openldap-bugs

openldap-bugs@openldap.org

1 participants
20966 discussions

Re: (ITS#6598) EXOP to return number of children of a (sub)tree
by hyc＠symas.com 21 Jul '10

21 Jul '10

quanah(a)zimbra.com wrote: > Full_Name: Quanah Gibson-Mount > Version: NA > OS: NA > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (75.111.45.108) > > > It would be extremely useful to have an extended operation that allows querying > the number of children of a given (sub)tree, so that one can avoid iterating > through the entire subtree to determine this number. > Might as well ask for the numSubordinates operational attribute to be implemented instead, this doesn't seem to merit a new exop. And for numSubordinates, see the -devel archives for why we chose not to implement it. In either case, the server still needs to iterate over all entries internally, and the result has to take ACLs and entry disclosure into account. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#6598) EXOP to return number of children of a (sub)tree
by quanah＠zimbra.com 21 Jul '10

21 Jul '10

Full_Name: Quanah Gibson-Mount Version: NA OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108) It would be extremely useful to have an extended operation that allows querying the number of children of a given (sub)tree, so that one can avoid iterating through the entire subtree to determine this number.

1 0

(ITS#6595) Patch - Mozilla NSS - delay token auth until needed
by rmeggins＠redhat.com 20 Jul '10

20 Jul '10

Full_Name: Rich Megginson Version: 2.4.23 OS: Fedora URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-initauthtoken.patch Submission from: (NULL) (76.113.111.209) The code was doing all of the authentications to all of the tokens during the init phase. This was causing problems with NSS cert/key clients, prompting for the cert/key db password, when it isn't needed, since it is only needed to get private key information. The patch is to just remove the token authentication during init. The code already authenticates to the token when private key information is needed e.g. running in TLS/SSL server mode, or using client cert auth. This patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Red Hat. Red Hat has not assigned rights and/or interest in this work to any party. I, Rich Megginson am authorized by Red Hat, my employer, to release this work under the following terms. Red Hat hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

Re: (ITS#6592) slapadd allows objects with objectClass doublets
by masarati＠aero.polimi.it 20 Jul '10

20 Jul '10

slapd(8) can handle those occurrences. slapadd(8) is intended to load LDIF files generated by slapcat(8), thus presumably consistent. In general, it deals with the most obvious errors. I don't think asking slapadd to perform these checks is a good idea, as it would slow it down without real benefit: if an error is caught, you would need to restart, wasting all the actual write effort. A sanity check tool for unreliable LDIF would probably be more appropriate. p.

1 0

(ITS#6592) slapadd allows objects with objectClass doublets
by kolbjorn.barmen＠uninett.no 20 Jul '10

20 Jul '10

Full_Name: Kolbjørn Barmen Version: 2.4.23 OS: Linux, Debian Lenny URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:700:1:0:158:38:62:199) I had problems getting syncrepl working, and it the culpit turned out to be doublets of "objectClass: organizationalRole" for given objects. This seems to not have been a problem with old 2.3.30 with old replication mechanics, but for syncrepl it seems critical. When upgrading from 2.3.30 to 2.4.23 slapcat/slapadd was used. Example from ldif: dn: cn=admin,dc=foo,dc=no objectClass: organizationalRole objectClass: top objectClass: simpleSecurityObject objectClass: organizationalRole ... It would be very helpfull if slapadd could detect such obvious fail in ldif-data and spit a warning (when not using -q at least).

1 0

Re: (ITS#6591) Openldap 2.4.16 with BDB 4.7.25 slapd 200% issue
by quanah＠zimbra.com 20 Jul '10

20 Jul '10

--On Monday, July 19, 2010 10:37 PM +0000 dsbrar16(a)yahoo.com wrote: > Full_Name: Devender Singh > Version: 2.4.16 > OS: RHEL5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (122.180.61.218) The ITS system is for submitting bugs, not asking for help. As I already told you in email, use the openldap-technical(a)openldap.org mailing list for your questions about how to properly use and tune OpenLDAP. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6475) SASL OTP and syncrepl
by manu＠netbsd.org 19 Jul '10

19 Jul '10

Daniel Pluta <daniel(a)pluta.biz> wrote: > As I'm not (yet ;-)) an OTP-expert I have not tested any further because > I currently just don't know how to calculate the one-time password based > on the challenge ... skey(1) can do it for you. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu(a)netbsd.org

1 0

(ITS#6591) Openldap 2.4.16 with BDB 4.7.25 slapd 200% issue
by dsbrar16＠yahoo.com 19 Jul '10

19 Jul '10

Full_Name: Devender Singh Version: 2.4.16 OS: RHEL5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (122.180.61.218) Hi All, I need help for openldap slapd 200% cpu utilization issue. I have configured three openldap servers(2 Masters and 1 Slave). I have configure PEN load balancer for failover setup on 2 master openldap servers.It means application server first of all hit the loadbalancer port and than PEN LB will forwad that request to Master 1 or 2 openldap server. Hardware configuration on all boxes: OS: RHEL5(x86_64) RAM: 2GB Number of CPU: 2(Intel(R) Xeon(R)2.00GHz) Number of BDB databases: 2 Databse1: Number of users : 830000 Number of dns: 830000 Database2: Number of users: 2000 Number of dns: 800000 My Application1 using Databse1 and Application2 using Databse2. Application2 just authenticating the users and store last 10 password history only, It means Application1 is not using openldap too much. In Application2(90% dependent on openldap) every user have 1000+ sub leafs entries. when I want to do major changes(number of leafs write) into this, its got hanged and got socket closed error in application logs and CPU utilization goes 200% and RAM 52%. My DB_CONFIG file is below: # $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $ # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. # # See the Oracle Berkeley DB documentation # <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_co…> # for detail description of DB_CONFIG syntax and semantics. # # Hints can also be found in the OpenLDAP Software FAQ # <http://www.openldap.org/faq/index.cgi?file=2> # in particular: # <http://www.openldap.org/faq/index.cgi?file=1075> # Note: most DB_CONFIG settings will take effect only upon rebuilding # the DB environment. # one 0.25 GB cache set_cachesize 0 268435456 1 # Data Directory #set_data_dir db # Transaction Log settings set_lg_regionmax 262144 set_lg_bsize 2097152 #set_lg_dir logs # Note: special DB_CONFIG flags are no longer needed for "quick" # slapadd(8) or slapindex(8) access (see their -q option). Please help me here that what I need to do for better performance. Thanks in advance. My contact number is +919650477441

1 0

Re: (ITS#6475) SASL OTP and syncrepl
by daniel＠pluta.biz 19 Jul '10

19 Jul '10

Hi, I've received segmentation faults during some basic SASL OTP testing using CVS HEAD. Below you'll find a small patch (against HEAD) which seems to fix this issue ... Before the patch: root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch -v -Y OTP -U test1 ldap_initialize( <DEFAULT> ) SASL/OTP authentication started ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) (<== slapd segfault) After the patch has been applied: root@tingletangle:~/repos/openldap# /usr/local/openldap/bin/ldapsearch -v -Y OTP -U test1 ldap_initialize( <DEFAULT> ) SASL/OTP authentication started Challenge: otp-md5 498 ti6311 ext Please enter your one-time password: huhu ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: (<== slapd still running ;-) ) As I'm not (yet ;-)) an OTP-expert I have not tested any further because I currently just don't know how to calculate the one-time password based on the challenge ... Best regards, Daniel Index: servers/slapd/sasl.c =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v retrieving revision 1.274 diff -u -r1.274 sasl.c --- servers/slapd/sasl.c 15 Apr 2010 16:13:54 -0000 1.274 +++ servers/slapd/sasl.c 19 Jul 2010 19:55:11 -0000 @@ -548,7 +548,7 @@ op.o_req_ndn.bv_val = (char *)pr[i].values[0]; } #ifdef SLAP_AUXPROP_DONTUSECOPY - { + if ( slap_dontUseCopy_propnames != NULL ) { struct berval bv; ber_str2bv( &pr[i].name[1], 0, 1, &bv ); for ( j = 0; !BER_BVISNULL( &slap_dontUseCopy_propnames[ j ] ); j++ ) {

1 0

(ITS#6590) slaptest ignores slapd.conf's dbconfig statement during conversion into cn=config
by daniel＠pluta.biz 16 Jul '10

16 Jul '10

Full_Name: Daniel Pluta Version: HEAD OS: Lnx URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:4ca0:0:f000:4877:9270:3ab1:2849) slaptest -f -F ignores slapd.conf (bdb/hdb convenience) dbconfig settings. Steps to reproduce: 1.) cat > slapd.conf <<EOF include /tmp/openldap/etc/openldap/schema/core.schema pidfile /tmp/openldap/var/run/slapd.pid argsfile /tmp/openldap/var/run/slapd.args database hdb dbconfig set_cachesize 0 1048576 0 dbconfig set_lg_bsize 2097152 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" rootpw secret directory /tmp/openldap/var/openldap-data index objectClass eq EOF 2.) convert slapd.conf into cn=config: mkdir slapd.d && slaptest -f slapd.conf -F slapd.d 3.) search slapd.d directory for "olcdbconfig" attribute values: grep -R -i olcDbConfig slapd.d/ the string "olcDbConfig" cannot be found (only in schema definition)...

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs