(ITS#8660) slapd segmentation faults (relay backend and rwm overlay)
by nespor@id.ethz.ch
Full_Name: Vlado Nespor
Version: 2.4.44
OS: Red Hat el7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:67c:10ec:32d0::222)
We have experienced random slapd segmentation faults, when the relay
backend and rwm overlay were used in the configuration. After some
time I could reproduce the segmentation fault on a slow client and
with test queries, which were supposed to return a larger set of entries.
I could trace the problem to a wrong pointer in the slap_writewait_play
function in the openldap-2.4.44/servers/slapd/result.c file, and then
further to the openldap-2.4.44/servers/slapd/back-relay/op.c file. After
the addition of the sc_writewait pointer initialisation (see the patch
below), the test queries returned correct results and random slapd
segmentation faults disappeared.
With best regards,
Vlado Nespor
diff -rupN openldap-2.4.44/servers/slapd/back-relay/op.c
openldap-2.4.44_back-relay/servers/slapd/back-relay/op.c
--- openldap-2.4.44/servers/slapd/back-relay/op.c 2016-02-06 00:57:45.000000000
+0100
+++ openldap-2.4.44_back-relay/servers/slapd/back-relay/op.c 2017-02-07
15:09:55.046188340 +0100
@@ -97,6 +97,7 @@ relay_back_response_cb( Operation *op, S
(rcb)->rcb_sc.sc_next = (op)->o_callback; \
(rcb)->rcb_sc.sc_response = relay_back_response_cb; \
(rcb)->rcb_sc.sc_cleanup = 0; \
+ (rcb)->rcb_sc.sc_writewait = 0; \
(rcb)->rcb_sc.sc_private = (op)->o_bd; \
(op)->o_callback = (slap_callback *) (rcb); \
}
3 years, 7 months
Re: (ITS#8659) accesslog man page updates
by michael@stroeder.com
quanah(a)symas.com wrote:
> Seems like it would have been better to leave audit* attrs with slapo-auditlog
I was not aware of a specific schema for slapo-auditlog
(except attribute type 'olcAuditlogFile' for back-config).
Ciao, Michael.
3 years, 8 months
Re: (ITS#8659) accesslog man page updates
by quanah@symas.com
--On Thursday, May 18, 2017 6:10 PM +0200 Michael Str=C3=B6der=20
<michael(a)stroeder.com> wrote:
> quanah(a)symas.com wrote:
>> --On Thursday, May 18, 2017 9:23 AM +0000 elecharny(a)apache.org wrote:
>>> There are some differences between the current slapo-accesslog man =
page,
>>> and the code base :
>>>
>>> - the auditObject ObjectClass is missing the reqEntryUUID AT
>>> - the auditContainer ObjectClass is not described in the man page
>>> - the auditModRDN ObjectClass is missing the reqMod AT
>>
>> I think you mean slapo-auditlog, not slapo-accesslog?
>
> No, Emmanuel is definitely referring to slapo-accesslog.
Yeah, saw that when I grepped the code. Seems like it would have been=20
better to leave audit* attrs with slapo-auditlog and use something else for =
accesslog. Oh well.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3 years, 8 months
Re: (ITS#8659) accesslog man page updates
by michael@stroeder.com
This is a cryptographically signed message in MIME format.
--------------ms020708080809040305030308
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
quanah(a)symas.com wrote:
> --On Thursday, May 18, 2017 9:23 AM +0000 elecharny(a)apache.org wrote:
>> There are some differences between the current slapo-accesslog man pag=
e,
>> and the code base :
>>
>> - the auditObject ObjectClass is missing the reqEntryUUID AT
>> - the auditContainer ObjectClass is not described in the man page
>> - the auditModRDN ObjectClass is missing the reqMod AT
>=20
> I think you mean slapo-auditlog, not slapo-accesslog?
No, Emmanuel is definitely referring to slapo-accesslog.
Ciao, Michael.
--------------ms020708080809040305030308
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CucwggT9MIID5aADAgECAhBFRleVrRF8X5GwbV0tcLCgMA0GCSqGSIb3DQEBCwUAMHUxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll
bnQgQ0EwHhcNMTYwOTE2MDcxNjUxWhcNMTkxMjE2MDcxNjUxWjBEMR0wGwYDVQQDDBRtaWNo
YWVsQHN0cm9lZGVyLmNvbTEjMCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMBt5jtuLXsNQ5U7rBbZit8sknIwz
hfaousT3d/fssQ6qZwe9l1yklILSXVMqI7/bxbiqcd3zrz+imdSlZPrFBHGfh04DZHCfss2F
RwSswGejqP1qE3hPvZi96wFfOMqenpN+pSXqNJ1OPBCJ8a+8ZEioFKoEj3HkCCXjbmezAgms
FuA7aFE9BfjJ2eQKw8B9G8X1FjvOTinYSZ2F+qHpKgywl4HTx0dMnYy+Pwu4DDIHkEaVH+uj
K1/ed76WUEH51mX9m2Xu0onfQlSM3me6EvAAZiIDsCEbF9WttRuJbpfCFo0m2uW7BBugS7EG
Jro1nRSQVnpJyTFgHb5EGMVVAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0l
BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFh1801TSuxT
Nltnv9rOjrZzUUgNMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJKLUnSG1oMG8GCCsGAQUF
BwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsGAQUF
BzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50MS5jcnQwOAYD
VR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVudDEuY3Js
MB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ryb2VkZXIuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tLzBHBgNVHSAEQDA+MDwGCysGAQQBgbU3AQIFMC0wKwYIKwYBBQUH
AgEWH2h0dHBzOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggEB
AKiJ9wpjJeHdEzHDZyqmhn4cHcRj9Ag7ZQK0meq1N3oQ9M1YeVge6vZe20LXojgXsNUQGLSt
1lW2s7fABkL9CF+/RtWznHxlp4YpWX/RgbHBo3uXKNA5JUOjbxQ2+1b1jaTp/FUrSIISAxgd
RpeYAODJ0db1x8Q+l66DtIVjj7ktWISdJWE2Opn4QnaRwdj6n35Rul4S2ikUsmxtGrHLpjRR
XJqbsGa0RZdJyUKlZ2ZRAoRz4jKHOogQcig937sR5Ut2pGOhrScEhgARY2c8Gs2olRTL3pue
mE4vjY0g1Nwr9RzeFwMuasiFh4yD34i6jIRfoNzuLPgydjsJ0grw0akwggXiMIIDyqADAgEC
AhBrp4p9CteI1lEK+Vnk57ThMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0
ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw0xNTEyMTYwMTAwMDVaFw0zMDEyMTYwMTAwMDVaMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC9fdr3w6J9g/Zbgv3bW1+uHht1wLUZr5gkrLtXedg17Ake
fMyUGwrQdvwObhajcVmnKVxhrUwkZPXRAwZZosRHfEIi5FH7x6SV/8Sp5lZEuiMnvMFG2MzL
A84J6Ws5T4NfXZ0qn4TPgnr3X2vPVS51M7Ua9nIJgn8jvTra4eyyQzxvuA/GZwKg7VQfDCmC
S+kICslYYWgXOMt2xlsSslxLce0CGWRsT8EpMyt1iDflSjXZIsE7m1uTyHaKZspMLyIyz6my
Su8j8BWWHpChNNeTrFuhVfrOAyDPFJVUvKZCLKBhibTLloyy+LatoWELrjdI4a8StZY8+dIR
9t4APXGzAgMBAAGjggFkMIIBYDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0
cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRodHRwOi8vYWlh
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFCSBbDlhvkkPj7cbRivJKLUn
SG1oMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMD8GA1UdIAQ4MDYwNAYEVR0g
ADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZI
hvcNAQELBQADggIBAIvj94fsAYuErQ8BAluc4SMnIwS9NPBwAm5SH9uh2NCXTq7im61g7F1L
IiNI/+wq37fUuaMbz4g7VarKQTgf8ubs0p7NZWcIe7Bvem2AWaXBsxsaRTYw5kG3DN8pd1hS
EUuFoTa7DmNeFe8tiK1BrL3rbA/m48jp4AiFXgvxprJrW7izsyetOrRHPbkW4Y07v29MdhaP
v3u1JELyszXqOzjIYo4sWlC8iDQXwgSW/ntvWy2n4LuiaozlCfXl149tKeqvwlvrla2Yklue
/quWp9j9ou4T/OY0CXMuY+B8wNK0ohd2D4ShgFlMSjzAFRoHGKF81snTr2d1A7Ew02oF6UQy
CkC2aNNsK5cWOojBar5c7HplX9aHYUCZouxIeU28SONJAxnATgR4cJ2jrpmYSz/kliUJ46S6
UpVDo/ebn9c6PaM/XtDYCCaM/7XX6wc3s++sbQ7CtCn1Ax7df6ufQbwyO0V+oFa9H0KAsjHM
zcwk3EV2B2NLatidKE/m7G+rB9m+FlVgIiSp0mGlg43QO9Kh1+JqvTCIzv2bJJkmPMLQJNuK
KwHNL8F4GGp6jbAV+WL+LDeGfVcq8DHS3LrD+xyYEXQBiqZEdiPVOMxLDSUCXsDO0uCWpaNQ
8j6y6S9p0xE/Ga0peVLadVHhqf9nXqKaxnr358VgfrxzUIrvOaOjMYIDzDCCA8gCAQEwgYkw
dTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAx
IENsaWVudCBDQQIQRUZXla0RfF+RsG1dLXCwoDANBglghkgBZQMEAgEFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTcwNTE4MTUxMDMzWjAvBgkq
hkiG9w0BCQQxIgQg9jM2o7OgykNVN+x7Wk7o6yyHAhqM5i1ZlIObhnQ+uW0wbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBmgYJKwYB
BAGCNxAEMYGMMIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkw
JwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3Rh
cnRDb20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwgZwGCyqGSIb3DQEJ
EAILMYGMoIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYD
VQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRD
b20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwDQYJKoZIhvcNAQEBBQAE
ggEAXwPJpYHRfcEVgXI6x6aKh5jcpnMv0hE15VTB9wYpvde8y1NXjbC8RrP0K607UXPe/zEO
eg1KbsULDOmxc+/nL1G/mWYQpt9ye+PElCXrBDFPjXKp2rbTI7UD9JlZ0ZoiENvQTW2KO2GD
LwaQuHvQ1I47M19t7Xw9eHktIhOlpe/AUC4fWPJf5Wpd5fjNePOiLYAex/dZvzjJmtyIRQBl
JxiAQofcwDks9GqXbJpl20mWAO3Zz/uWaIKmDZJkzxacl5VF7UBgIAlmBy+bIVnMp4+Rm4e2
SuVkF8cnmArDYDTxagHp48QfcxHOu2wz/MhqEuzqPHOCVZ9XTzFgEOgIaAAAAAAAAA==
--------------ms020708080809040305030308--
3 years, 8 months
Re: (ITS#8659) accesslog man page updates
by quanah@symas.com
--On Thursday, May 18, 2017 9:23 AM +0000 elecharny(a)apache.org wrote:
> Full_Name: Emmanuel Lecharny
> Version: 2.4.45
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (83.202.2.198)
>
>
> There are some differences between the current slapo-accesslog man page,
> and the code base :
>
> - the auditObject ObjectClass is missing the reqEntryUUID AT
> - the auditContainer ObjectClass is not described in the man page
> - the auditModRDN ObjectClass is missing the reqMod AT
I think you mean slapo-auditlog, not slapo-accesslog?
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3 years, 8 months
(ITS#8659) accesslog man page updates
by elecharny@apache.org
Full_Name: Emmanuel Lecharny
Version: 2.4.45
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.202.2.198)
There are some differences between the current slapo-accesslog man page, and the
code base :
- the auditObject ObjectClass is missing the reqEntryUUID AT
- the auditContainer ObjectClass is not described in the man page
- the auditModRDN ObjectClass is missing the reqMod AT
3 years, 8 months
Re: (ITS#8658) Can't change olcTLSCipherSuite
by quanah@symas.com
--On Wednesday, May 17, 2017 9:24 AM +0000 slonvpalto(a)gmail.com wrote:
> Full_Name: Oleg Pekar
> Version: 2.4.31
Please use a current release of OpenLDAP. 2.4.31 is over 5 years old and
hundreds of bugs with cn=config have been fixed since then. If you can
reproduce the issue with a current release, then follow up at that time.
In the meantime, this ITS will be closed.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3 years, 8 months
(ITS#8658) Can't change olcTLSCipherSuite
by slonvpalto@gmail.com
Full_Name: Oleg Pekar
Version: 2.4.31
OS: Ubuntu 14.04
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:420:4482:1252:a136:e35f:4494:428b)
When I try to change olcTLSCipherSuite in LDAP configuration I get the following
error:
root@LDAP-server:/oleg# ldapmodify -Y EXTERNAL -H ldapi:/// -d 1 -f cipher
ldap_url_parse_ext(ldapi:///)
ldap_create
ldap_url_parse_ext(ldapi:///??base)
ldap_sasl_interactive_bind: user selected: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_path
ldap_new_socket: 4
ldap_connect_to_path: Trying /var/run/slapd/ldapi
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_close_socket: 4
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
File "cipher" used for update in the command above:
dn: cn=config
changetype: modify
replace: olcTLSCipherSuite
olcTLSCipherSuite: AES128-SHA
The server is indicated as running:
root@LDAP-server:/oleg# service slapd status
* slapd is running
Therefore I cannot change the cipher that is used by secure LDAP.
Thanks
Oleg
3 years, 8 months