openldap-bugs

openldap-bugs@openldap.org

1 participants
21003 discussions

Re: (ITS#7168) [PATCH] Fix count constraint when using multiple modifications
by quanah＠zimbra.com 27 Jul '12

27 Jul '12

--On Tuesday, June 19, 2012 5:19 AM +0000 jsynacek(a)redhat.com wrote: > On 06/07/2012 03:00 PM, Howard Chu wrote: >> jsynacek(a)redhat.com wrote: >>> Full_Name: Jan Synacek >>> Version: 2.4.29 >>> OS: Fedora 16 >>> URL: >>> http://jsynacek.fedorapeople.org/openldap/jsynacek-20120216-constraint- >>> count.patch Submission from: (NULL) (209.132.186.34) >>> This patch is broken. See ITS#7340 and discussion on -technical. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7340) Regression in slapo-constraint
by michael＠stroeder.com 27 Jul '12

27 Jul '12

Full_Name: Version: RE24 8a0ce24c5abaf687a41696d988f6a1330128368d OS: URL: Submission from: (NULL) (79.227.171.183) It seems there's a regression in slapo-constraint possibly caused by a patch for ITS#7168. If the client sends valid data which not violates a constraint CONSTRAINT_VIOLATION is returned: delete: departmentNumber departmentNumber: old_number - add: departmentNumber departmentNumber: new_number - It seems turning off only the constraint for departmentNumber does not help. Turning off all constraints makes it work.

1 0

(ITS#7339) back-mdb aborts with online index additions
by hyc＠OpenLDAP.org 26 Jul '12

26 Jul '12

Full_Name: Howard Chu Version: HEAD/RE24 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (37.19.97.21) Submitted by: hyc Already fixed in d1a7fa267bdb9e27777ba87db44034ce83a75084 If new databases are added (such as when adding a new index via cn=config) they may cause additional pages to be dirtied during txn_commit. The pages would be pulled from the freelist. But the updates occurred after the freelist had already been written out, so the new state of the freelist wasn't being saved. Subsequent transactions would abort due to internal corruption.

1 0

(ITS#7338) Problems changing bdb DB_CONFIG parameters using back-config
by mhardin＠symas.com 26 Jul '12

26 Jul '12

Full_Name: Matthew Hardin Version: 2.4.31 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (69.43.206.100) Using back-config to update bdb DB_CONFIG parameters has problems. Changing the parameters with back-config does work, and writes out a new DB_CONFIG file, but a database reopen doesn't occur and therefore the environment is not rebuilt. Furthermore, if one restarts slapd, a checkpoint occurs, which in turn causes mtimes to change in the database and so the rebuild-env-on-dbopen step isn't triggered. The proper sequence should be: close the db write the new DB_CONFIG open the db The checkpoint will take place before DB_CONFIG is written, and on reopen, the environment will be rebuilt.

1 0

(ITS#7337) libmdb can corrupt when reaching maxsize
by hyc＠OpenLDAP.org 26 Jul '12

26 Jul '12

Full_Name: Howard Chu Version: HEAD/RE24 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (37.19.97.21) Submitted by: hyc Already fixed by commit 234cd9dfb54ef2f7f83963d95b6eb8e9735bb372 If the DB maxsize was reached while pruning consumed records from the free list inside mdb_txn_commit, the error was ignored. As a result the txn_commit would return success even though it only partly succeeded. The code is now fixed to abort the txn and return the error code.

1 0

Re: (ITS#7335) Error in slapo-refint man page
by hyc＠symas.com 25 Jul '12

25 Jul '12

riggs(a)umn.edu wrote: > Full_Name: Benjamin Riggs > Version: 2.4.23 > OS: http://ftp.scientificlinux.org/linux/scientific/6x/i386/os/Packages/openlda… > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (128.101.155.71) > > > The slapo-refint man page has only documentation for slapd.conf, not > slapd-config. Normally this wouldn't be a problem, but the configuration > keywords are not the usual map of simply adding 'olc': > > refint_attributes is changed to olcRefintAttribute (no 's'!) > refint_nothing is changed to olcRefintNothing > refint_modifiersname is changed to olcRefintModifiersName That's true. All of the manpages should be updated for cn=config. In that respect this ITS can be combined with ITS#7288. However, we need to decide on how the new information will be presented, to avoid any unnecessary duplication. It's already quite redundant to maintain both the cn=config and slapd.conf chapters of the Admin Guide. Also, the overall issue is an extremely low priority, since all of the schema definitions can simply be read out of the cn=schema,cn=config entry. The slapd-config(5) manpage and Admin Guide already note that all of the schema are present here, so anyone looking for this information should already know to look there. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7225) back-monitor/ldap crash in test020-proxycache
by ondrej.kuznik＠acision.com 25 Jul '12

25 Jul '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have noticed the ITS has not been updated after Pierangelo commited ce54dabb1b69c5b310cfc4ff689bc339f3256e22 and still lists this ITS as broken. Currently back-ldap in master is buildable and passes the relevant tests in the test suite and my manual tests. - -- Ondrej Kuznik -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAQFJIACgkQ9GWxeeH+cXtjgACcDdbtxso5VaK6OjwZ2CsQETTf kR8AniMzHr3uCExS5JugvmRCI5F14RCi =EloX -----END PGP SIGNATURE----- This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.

1 0

Re: (ITS#7182) back-ldap monitoring improvements
by ondrej.kuznik＠acision.com 25 Jul '12

25 Jul '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/07/2012 12:52 PM, h.b.furuseth(a)usit.uio.no wrote: > Howard Chu wrote: >> Also, you're using monitor_entry_stub() directly in the back-ldap >> code. It is forbidden for modules to directly reference each >> other's symbols. If you need this function, add it to >> monitor_extra_t first and call it through there. > > Thus, currently './configure --enable-ldap --disable-monitor' does > not compile in master. I have noticed the ITS has not been updated after Pierangelo commited 11acc75e9ff31ae52b3b8c94b63189b51a764c01 and still lists this ITS as broken. Currently back-ldap in master is buildable and passes the relevant tests in the test suite and my manual tests. - -- Ondrej Kuznik -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAQFCAACgkQ9GWxeeH+cXshQwCdHRGaMyIOCKQk1jVhZ+S40b9R Hl8Ani1snr8svKOInMCEWL69l6EzNRHW =1RuS -----END PGP SIGNATURE----- This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.

1 0

Re: (ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication
by quanah＠zimbra.com 25 Jul '12

25 Jul '12

--On Wednesday, July 25, 2012 12:26 PM +0000 martin.bozic(a)gmail.com wrote: > Full_Name: Martin Bozic > Version: 2.4.23 > OS: CentOS 6.3 > URL: http://pastebin.com/hkPEcBgw > Submission from: (NULL) (2001:1470:f800::370) When filing a bug report, please use the latest version of OpenLDAP, otherwise your report is likely to be ignored. Particularly in this case, given the antiquity of 2.4.23. I would note that there have been numerous, significant fixes to the MozNSS support in OpenLDAP, which is what RHEL chose to link OpenLDAP to instead of the more stable OpenSSL. You may want to look at using saner packages, such as <http://ltb-project.org/wiki/download> --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication
by martin.bozic＠gmail.com 25 Jul '12

25 Jul '12

Full_Name: Martin Bozic Version: 2.4.23 OS: CentOS 6.3 URL: http://pastebin.com/hkPEcBgw Submission from: (NULL) (2001:1470:f800::370) Hello, I've come across a bug that it's not critical but bug none the less. When I'm trying to modify olcTLSVerifyClient via ldapmodify slapd crashes (segmentation fault). Via EXTERNAL everything works without a hitch: ldapmodify -Y EXTERNAL -H ldapi:/// << EOF dn: cn=config changetype: modify replace: olcTLSVerifyClient olcTLSVerifyClient: demand EOF Via TLS connection slapd crashes: ldapmodify -x -H ldaps://ldap.test.com -D cn=admin,cn=config -W << EOF dn: cn=config changetype: modify replace: olcTLSVerifyClient olcTLSVerifyClient: never EOF Configuration in cn=config: dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /usr/share/openldap-servers/slapd.conf.obsolete olcConfigDir: /etc/openldap/slapd.d/ olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcDisallows: bind_anon olcGentleHUP: FALSE olcIdleTimeout: 30 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 128 olcLogLevel: config stats shell filter olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noanonymous,noplain olcSecurity: ssf=128 olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCACertificateFile: /etc/openldap/cacerts/ca.crt olcTLSCACertificatePath: /etc/openldap/certs olcTLSCertificateFile: /etc/openldap/cacerts/slapd.crt olcTLSCertificateKeyFile: /etc/openldap/cacerts/slapd.key olcTLSCipherSuite: HIGH:MEDIUM:-SSLv2 olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 The slapd debug log is pasted in the URL below. Regards, Martin Bozic

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs