that can't do recursive > mutexes only? > > This would be an ABI break for rmutex users, other than that, there > seems to be no expectation that two versions of libldap_r compiled > against a different thread implementation should be ABI compatible > already. IMO using recursive mutexes means your code is broken. We introduced thes= e for=20 accesslog.c but in fact we could avoid them at zero cost. Also I don't se= e the=20 relevance of libevent to this discussion. We use our own event mechanism = and=20 it is more efficient than libevent. --=20 -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8638) Recursive mutex in libldap_r
by ondra＠mistotebe.net 14 Apr '17

14 Apr '17

On Fri, Apr 14, 2017 at 01:14:08PM +0000, hyc(a)symas.com wrote: > okuznik(a)symas.com wrote: >> Integrating with libevent, I would find it useful if libldap_r provided a >> recursive mutex as well, since this is what libevent uses. > > You mean libldap_r/rmutex.c ? Hmm, I see that now, but is quite heavy weight if this already exists in many implementations natively, often at no cost at all. What if I renamed the current ldap_pvt_*_rmutex_* functions to ldap_int_* and deferred to them in the two implementations that can't do recursive mutexes only? This would be an ABI break for rmutex users, other than that, there seems to be no expectation that two versions of libldap_r compiled against a different thread implementation should be ABI compatible already. -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP

1 0

Re: (ITS#8638) Recursive mutex in libldap_r
by hyc＠symas.com 14 Apr '17

14 Apr '17

okuznik(a)symas.com wrote: > Full_Name: Ondrej Kuznik > Version: master > OS: > URL: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170414-libldap_r-recursive-… > Submission from: (NULL) (2a02:c7f:2247:ec00:a3e:8eff:fe52:dac5) > > > Integrating with libevent, I would find it useful if libldap_r provided a > recursive mutex as well, since this is what libevent uses. You mean libldap_r/rmutex.c ? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8638) Recursive mutex in libldap_r
by okuznik＠symas.com 14 Apr '17

14 Apr '17

Full_Name: Ondrej Kuznik Version: master OS: URL: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170414-libldap_r-recursive-… Submission from: (NULL) (2a02:c7f:2247:ec00:a3e:8eff:fe52:dac5) Integrating with libevent, I would find it useful if libldap_r provided a recursive mutex as well, since this is what libevent uses. Attached is an implementation. Platforms included: - POSIX (the only one I could test properly) - Win NT (regular mutexes, since they're recursive already, according to the docs) - GNU pth (same as NT, documentation says that all mutexes are recursive) - stub (noop) Not included: - thr_thr.c - not sure what that is - thr_cthreads.c - does not seem to support a recursive thread implementation I'm not sure who still uses the older platforms, I suppose only POSIX and Win NT are being used in the wild? Not that any users should be impacted by this since it's not referenced anywhere in the project yet.

1 0

Re: (ITS#8637) OpenLDAP crashing when defining multiple olcDbURI for chaining
by apgriffiths79＠gmail.com 13 Apr '17

13 Apr '17

--001a113cdaccc819cb054d0ea3dd Content-Type: text/plain; charset=UTF-8 Apologies, I'll avoid pastebin in future. Configuration is as follows: - dn: cn=module,cn=config changetype: add objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: back_ldap.la dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDBURI: "ldap://aws-mldap-01.aws/,ldap://aws-mldap-02.aws/" olcDbIDAssertBind: bindmethod=simple binddn="cn=proxy,dc=abu,dc=inmarsat,dc=com" credentials=XXXXX mode=self dn: olcDatabase={2}mdb,cn=config changetype: modify replace: olcUpdateRef olcUpdateRef: ldap://aws-mldap-01.aws/ olcUpdateRef: ldap://aws-mldap-02.aws/ On 13 April 2017 at 16:01, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Thursday, April 13, 2017 1:06 PM +0000 apgriffiths79(a)gmail.com wrote: > > Full_Name: Alan Griffiths >> Version: 2.4.44 >> OS: Centos 7.3 >> URL: https://pastebin.com/CaVGpfKj >> Submission from: (NULL) (86.22.17.96) >> > > Pastebin's expire. Next time, please provide the information directly in > the ITS. > > I'd also suggest providing the slapd configuration etc that generated the > error. > > --Quanah > > 58ef6698 connection_get(16): got connid=1000 > 58ef6698 connection_read(16): checking for input on id=1000 > ber_get_next > ber_get_next: tag 0x30 len 588 contents: > 58ef6698 op tag 0x63, time 1492084376 > ber_get_next > 58ef6698 conn=1000 op=7 do_search > ber_scanf fmt ({miiiib) ber: > 58ef6698 >>> dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com> > 58ef6698 <<< dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com>, > <dc=abu,dc=inmarsat,dc=com> > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({mm}) ber: > ber_scanf fmt (m) ber: > ber_scanf fmt ({mm}) ber: > ber_scanf fmt ({M}}) ber: > 58ef6698 ==> limits_get: conn=1000 op=7 self="[anonymous]" > this="dc=abu,dc=inmarsat,dc=com" > 58ef6698 => mdb_search > 58ef6698 mdb_dn2entry("dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x1 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 search_candidates: base="dc=abu,dc=inmarsat,dc=com" (0x00000001) > scope=2 > 58ef6698 => mdb_equality_candidates (objectClass) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read: failed (-30798) > 58ef6698 <= mdb_equality_candidates: id=0, first=0, last=0 > 58ef6698 => mdb_equality_candidates (uid) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read 1 candidates > 58ef6698 <= mdb_equality_candidates: id=1, first=17, last=17 > 58ef6698 => mdb_equality_candidates (objectClass) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read 1 candidates > 58ef6698 <= mdb_equality_candidates: id=1, first=17, last=17 > 58ef6698 => mdb_presence_candidates (uidNumber) > 58ef6698 <= mdb_presence_candidates: (uidNumber) not indexed > 58ef6698 mdb_search_candidates: id=1 first=17 last=17 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 => send_search_entry: conn 1000 dn="uid=test1,ou=people,dc=abu > ,dc=inmarsat,dc=com" > ber_flush2: 374 bytes to sd 16 > 58ef6698 <= send_search_entry: conn 1000 exit. > 58ef6698 send_ldap_result: conn=1000 op=7 p=3 > 58ef6698 send_ldap_response: msgid=8 tag=101 err=0 > ber_flush2: 14 bytes to sd 16 > 58ef6698 connection_get(16): got connid=1000 > 58ef6698 connection_read(16): checking for input on id=1000 > ber_get_next > ber_get_next: tag 0x30 len 254 contents: > 58ef6698 op tag 0x63, time 1492084376 > ber_get_next > 58ef6698 conn=1000 op=8 do_search > ber_scanf fmt ({miiiib) ber: > 58ef6698 >>> dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com> > 58ef6698 <<< dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com>, > <dc=abu,dc=inmarsat,dc=com> > ber_scanf fmt ({mm}) ber: > 58ef6698 >>> dnPretty: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > 58ef6698 <<< dnPretty: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > 58ef6698 >>> dnNormalize: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > 58ef6698 <<< dnNormalize: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > ber_scanf fmt ({mm}) ber: > ber_scanf fmt (m) ber: > ber_scanf fmt ({M}}) ber: > 58ef6698 => get_ctrls > ber_scanf fmt ({m) ber: > ber_scanf fmt (m) ber: > 58ef6698 => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical) > ber_scanf fmt ({im}) ber: > 58ef6698 <= get_ctrls: n=1 rc=0 err="" > 58ef6698 ==> limits_get: conn=1000 op=8 self="[anonymous]" > this="dc=abu,dc=inmarsat,dc=com" > 58ef6698 => mdb_search > 58ef6698 mdb_dn2entry("dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x1 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 search_candidates: base="dc=abu,dc=inmarsat,dc=com" (0x00000001) > scope=2 > 58ef6698 => mdb_equality_candidates (objectClass) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read: failed (-30798) > 58ef6698 <= mdb_equality_candidates: id=0, first=0, last=0 > 58ef6698 => mdb_equality_candidates (member) > 58ef6698 <= mdb_equality_candidates: (member) not indexed > 58ef6698 => mdb_equality_candidates (objectClass) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read 1 candidates > 58ef6698 <= mdb_equality_candidates: id=1, first=16, last=16 > 58ef6698 => mdb_presence_candidates (cn) > 58ef6698 => key_read > 58ef6698 <= mdb_index_read 12 candidates > 58ef6698 <= mdb_presence_candidates: id=12 first=2 last=20 > 58ef6698 mdb_search_candidates: id=1 first=16 last=16 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 mdb_search: 16 does not match filter > 58ef6698 send_ldap_result: conn=1000 op=8 p=3 > 58ef6698 send_ldap_response: msgid=9 tag=101 err=0 > ber_flush2: 51 bytes to sd 16 > 58ef6698 slap_listener_activate(7): > 58ef6698 >>> slap_listener(ldap:///) > 58ef6698 connection_get(17): got connid=1002 > 58ef6698 connection_read(17): checking for input on id=1002 > ber_get_next > ber_get_next: tag 0x30 len 29 contents: > 58ef6698 op tag 0x77, time 1492084376 > ber_get_next > 58ef6698 conn=1002 op=0 do_extended > ber_scanf fmt ({m) ber: > 58ef6698 send_ldap_extended: err=0 oid= len=0 > 58ef6698 send_ldap_response: msgid=1 tag=120 err=0 > ber_flush2: 14 bytes to sd 17 > 58ef6698 connection_get(17): got connid=1002 > 58ef6698 connection_read(17): checking for input on id=1002 > 58ef6698 connection_get(17): got connid=1002 > 58ef6698 connection_read(17): checking for input on id=1002 > TLS certificate verification: subject: no certificate, issuer: no > certificate, cipher: AES-256, security level: high, secret key bits: 256, > total key bits: 256, cache hits: 0, cache misses: 3, cache not reusable: 0 > 58ef6698 connection_read(17): unable to get TLS client DN, error=49 id=1002 > 58ef6698 connection_get(17): got connid=1002 > 58ef6698 connection_read(17): checking for input on id=1002 > ber_get_next > ber_get_next: tag 0x30 len 93 contents: > 58ef6698 op tag 0x60, time 1492084376 > ber_get_next > 58ef6698 conn=1002 op=1 do_bind > ber_scanf fmt ({imt) ber: > ber_scanf fmt (m}) ber: > 58ef6698 => get_ctrls > ber_scanf fmt ({m) ber: > 58ef6698 => get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical) > 58ef6698 <= get_ctrls: n=1 rc=0 err="" > 58ef6698 >>> dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc > =inmarsat,dc=com> > 58ef6698 <<< dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com>, > <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > 58ef6698 do_bind: version=3 dn="uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com" > method=128 > 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x11 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 mdb_entry_get: rc=0 > 58ef6698 mdb_dn2entry("cn=test,dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("cn=test,dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x12 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 mdb_entry_get: rc=0 > 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x11 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 send_ldap_result: conn=1002 op=1 p=3 > 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") > 58ef6698 <= mdb_dn2id: got id=0x11 > 58ef6698 => mdb_entry_decode: > 58ef6698 <= mdb_entry_decode > 58ef6698 mdb_entry_get: rc=0 > ldap_url_parse_ext(ldap://aws-mldap-01.aws/) > ldap_url_parse_ext(ldap://aws-mldap-02.aws/) > 58ef6698 send_ldap_result: conn=1002 op=1 p=3 > ldap_url_parse_ext(ldap://aws-mldap-01.aws/uid=test1,ou=peop > le,dc=abu,dc=inmarsat,dc=com) > 58ef6698 >>> dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc > =inmarsat,dc=com> > 58ef6698 <<< dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com>, > <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> > 58ef6698 conn=1002 op=1 ldap_chain_op: ref="ldap://aws-mldap-01.aws/u > id=test1,ou=people,dc=abu,dc=inmarsat,dc=com" -> "ldap://aws-mldap-01.aws" > slapd: chain.c:227: ldap_chain_uri_cmp: Assertion `((&li2->li_bvuri[ 1 > ])->bv_val == ((void *)0))' failed. > Aborted > > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > --001a113cdaccc819cb054d0ea3dd Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Apologies, I'll avoid pastebin in future. = </div>Configuration is as follows: - dn: cn=3Dmodule,cn=3Dconfig changetype: add objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: <a href=3D"http://back_ldap.la">back_ldap.la</a> dn: olcOverlay=3D{0}chain,olcDatabase=3D{-1}frontend,cn=3Dconfi= g changetype: add objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain =C2=A0 dn: olcDatabase=3Dldap,olcOverlay=3D{0}chain,olcDatabase= =3D{-1}frontend,cn=3Dconfig changetype: add objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDBURI: "ldap://aws-mldap-01.aws/,ldap://aws-mldap-02.aws/" olcDbIDAssertBind: bindmethod=3Dsimple =C2=A0 binddn=3D"cn=3Dproxy,dc=3Dabu,dc=3Dinmarsat,dc=3Dcom" =C2=A0 credentials=3DXXXXX =C2=A0 mode=3Dself dn: olcDatabase=3D{2}mdb,cn=3Dconfig changetype: modify replace: olcUpdateRef olcUpdateRef: ldap://aws-mldap-01.aws/ olcUpdateRef: ldap://aws-mldap-02.aws/ </div><div class=3D"gmail_ext= ra"> <div class=3D"gmail_quote">On 13 April 2017 at 16:01, Quanah Gibson= -Mount <<a href=3D"mailto:quanah@symas.com" target=3D"= _blank">quanah(a)symas.com</a>> wrote: <blockquote class=3D"gmai= l_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left= :1ex">--On Thursday, April 13, 2017 1:06 PM +0000 <a href=3D"mailto:apgriff= iths79(a)gmail.com" target=3D"_blank">apgriffiths79(a)gmail.com</a> wrote: <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: Alan Griffiths Version: 2.4.44 OS: Centos 7.3 URL: <a href=3D"https://pastebin.com/CaVGpfKj" rel=3D"noreferrer" target=3D= "_blank">https://pastebin.com/CaVGpfKj</a> Submission from: (NULL) (86.22.17.96) </blockquote> Pastebin's expire.=C2=A0 Next time, please provide the information dire= ctly in the ITS. I'd also suggest providing the slapd configuration etc that generated t= he error. --Quanah 58ef6698 connection_get(16): got connid=3D1000 58ef6698 connection_read(16): checking for input on id=3D1000 ber_get_next ber_get_next: tag 0x30 len 588 contents: 58ef6698 op tag 0x63, time 1492084376 ber_get_next 58ef6698 conn=3D1000 op=3D7 do_search ber_scanf fmt ({miiiib) ber: 58ef6698 >>> dnPrettyNormal: <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom&g= t; 58ef6698 <<< dnPrettyNormal: <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom&g= t;, <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt (m) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: 58ef6698 =3D=3D> limits_get: conn=3D1000 op=3D7 self=3D"[anonymous]= " this=3D"dc=3Dabu,dc=3Dinmarsat,dc=3Dcom" 58ef6698 =3D> mdb_search 58ef6698 mdb_dn2entry("dc=3Dabu,dc=3Dinmarsat,dc=3Dcom") 58ef6698 =3D> mdb_dn2id("dc=3Dabu,dc=3Dinmarsat,dc=3Dcom"= ) 58ef6698 <=3D mdb_dn2id: got id=3D0x1 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 search_candidates: base=3D"dc=3Dabu,dc=3Dinmarsat,dc=3Dco<wbr= >m" (0x00000001) scope=3D2 58ef6698 =3D> mdb_equality_candidates (objectClass) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read: failed (-30798) 58ef6698 <=3D mdb_equality_candidates: id=3D0, first=3D0, last=3D0 58ef6698 =3D> mdb_equality_candidates (uid) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read 1 candidates 58ef6698 <=3D mdb_equality_candidates: id=3D1, first=3D17, last=3D17 58ef6698 =3D> mdb_equality_candidates (objectClass) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read 1 candidates 58ef6698 <=3D mdb_equality_candidates: id=3D1, first=3D17, last=3D17 58ef6698 =3D> mdb_presence_candidates (uidNumber) 58ef6698 <=3D mdb_presence_candidates: (uidNumber) not indexed 58ef6698 mdb_search_candidates: id=3D1 first=3D17 last=3D17 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 =3D> send_search_entry: conn 1000 dn=3D"uid=3Dtest1,ou=3Dp= eople,dc=3Dabu,dc=3Dinmarsat,dc=3Dcom" ber_flush2: 374 bytes to sd 16 58ef6698 <=3D send_search_entry: conn 1000 exit. 58ef6698 send_ldap_result: conn=3D1000 op=3D7 p=3D3 58ef6698 send_ldap_response: msgid=3D8 tag=3D101 err=3D0 ber_flush2: 14 bytes to sd 16 58ef6698 connection_get(16): got connid=3D1000 58ef6698 connection_read(16): checking for input on id=3D1000 ber_get_next ber_get_next: tag 0x30 len 254 contents: 58ef6698 op tag 0x63, time 1492084376 ber_get_next 58ef6698 conn=3D1000 op=3D8 do_search ber_scanf fmt ({miiiib) ber: 58ef6698 >>> dnPrettyNormal: <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom&g= t; 58ef6698 <<< dnPrettyNormal: <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom&g= t;, <dc=3Dabu,dc=3Dinmarsat,dc=3Dcom> ber_scanf fmt ({mm}) ber: 58ef6698 >>> dnPretty: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<wbr= >=3Dinmarsat,dc=3Dcom> 58ef6698 <<< dnPretty: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<wbr= >=3Dinmarsat,dc=3Dcom> 58ef6698 >>> dnNormalize: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<= wbr>=3Dinmarsat,dc=3Dcom> 58ef6698 <<< dnNormalize: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<= wbr>=3Dinmarsat,dc=3Dcom> ber_scanf fmt ({mm}) ber: ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: 58ef6698 =3D> get_ctrls ber_scanf fmt ({m) ber: ber_scanf fmt (m) ber: 58ef6698 =3D> get_ctrls: oid=3D"1.2.840.113556.1.4.319" (noncr= itical) ber_scanf fmt ({im}) ber: 58ef6698 <=3D get_ctrls: n=3D1 rc=3D0 err=3D"" 58ef6698 =3D=3D> limits_get: conn=3D1000 op=3D8 self=3D"[anonymous]= " this=3D"dc=3Dabu,dc=3Dinmarsat,dc=3Dcom" 58ef6698 =3D> mdb_search 58ef6698 mdb_dn2entry("dc=3Dabu,dc=3Dinmarsat,dc=3Dcom") 58ef6698 =3D> mdb_dn2id("dc=3Dabu,dc=3Dinmarsat,dc=3Dcom"= ) 58ef6698 <=3D mdb_dn2id: got id=3D0x1 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 search_candidates: base=3D"dc=3Dabu,dc=3Dinmarsat,dc=3Dco<wbr= >m" (0x00000001) scope=3D2 58ef6698 =3D> mdb_equality_candidates (objectClass) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read: failed (-30798) 58ef6698 <=3D mdb_equality_candidates: id=3D0, first=3D0, last=3D0 58ef6698 =3D> mdb_equality_candidates (member) 58ef6698 <=3D mdb_equality_candidates: (member) not indexed 58ef6698 =3D> mdb_equality_candidates (objectClass) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read 1 candidates 58ef6698 <=3D mdb_equality_candidates: id=3D1, first=3D16, last=3D16 58ef6698 =3D> mdb_presence_candidates (cn) 58ef6698 =3D> key_read 58ef6698 <=3D mdb_index_read 12 candidates 58ef6698 <=3D mdb_presence_candidates: id=3D12 first=3D2 last=3D20 58ef6698 mdb_search_candidates: id=3D1 first=3D16 last=3D16 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 mdb_search: 16 does not match filter 58ef6698 send_ldap_result: conn=3D1000 op=3D8 p=3D3 58ef6698 send_ldap_response: msgid=3D9 tag=3D101 err=3D0 ber_flush2: 51 bytes to sd 16 58ef6698 slap_listener_activate(7): 58ef6698 >>> slap_listener(ldap:///) 58ef6698 connection_get(17): got connid=3D1002 58ef6698 connection_read(17): checking for input on id=3D1002 ber_get_next ber_get_next: tag 0x30 len 29 contents: 58ef6698 op tag 0x77, time 1492084376 ber_get_next 58ef6698 conn=3D1002 op=3D0 do_extended ber_scanf fmt ({m) ber: 58ef6698 send_ldap_extended: err=3D0 oid=3D len=3D0 58ef6698 send_ldap_response: msgid=3D1 tag=3D120 err=3D0 ber_flush2: 14 bytes to sd 17 58ef6698 connection_get(17): got connid=3D1002 58ef6698 connection_read(17): checking for input on id=3D1002 58ef6698 connection_get(17): got connid=3D1002 58ef6698 connection_read(17): checking for input on id=3D1002 TLS certificate verification: subject: no certificate, issuer: no certifica= te, cipher: AES-256, security level: high, secret key bits: 256, total key = bits: 256, cache hits: 0, cache misses: 3, cache not reusable: 0 58ef6698 connection_read(17): unable to get TLS client DN, error=3D49 id=3D= 1002 58ef6698 connection_get(17): got connid=3D1002 58ef6698 connection_read(17): checking for input on id=3D1002 ber_get_next ber_get_next: tag 0x30 len 93 contents: 58ef6698 op tag 0x60, time 1492084376 ber_get_next 58ef6698 conn=3D1002 op=3D1 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 58ef6698 =3D> get_ctrls ber_scanf fmt ({m) ber: 58ef6698 =3D> get_ctrls: oid=3D"1.3.6.1.4.1.42.2.27.8.5.1&quot= ; (noncritical) 58ef6698 <=3D get_ctrls: n=3D1 rc=3D0 err=3D"" 58ef6698 >>> dnPrettyNormal: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,= dc=3Dinmarsat,dc=3Dcom> 58ef6698 <<< dnPrettyNormal: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,= dc=3Dinmarsat,dc=3Dcom>, <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<wb= r>=3Dinmarsat,dc=3Dcom> 58ef6698 do_bind: version=3D3 dn=3D"uid=3Dtest1,ou=3Dpeople,dc=3Dabu<w= br>,dc=3Dinmarsat,dc=3Dcom" method=3D128 58ef6698 mdb_dn2entry("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc=3Dinma= rsat,dc=3Dcom") 58ef6698 =3D> mdb_dn2id("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc= =3Dinmarsat,dc=3Dcom") 58ef6698 <=3D mdb_dn2id: got id=3D0x11 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 mdb_entry_get: rc=3D0 58ef6698 mdb_dn2entry("cn=3Dtest,dc=3Dabu,dc=3Dinmarsat,dc=3Dcom&= quot;) 58ef6698 =3D> mdb_dn2id("cn=3Dtest,dc=3Dabu,dc=3Dinmarsat,dc= =3Dcom") 58ef6698 <=3D mdb_dn2id: got id=3D0x12 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 mdb_entry_get: rc=3D0 58ef6698 mdb_dn2entry("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc=3Dinma= rsat,dc=3Dcom") 58ef6698 =3D> mdb_dn2id("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc= =3Dinmarsat,dc=3Dcom") 58ef6698 <=3D mdb_dn2id: got id=3D0x11 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 send_ldap_result: conn=3D1002 op=3D1 p=3D3 58ef6698 mdb_dn2entry("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc=3Dinma= rsat,dc=3Dcom") 58ef6698 =3D> mdb_dn2id("uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc= =3Dinmarsat,dc=3Dcom") 58ef6698 <=3D mdb_dn2id: got id=3D0x11 58ef6698 =3D> mdb_entry_decode: 58ef6698 <=3D mdb_entry_decode 58ef6698 mdb_entry_get: rc=3D0 ldap_url_parse_ext(ldap://aws-mldap-01.aws/) ldap_url_parse_ext(ldap://aws-mldap-02.aws/) 58ef6698 send_ldap_result: conn=3D1002 op=3D1 p=3D3 ldap_url_parse_ext(ldap://aws-mldap-01.aws/uid=3Dtest1,ou=3Dpeopl= e,dc=3Dabu,dc=3Dinmarsat,dc=3Dcom) 58ef6698 >>> dnPrettyNormal: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,= dc=3Dinmarsat,dc=3Dcom> 58ef6698 <<< dnPrettyNormal: <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,= dc=3Dinmarsat,dc=3Dcom>, <uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc<wb= r>=3Dinmarsat,dc=3Dcom> 58ef6698 conn=3D1002 op=3D1 ldap_chain_op: ref=3D"ldap://aws-mldap-01.= aws/uid=3Dtest1,ou=3Dpeople,dc=3Dabu,dc=3Dinmarsat,dc=3Dcom"= -> "ldap://aws-mldap-01.aws" slapd: chain.c:227: ldap_chain_uri_cmp: Assertion `((&li2->li_bvuri[= 1 ])->bv_val =3D=3D ((void *)0))' failed. Aborted -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <<a href=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">h= ttp://www.symas.com</a>> </blockquote></div> </div> --001a113cdaccc819cb054d0ea3dd--

1 0

Re: (ITS#7401) OpenLDAP 2.4.32 - deadlock issues
by quanah＠symas.com 13 Apr '17

13 Apr '17

Hello Venkatesh, There's been no follow up since 2012, so I will be closing this ITS. I assume the issue was resolved by downgrading BDB. If you still encounter this issue with the current OpenLDAP release, feel free to follow up and I will reopen the ITS. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8637) OpenLDAP crashing when defining multiple olcDbURI for chaining
by quanah＠symas.com 13 Apr '17

13 Apr '17

--On Thursday, April 13, 2017 1:06 PM +0000 apgriffiths79(a)gmail.com wrote: > Full_Name: Alan Griffiths > Version: 2.4.44 > OS: Centos 7.3 > URL: https://pastebin.com/CaVGpfKj > Submission from: (NULL) (86.22.17.96) Pastebin's expire. Next time, please provide the information directly in the ITS. I'd also suggest providing the slapd configuration etc that generated the error. --Quanah 58ef6698 connection_get(16): got connid=1000 58ef6698 connection_read(16): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 588 contents: 58ef6698 op tag 0x63, time 1492084376 ber_get_next 58ef6698 conn=1000 op=7 do_search ber_scanf fmt ({miiiib) ber: 58ef6698 >>> dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com>, <dc=abu,dc=inmarsat,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt (m) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: 58ef6698 ==> limits_get: conn=1000 op=7 self="[anonymous]" this="dc=abu,dc=inmarsat,dc=com" 58ef6698 => mdb_search 58ef6698 mdb_dn2entry("dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x1 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 search_candidates: base="dc=abu,dc=inmarsat,dc=com" (0x00000001) scope=2 58ef6698 => mdb_equality_candidates (objectClass) 58ef6698 => key_read 58ef6698 <= mdb_index_read: failed (-30798) 58ef6698 <= mdb_equality_candidates: id=0, first=0, last=0 58ef6698 => mdb_equality_candidates (uid) 58ef6698 => key_read 58ef6698 <= mdb_index_read 1 candidates 58ef6698 <= mdb_equality_candidates: id=1, first=17, last=17 58ef6698 => mdb_equality_candidates (objectClass) 58ef6698 => key_read 58ef6698 <= mdb_index_read 1 candidates 58ef6698 <= mdb_equality_candidates: id=1, first=17, last=17 58ef6698 => mdb_presence_candidates (uidNumber) 58ef6698 <= mdb_presence_candidates: (uidNumber) not indexed 58ef6698 mdb_search_candidates: id=1 first=17 last=17 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 => send_search_entry: conn 1000 dn="uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com" ber_flush2: 374 bytes to sd 16 58ef6698 <= send_search_entry: conn 1000 exit. 58ef6698 send_ldap_result: conn=1000 op=7 p=3 58ef6698 send_ldap_response: msgid=8 tag=101 err=0 ber_flush2: 14 bytes to sd 16 58ef6698 connection_get(16): got connid=1000 58ef6698 connection_read(16): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 254 contents: 58ef6698 op tag 0x63, time 1492084376 ber_get_next 58ef6698 conn=1000 op=8 do_search ber_scanf fmt ({miiiib) ber: 58ef6698 >>> dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnPrettyNormal: <dc=abu,dc=inmarsat,dc=com>, <dc=abu,dc=inmarsat,dc=com> ber_scanf fmt ({mm}) ber: 58ef6698 >>> dnPretty: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnPretty: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 >>> dnNormalize: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnNormalize: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: 58ef6698 => get_ctrls ber_scanf fmt ({m) ber: ber_scanf fmt (m) ber: 58ef6698 => get_ctrls: oid="1.2.840.113556.1.4.319" (noncritical) ber_scanf fmt ({im}) ber: 58ef6698 <= get_ctrls: n=1 rc=0 err="" 58ef6698 ==> limits_get: conn=1000 op=8 self="[anonymous]" this="dc=abu,dc=inmarsat,dc=com" 58ef6698 => mdb_search 58ef6698 mdb_dn2entry("dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x1 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 search_candidates: base="dc=abu,dc=inmarsat,dc=com" (0x00000001) scope=2 58ef6698 => mdb_equality_candidates (objectClass) 58ef6698 => key_read 58ef6698 <= mdb_index_read: failed (-30798) 58ef6698 <= mdb_equality_candidates: id=0, first=0, last=0 58ef6698 => mdb_equality_candidates (member) 58ef6698 <= mdb_equality_candidates: (member) not indexed 58ef6698 => mdb_equality_candidates (objectClass) 58ef6698 => key_read 58ef6698 <= mdb_index_read 1 candidates 58ef6698 <= mdb_equality_candidates: id=1, first=16, last=16 58ef6698 => mdb_presence_candidates (cn) 58ef6698 => key_read 58ef6698 <= mdb_index_read 12 candidates 58ef6698 <= mdb_presence_candidates: id=12 first=2 last=20 58ef6698 mdb_search_candidates: id=1 first=16 last=16 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 mdb_search: 16 does not match filter 58ef6698 send_ldap_result: conn=1000 op=8 p=3 58ef6698 send_ldap_response: msgid=9 tag=101 err=0 ber_flush2: 51 bytes to sd 16 58ef6698 slap_listener_activate(7): 58ef6698 >>> slap_listener(ldap:///) 58ef6698 connection_get(17): got connid=1002 58ef6698 connection_read(17): checking for input on id=1002 ber_get_next ber_get_next: tag 0x30 len 29 contents: 58ef6698 op tag 0x77, time 1492084376 ber_get_next 58ef6698 conn=1002 op=0 do_extended ber_scanf fmt ({m) ber: 58ef6698 send_ldap_extended: err=0 oid= len=0 58ef6698 send_ldap_response: msgid=1 tag=120 err=0 ber_flush2: 14 bytes to sd 17 58ef6698 connection_get(17): got connid=1002 58ef6698 connection_read(17): checking for input on id=1002 58ef6698 connection_get(17): got connid=1002 58ef6698 connection_read(17): checking for input on id=1002 TLS certificate verification: subject: no certificate, issuer: no certificate, cipher: AES-256, security level: high, secret key bits: 256, total key bits: 256, cache hits: 0, cache misses: 3, cache not reusable: 0 58ef6698 connection_read(17): unable to get TLS client DN, error=49 id=1002 58ef6698 connection_get(17): got connid=1002 58ef6698 connection_read(17): checking for input on id=1002 ber_get_next ber_get_next: tag 0x30 len 93 contents: 58ef6698 op tag 0x60, time 1492084376 ber_get_next 58ef6698 conn=1002 op=1 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 58ef6698 => get_ctrls ber_scanf fmt ({m) ber: 58ef6698 => get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical) 58ef6698 <= get_ctrls: n=1 rc=0 err="" 58ef6698 >>> dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com>, <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 do_bind: version=3 dn="uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com" method=128 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x11 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 mdb_entry_get: rc=0 58ef6698 mdb_dn2entry("cn=test,dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("cn=test,dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x12 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 mdb_entry_get: rc=0 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x11 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 send_ldap_result: conn=1002 op=1 p=3 58ef6698 mdb_dn2entry("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 => mdb_dn2id("uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com") 58ef6698 <= mdb_dn2id: got id=0x11 58ef6698 => mdb_entry_decode: 58ef6698 <= mdb_entry_decode 58ef6698 mdb_entry_get: rc=0 ldap_url_parse_ext(ldap://aws-mldap-01.aws/) ldap_url_parse_ext(ldap://aws-mldap-02.aws/) 58ef6698 send_ldap_result: conn=1002 op=1 p=3 ldap_url_parse_ext(ldap://aws-mldap-01.aws/uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com) 58ef6698 >>> dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 <<< dnPrettyNormal: <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com>, <uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com> 58ef6698 conn=1002 op=1 ldap_chain_op: ref="ldap://aws-mldap-01.aws/uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com" -> "ldap://aws-mldap-01.aws" slapd: chain.c:227: ldap_chain_uri_cmp: Assertion `((&li2->li_bvuri[ 1 ])->bv_val == ((void *)0))' failed. Aborted -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8637) OpenLDAP crashing when defining multiple olcDbURI for chaining
by apgriffiths79＠gmail.com 13 Apr '17

13 Apr '17

Full_Name: Alan Griffiths Version: 2.4.44 OS: Centos 7.3 URL: https://pastebin.com/CaVGpfKj Submission from: (NULL) (86.22.17.96) Adding multiple entries to olcDbURI causes slapd to crash when the ref is first followed with: - 8ef6698 conn=1002 op=1 ldap_chain_op: ref="ldap://aws-mldap-01.aws/uid=test1,ou=people,dc=abu,dc=inmarsat,dc=com" -> "ldap://aws-mldap-01.aws" slapd: chain.c:227: ldap_chain_uri_cmp: Assertion `((&li2->li_bvuri[ 1 ])->bv_val == ((void *)0))' failed. Aborted This appears to be the same issue as reported here http://www.openldap.org/lists/openldap-technical/201409/msg00056.html but in a more recent version. I can re-create in 2.4.40 and 2.4.44. Link to full debug output is provided.

1 0

← Newer
1
2
3
4
5
6
7
8
...
12
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2017