openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

Start a nNew thread

Re: (ITS#5656) Bind operations with translucent overlay
by julien.garnier＠dr13.cnrs.fr 08 Sep '08

08 Sep '08

Hi, I'm interersted in this option to. Juju

1 0

Re: (ITS#5679) Translucent search
by julien.garnier＠dr13.cnrs.fr 08 Sep '08

08 Sep '08

This is a cryptographically signed message in MIME format. --------------ms090702020105050508040500 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Pierangelo Masarati a =E9crit : > Should now be fixed in HEAD; please test and report. > > p. I've just install head : @(#) $OpenLDAP: slapd 2.X (Sep 8 2008 13:30:44) $ Seems to be OK, I only retrieve my 2 users What was the problem ? Thanks ! Julien *************************************************************************= ** ldapsearch -x -b "ou=3DPeople,dc=3Dcnrs,dc=3Dfr" =20 "(&(ou=3DMOY1300*)(corsecu=3D*))" ou corsecu # extended LDIF # # LDAPv3 # base <ou=3DPeople,dc=3Dcnrs,dc=3Dfr> with scope subtree # filter: (&(ou=3DMOY1300*)(corsecu=3D*)) # requesting: ou corsecu # # martine.costanzo, cnrs, People, cnrs.fr dn: uid=3Dmartine.costanzo,ou=3Dcnrs,ou=3DPeople,dc=3Dcnrs,dc=3Dfr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg=3D= =3D CorSecu: MOY1300 # vincent.chicot, cnrs, People, cnrs.fr dn: uid=3Dvincent.chicot,ou=3Dcnrs,ou=3DPeople,dc=3Dcnrs,dc=3Dfr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg=3D= =3D CorSecu: MOY1300 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 --------------ms090702020105050508040500 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMxTCC A2kwggJRoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwKzELMAkGA1UEBhMCRlIxDTALBgNVBAoT BENOUlMxDTALBgNVBAMTBENOUlMwHhcNMDEwNDI3MDU0NTI4WhcNMTEwNDI1MDU0NTI4WjAw MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQlSTUNpNZM31NKiH++/aLeFo2lCbD/EdAsq k8Vzl0yoN+BS3qY5EbkZbUwU3x/o0XsfvqsfOqTz4MxEavsJmlRetHAfYUPmXCiwwnxCmFS/ +N2NmN2bnWIY0Vzk6qZkgTdYZqj1eiXNyn1q1E/IpPEp7hA+KdulYJ706Xj99ih8kVFa/a8y 45ub5FOWpK4DJPBoNxS7LPsZyGtfehmcCRtj2JF7BcxJMTH6GPwZ1j/Y4DdBcxmzIfLOjQly ROrlDF5iiscuxzZOPOKUcbnjU5fgFxTE8YQ9jyqL5X6xeWaNABwPR6O+Kln/eDowWrJXnjke VBbfBKm6xYvLyzlQUQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFd9dKaS m4hc/uQEKfTsOmcnVOD4MFMGA1UdIwRMMEqAFFbraLnSXH6YtaVTw5FvY1jE+Wu3oS+kLTAr MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsGA1UEAxMEQ05SU4IBADALBgNVHQ8E BAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAEc8oDJIziXlPHqdm+CF/44HRs8MOif5Un3d8x7y vgBqvLt2WV6xoI4h4Y+54Z7Aog3H65z/qtiZdxb3CehCzhltPGHZ/oNHZJa74xqUXJgXeKUk V/JQw0a/z4VLRjnhU0mzbvghbOAJsA6QqsKWC2ZiWhHZaLScVt3zrJ9F8mWX3DAf4HRN+0iY U438vLKSBM6KJhb7Mn1tXk36IcskrwAnozVizkwLendcMYpKuKyu7DofQXUouGwJF+YE6u3B L72QvPko9jHauBqNWpRm2n1ETnjw2VXs7RKfy8q8no78VLT8+x7fPCBcZMx69Ytyouj+TThX KVNQ4bxYoJEggZUwggSoMIIDkKADAgECAgIOdzANBgkqhkiG9w0BAQUFADAwMQswCQYDVQQG EwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMB4XDTA3MTEwODEyMDAw NFoXDTA4MTEwNzEyMDAwNFowczELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxEDAOBgNV BAsTB01PWTEzMDAxFzAVBgNVBAMTDkp1bGllbiBHYXJuaWVyMSowKAYJKoZIhvcNAQkBFhtK dWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDnOJa63KmBNrk1iWwIoBfaNRIoB5R+4X+aCOXHD9jXaq5WUV42JEFHvgA87t6esw5U lKgjjyDa8IEW6YQX/WQ9EuHVq4zAvYFQ37bv+obvf1icCyOxDCqqozcIaP8vawVhD244p3bx nVP18QlmlS6MAoqD2NSOgdXjrqQb2uJSE+KLwGMnjjs4zb8lRt2dYp67z7SBLYTnTq04o0Yr fOtYt+rnlleDlWKdJGgNqryiHO20tKlOAUHE4ahZHjsKhEZGdJ4KCoEuDNQtyRLznRGuuH+b 2QjecVL2DmF26hNYlgM4c4TNWETGEBSgdBnlntcEQH443LN2qEx+lRA5dIr/AgMBAAGjggGH MIIBgzAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDAOBgNVHQ8BAf8EBAMCBeAw cAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgQ05SUy1QbHVzLiBQb3VyIHRvdXRlIGluZm9y bWF0aW9uIHNlIHJlcG9ydGVyIOAgaHR0cDovL2lnYy5zZXJ2aWNlcy5jbnJzLmZyL0NOUlMt UGx1cy8wHQYDVR0OBBYEFECFdlYtLkLUfoSH/7VfvQ4hYG60MFMGA1UdIwRMMEqAFFd9dKaS m4hc/uQEKfTsOmcnVOD4oS+kLTArMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsG A1UEAxMEQ05SU4IBATAmBgNVHREEHzAdgRtKdWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIw QgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybHMuc2VydmljZXMuY25ycy5mci9DTlJTLVBs dXMvZ2V0ZGVyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAuz1KzmYgAcfVPB1mE8GBR0Yzz/td ij3IttaeiCmpDfArhOwdolUiLV1MF/oJGDHX+yxpcHNu6wH3E6eEVoYycPwCcN5P9mTaxrTG KYXIj6RoDPIiCQpE9zjKV+c0jJr0bwBZIIJfCIpOpmcHHW+3BbtqjuboydwOqh5ICesPnMRr BA6WEEnB7pv1sp0vAoK0O7/ctJS6C/X37LsTBYcHVkKoyjGYUYdBjWUgmPs+jsArqe+QKSRA zl/3Xc83ZZ681aKApq9hrlmDYpP50E87uK+c2ul/fm4iwvJdb3WkyQaCfc4Epot5GMusb5/C j8JLmtpc7mv+DIrhbz3jbmZ0HTCCBKgwggOQoAMCAQICAg53MA0GCSqGSIb3DQEBBQUAMDAx CzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMwHhcNMDcx MTA4MTIwMDA0WhcNMDgxMTA3MTIwMDA0WjBzMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05S UzEQMA4GA1UECxMHTU9ZMTMwMDEXMBUGA1UEAxMOSnVsaWVuIEdhcm5pZXIxKjAoBgkqhkiG 9w0BCQEWG0p1bGllbi5HYXJuaWVyQGRyMTMuY25ycy5mcjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAOc4lrrcqYE2uTWJbAigF9o1EigHlH7hf5oI5ccP2NdqrlZRXjYkQUe+ ADzu3p6zDlSUqCOPINrwgRbphBf9ZD0S4dWrjMC9gVDftu/6hu9/WJwLI7EMKqqjNwho/y9r BWEPbjindvGdU/XxCWaVLowCioPY1I6B1eOupBva4lIT4ovAYyeOOzjNvyVG3Z1inrvPtIEt hOdOrTijRit861i36ueWV4OVYp0kaA2qvKIc7bS0qU4BQcThqFkeOwqERkZ0ngoKgS4M1C3J EvOdEa64f5vZCN5xUvYOYXbqE1iWAzhzhM1YRMYQFKB0GeWe1wRAfjjcs3aoTH6VEDl0iv8C AwEAAaOCAYcwggGDMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB /wQEAwIF4DBwBglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBDTlJTLVBsdXMuIFBvdXIgdG91 dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8vaWdjLnNlcnZpY2VzLmNucnMu ZnIvQ05SUy1QbHVzLzAdBgNVHQ4EFgQUQIV2Vi0uQtR+hIf/tV+9DiFgbrQwUwYDVR0jBEww SoAUV310ppKbiFz+5AQp9Ow6ZydU4PihL6QtMCsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRD TlJTMQ0wCwYDVQQDEwRDTlJTggEBMCYGA1UdEQQfMB2BG0p1bGllbi5HYXJuaWVyQGRyMTMu Y25ycy5mcjBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Jscy5zZXJ2aWNlcy5jbnJzLmZy L0NOUlMtUGx1cy9nZXRkZXIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7PUrOZiABx9U8HWYT wYFHRjPP+12KPci21p6IKakN8CuE7B2iVSItXUwX+gkYMdf7LGlwc27rAfcTp4RWhjJw/AJw 3k/2ZNrGtMYphciPpGgM8iIJCkT3OMpX5zSMmvRvAFkggl8Iik6mZwcdb7cFu2qO5ujJ3A6q HkgJ6w+cxGsEDpYQScHum/WynS8CgrQ7v9y0lLoL9ffsuxMFhwdWQqjKMZhRh0GNZSCY+z6O wCup75ApJEDOX/ddzzdlnrzVooCmr2GuWYNik/nQTzu4r5za6X9+biLC8l1vdaTJBoJ9zgSm i3kYy6xvn8KPwkua2lzua/4MiuFvPeNuZnQdMYICojCCAp4CAQEwNjAwMQswCQYDVQQGEwJG UjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzAgIOdzAJBgUrDgMCGgUAoIIB QTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODA5MDgxMTQz NTBaMCMGCSqGSIb3DQEJBDEWBBT/z7sYiEHm4wcm/1VtTFildsjJlDBFBgkrBgEEAYI3EAQx ODA2MDAxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMC Ag53MEcGCyqGSIb3DQEJEAILMTigNjAwMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzES MBAGA1UEAxMJQ05SUy1QbHVzAgIOdzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAN BgkqhkiG9w0BAQEFAASCAQDT70G5dWoLsUNxEnn23uXSg3MAa3xSAWUPJjio5a+iXc+63O2l mjkeYt/uvUyfHNtjfHldd7n8f2Ia20Q7tsIttT0llBozXtuvuJ8UYJ4aAxYxyaeLejLtojFA 5Ewh0O0YZ3vlM7SSm55uzh4MnuMPZdiGqdnw+GbF+RJiN2O9uSrcCRrlyWyCo/xLU5XokkHX hXbpRwy6e9A8QLS89Vqa3ndqtf4Uyy6GPMrCyQp5JgKW968uleP8lyB1tbyyU8mhlLLyvblo WaAWn339Nc/UPLOJy61qv2WTWDVDZzt6GbL07TQcqdx5iJf0Ra8zFN+5E5+7ffUhLtzBAa2m F9CfAAAAAAAA --------------ms090702020105050508040500--

1 0

(ITS#5689) back-config handling of olcTranslucentLocal/Remote is broken
by ando＠sys-net.it 08 Sep '08

08 Sep '08

Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.175.154.148) Submitted by: ando remove the ARG_STRING to fix. p.

1 0

Re: (ITS#5679) Translucent search
by ando＠sys-net.it 08 Sep '08

08 Sep '08

Should now be fixed in HEAD; please test and report. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5679) Translucent search
by julien.garnier＠dr13.cnrs.fr 08 Sep '08

08 Sep '08

This is a cryptographically signed message in MIME format. --------------ms090100030100000501010002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Pierangelo Masarati a écrit : <blockquote cite="mid:48C2B56D.6000703@sys-net.it" type="cite"><a class="moz-txt-link-abbreviated" href="mailto:julien@famille-garnier.com">julien(a)famille-garnier.com</a> wrote: <blockquote type="cite">It seems to be impossible to search local and remote together : a search request against one local attribute work correctly and return result 1 (ldapsearch "(local=*)") a search on a remote atttribute works fine  and return result 2 (ldapsearch "(remote=*)") Finaly, a search with the local and remote attribute  (ldapsearch "($(local=*)(remote=*))") </blockquote> I assume "$" is a typo, while you meant "&" in the above filter. </blockquote> Hi Pierangelo, yes, it is a typo <blockquote cite="mid:48C2B56D.6000703@sys-net.it" type="cite"> <blockquote type="cite">only return results as the search on the local attribute and doesn't take the remote attribute. The respons is the same as result 1 In slapd.conf : translucent_local local translucent_remote remote </blockquote> I've checked the current code, and it appears to work as intended.  Can you confirm the fact that the local and remote attributes are contained only in the local and the remote database, respectively?  You can easily check by directly searching the remote database.  Otherwise, you don't provide enough information about configuration and database contents to reproduce the issue. </blockquote> my config : ldap_relay (remote in the translucent config) is synchronize with a master via syncrepl. : ####################################################################### # Global Directives: # Features to permit allow bind_v2 # Schema and objectClass definitions include         /etc/openldap/schema/core.schema include         /etc/openldap/schema/cosine.schema include         /etc/openldap/schema/nis.schema include         /etc/openldap/schema/inetorgperson.schema include         /etc/openldap/schema/cnrs.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile         /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile        /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel        0 # Where the dynamically loaded modules are stored # The maximum number of entries that is returned for a search operation sizelimit 500000 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 2 ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend         bdb #checkpoint 512 30 database        bdb # The base of your directory in database #1 suffix          "ou=People,dc=cnrs,dc=fr" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn          "cn=admin,ou=People,dc=cnrs,dc=fr" rootpw          "password" # Where the database file are physically stored for database #1 directory       "/var/lib/ldap-people" # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM #dbconfig set_cachesize 0 2097152 0 dbconfig set_cachesize 0 536870912 0 dbconfig set_flags    DB_LOG_AUTOREMOVE # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See <a class="moz-txt-link-freetext" href="http://bugs.debian.org/303057">http://bugs.debian.org/303057</a> # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requestd and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 dbconfig set_flags    DB_LOG_AUTOREMOVE # Indexing options for database #1 index objectClass                       eq index ou,cn,mail,surname,givenname      eq,pres,sub index uid                               eq,pres,sub index entryUUID,entryCSN                eq,pres index cnrsRole,cnrsDepartement          eq,pres,sub index cnrsDelegation                    eq,pres,sub index departmentNumber                  eq,pres,sub # Save the time that the entry gets modified, for database #1 lastmod         on #id du client (numero DR) syncrepl rid=013         provider=<a class="moz-txt-link-freetext" href="ldap://sagan.dr15.cnrs.fr:389">ldap://sagan.dr15.cnrs.fr:389</a>         searchbase="ou=People,dc=cnrs,dc=fr"         type=refreshAndPersist         scope=sub         interval=00:00:00:10         retry="60 10 300 +"         attrs="*"         schemachecking=off         bindmethod=simple         binddn="cn=sync-dr13,ou=people,dc=cnrs,dc=fr"         credentials="password" access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to *         by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write         by * read ******************************************************************* ******************************************************************* My ldap server user translucent to add attributes to ldap_relay : # Schema and objectClass definitions include         /etc/openldap/schema/core.schema include         /etc/openldap/schema/cosine.schema include         /etc/openldap/schema/nis.schema include         /etc/openldap/schema/inetorgperson.schema include         /etc/openldap/schema/DR13.schema include         /etc/openldap/schema/cnrs.schema include         /etc/openldap/schema/dyngroup.schema #include         /etc/openldap/schema/calendar.schema #include         /etc/openldap/schema/julien.schema pidfile         /var/run/slapd/slapd.pid argsfile        /var/run/slapd/slapd.args loglevel      0 allow bind_v2 # The maximum number of entries that is returned for a search operation sizelimit       50000 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads    1 ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend         bdb ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database        bdb # The base of your directory in database #1 suffix          "ou=People,dc=cnrs,dc=fr" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn          "cn=admin,ou=People,dc=cnrs,dc=fr" rootpw          "password" # Where the database file are physically stored for database #1 directory       "/var/lib/ldap-people" dbconfig set_cachesize 0 536870912 0 dbconfig set_flags    DB_LOG_AUTOREMOVE dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass                       eq,pres index ou,cn,mail,surname,givenname      eq,pres,sub index uid                               eq,pres index entryCSN,entryUUID                eq,pres index cnrsDelegation                    eq,pres,sub index Service,ACMO,corinfo,corcom,corform,corvalo,gxlab,corsecu,authtest,GLabintel                eq,pres,sub overlay         translucent translucent_no_glue off translucent_strict off translucent_local ACMO,Service,corinfo,corcom,corform,corvalo,gxlab,corsecu,userPassword,shadowLastChange,authtest,GLabintel,Poste translucent_remote sn,GivenName,mail,street,Postalcode,l,cnrsDelegation,uid uri             <a class="moz-txt-link-freetext" href="ldap://ldap_relay.dr13.cnrs.fr">ldap://ldap_relay.dr13.cnrs.fr</a> lastmod         off acl-bind        binddn="cn=admin,ou=People,dc=cnrs,dc=fr" credentials="password" access to attrs=userPassword,shadowLastChange         by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write         by anonymous auth         by self write         by * none access to dn.base=""         by * read # acces de l'IBMM (UMR5247) access to dn.sub="ou=people,dc=cnrs,dc=fr"         filter=(ou=UMR5247*)         by peername.regex="IP=193\.49\.133\..+" read         by peername.regex="IP=127\.0\.0\.1" read         by peername.regex="IP=194\.214\.161\.70" read # acces de la delegation : lecture pour tout access to *         by peername.regex="IP=193\.49\.133\..+" read         by peername.regex="IP=127\.0\.0\.1" read         by dn="cn=admin,ou=People,dc=cnrs,dc=fr" write         by * none *********************************************************** *********************************************************** the searches : ou is in remote (it's ou derivated from inetorgperson) corsecu is in local : attribute is add to inetorgperson : attributetype ( 1.3.6.1.4.1.10813.13.2.9         NAME 'CorSecu'         DESC 'Correspondant Securité'         EQUALITY caseIgnoreMatch         SUBSTR caseIgnoreSubstringsMatch         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) if I search who is corsecu :  ldapsearch -x -b "ou=People,dc=cnrs,dc=fr"  "(corsecu=*)" ou corsecu # extended LDIF # # LDAPv3 # base <ou=People,dc=cnrs,dc=fr> with scope subtree # filter: (corsecu=*) # requesting: ou corsecu # # martine.costanzo, cnrs, People, cnrs.fr dn: uid=martine.costanzo,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg== CorSecu: MOY1300 # vincent.chicot, cnrs, People, cnrs.fr dn: uid=vincent.chicot,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg== CorSecu: MOY1300 # josiane.tack.1, cnrs, People, cnrs.fr dn: uid=josiane.tack.1,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: VU1SNTI0MyAtICgxKSAtIEfDqW9zY2llbmNlcyBNb250cGVsbGllcg== CorSecu: UMR5243 # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Josian Tack is in OU  = UMR5243 - (1) - Géosciences Montpellier other are in OU = MOY1300 - (1) - Délégation Languedoc-Roussillon If I only want corsecu in ou MOY1300 : ldapsearch -x -b "ou=People,dc=cnrs,dc=fr"  "(&(ou=MOY1300*)(corsecu=*))" ou corsecu # extended LDIF # # LDAPv3 # base <ou=People,dc=cnrs,dc=fr> with scope subtree # filter: (&(ou=MOY1300*)(corsecu=*)) # requesting: ou corsecu # # martine.costanzo, cnrs, People, cnrs.fr dn: uid=martine.costanzo,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg== CorSecu: MOY1300 # vincent.chicot, cnrs, People, cnrs.fr dn: uid=vincent.chicot,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: TU9ZMTMwMCAtICgxKSAtIETDqWzDqWdhdGlvbiBMYW5ndWVkb2MtUm91c3NpbGxvbg== CorSecu: MOY1300 # josiane.tack.1, cnrs, People, cnrs.fr dn: uid=josiane.tack.1,ou=cnrs,ou=People,dc=cnrs,dc=fr ou:: VU1SNTI0MyAtICgxKSAtIEfDqW9zY2llbmNlcyBNb250cGVsbGllcg== CorSecu: UMR5243 # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Josiane Tack is always here Thanks Julien </body> </html> --------------ms090100030100000501010002 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMxTCC A2kwggJRoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwKzELMAkGA1UEBhMCRlIxDTALBgNVBAoT BENOUlMxDTALBgNVBAMTBENOUlMwHhcNMDEwNDI3MDU0NTI4WhcNMTEwNDI1MDU0NTI4WjAw MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQlSTUNpNZM31NKiH++/aLeFo2lCbD/EdAsq k8Vzl0yoN+BS3qY5EbkZbUwU3x/o0XsfvqsfOqTz4MxEavsJmlRetHAfYUPmXCiwwnxCmFS/ +N2NmN2bnWIY0Vzk6qZkgTdYZqj1eiXNyn1q1E/IpPEp7hA+KdulYJ706Xj99ih8kVFa/a8y 45ub5FOWpK4DJPBoNxS7LPsZyGtfehmcCRtj2JF7BcxJMTH6GPwZ1j/Y4DdBcxmzIfLOjQly ROrlDF5iiscuxzZOPOKUcbnjU5fgFxTE8YQ9jyqL5X6xeWaNABwPR6O+Kln/eDowWrJXnjke VBbfBKm6xYvLyzlQUQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFd9dKaS m4hc/uQEKfTsOmcnVOD4MFMGA1UdIwRMMEqAFFbraLnSXH6YtaVTw5FvY1jE+Wu3oS+kLTAr MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsGA1UEAxMEQ05SU4IBADALBgNVHQ8E BAMCAQYwDQYJKoZIhvcNAQEEBQADggEBAEc8oDJIziXlPHqdm+CF/44HRs8MOif5Un3d8x7y vgBqvLt2WV6xoI4h4Y+54Z7Aog3H65z/qtiZdxb3CehCzhltPGHZ/oNHZJa74xqUXJgXeKUk V/JQw0a/z4VLRjnhU0mzbvghbOAJsA6QqsKWC2ZiWhHZaLScVt3zrJ9F8mWX3DAf4HRN+0iY U438vLKSBM6KJhb7Mn1tXk36IcskrwAnozVizkwLendcMYpKuKyu7DofQXUouGwJF+YE6u3B L72QvPko9jHauBqNWpRm2n1ETnjw2VXs7RKfy8q8no78VLT8+x7fPCBcZMx69Ytyouj+TThX KVNQ4bxYoJEggZUwggSoMIIDkKADAgECAgIOdzANBgkqhkiG9w0BAQUFADAwMQswCQYDVQQG EwJGUjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzMB4XDTA3MTEwODEyMDAw NFoXDTA4MTEwNzEyMDAwNFowczELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxEDAOBgNV BAsTB01PWTEzMDAxFzAVBgNVBAMTDkp1bGllbiBHYXJuaWVyMSowKAYJKoZIhvcNAQkBFhtK dWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDnOJa63KmBNrk1iWwIoBfaNRIoB5R+4X+aCOXHD9jXaq5WUV42JEFHvgA87t6esw5U lKgjjyDa8IEW6YQX/WQ9EuHVq4zAvYFQ37bv+obvf1icCyOxDCqqozcIaP8vawVhD244p3bx nVP18QlmlS6MAoqD2NSOgdXjrqQb2uJSE+KLwGMnjjs4zb8lRt2dYp67z7SBLYTnTq04o0Yr fOtYt+rnlleDlWKdJGgNqryiHO20tKlOAUHE4ahZHjsKhEZGdJ4KCoEuDNQtyRLznRGuuH+b 2QjecVL2DmF26hNYlgM4c4TNWETGEBSgdBnlntcEQH443LN2qEx+lRA5dIr/AgMBAAGjggGH MIIBgzAMBgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDAOBgNVHQ8BAf8EBAMCBeAw cAYJYIZIAYb4QgENBGMWYUNlcnRpZmljYXQgQ05SUy1QbHVzLiBQb3VyIHRvdXRlIGluZm9y bWF0aW9uIHNlIHJlcG9ydGVyIOAgaHR0cDovL2lnYy5zZXJ2aWNlcy5jbnJzLmZyL0NOUlMt UGx1cy8wHQYDVR0OBBYEFECFdlYtLkLUfoSH/7VfvQ4hYG60MFMGA1UdIwRMMEqAFFd9dKaS m4hc/uQEKfTsOmcnVOD4oS+kLTArMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzENMAsG A1UEAxMEQ05SU4IBATAmBgNVHREEHzAdgRtKdWxpZW4uR2FybmllckBkcjEzLmNucnMuZnIw QgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybHMuc2VydmljZXMuY25ycy5mci9DTlJTLVBs dXMvZ2V0ZGVyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAuz1KzmYgAcfVPB1mE8GBR0Yzz/td ij3IttaeiCmpDfArhOwdolUiLV1MF/oJGDHX+yxpcHNu6wH3E6eEVoYycPwCcN5P9mTaxrTG KYXIj6RoDPIiCQpE9zjKV+c0jJr0bwBZIIJfCIpOpmcHHW+3BbtqjuboydwOqh5ICesPnMRr BA6WEEnB7pv1sp0vAoK0O7/ctJS6C/X37LsTBYcHVkKoyjGYUYdBjWUgmPs+jsArqe+QKSRA zl/3Xc83ZZ681aKApq9hrlmDYpP50E87uK+c2ul/fm4iwvJdb3WkyQaCfc4Epot5GMusb5/C j8JLmtpc7mv+DIrhbz3jbmZ0HTCCBKgwggOQoAMCAQICAg53MA0GCSqGSIb3DQEBBQUAMDAx CzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMwHhcNMDcx MTA4MTIwMDA0WhcNMDgxMTA3MTIwMDA0WjBzMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05S UzEQMA4GA1UECxMHTU9ZMTMwMDEXMBUGA1UEAxMOSnVsaWVuIEdhcm5pZXIxKjAoBgkqhkiG 9w0BCQEWG0p1bGllbi5HYXJuaWVyQGRyMTMuY25ycy5mcjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAOc4lrrcqYE2uTWJbAigF9o1EigHlH7hf5oI5ccP2NdqrlZRXjYkQUe+ ADzu3p6zDlSUqCOPINrwgRbphBf9ZD0S4dWrjMC9gVDftu/6hu9/WJwLI7EMKqqjNwho/y9r BWEPbjindvGdU/XxCWaVLowCioPY1I6B1eOupBva4lIT4ovAYyeOOzjNvyVG3Z1inrvPtIEt hOdOrTijRit861i36ueWV4OVYp0kaA2qvKIc7bS0qU4BQcThqFkeOwqERkZ0ngoKgS4M1C3J EvOdEa64f5vZCN5xUvYOYXbqE1iWAzhzhM1YRMYQFKB0GeWe1wRAfjjcs3aoTH6VEDl0iv8C AwEAAaOCAYcwggGDMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMA4GA1UdDwEB /wQEAwIF4DBwBglghkgBhvhCAQ0EYxZhQ2VydGlmaWNhdCBDTlJTLVBsdXMuIFBvdXIgdG91 dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8vaWdjLnNlcnZpY2VzLmNucnMu ZnIvQ05SUy1QbHVzLzAdBgNVHQ4EFgQUQIV2Vi0uQtR+hIf/tV+9DiFgbrQwUwYDVR0jBEww SoAUV310ppKbiFz+5AQp9Ow6ZydU4PihL6QtMCsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRD TlJTMQ0wCwYDVQQDEwRDTlJTggEBMCYGA1UdEQQfMB2BG0p1bGllbi5HYXJuaWVyQGRyMTMu Y25ycy5mcjBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Jscy5zZXJ2aWNlcy5jbnJzLmZy L0NOUlMtUGx1cy9nZXRkZXIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7PUrOZiABx9U8HWYT wYFHRjPP+12KPci21p6IKakN8CuE7B2iVSItXUwX+gkYMdf7LGlwc27rAfcTp4RWhjJw/AJw 3k/2ZNrGtMYphciPpGgM8iIJCkT3OMpX5zSMmvRvAFkggl8Iik6mZwcdb7cFu2qO5ujJ3A6q HkgJ6w+cxGsEDpYQScHum/WynS8CgrQ7v9y0lLoL9ffsuxMFhwdWQqjKMZhRh0GNZSCY+z6O wCup75ApJEDOX/ddzzdlnrzVooCmr2GuWYNik/nQTzu4r5za6X9+biLC8l1vdaTJBoJ9zgSm i3kYy6xvn8KPwkua2lzua/4MiuFvPeNuZnQdMYICojCCAp4CAQEwNjAwMQswCQYDVQQGEwJG UjENMAsGA1UEChMEQ05SUzESMBAGA1UEAxMJQ05SUy1QbHVzAgIOdzAJBgUrDgMCGgUAoIIB QTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODA5MDgwODU1 MDBaMCMGCSqGSIb3DQEJBDEWBBSid4zDaEYBT67+19UaSp/1nXMUWDBFBgkrBgEEAYI3EAQx ODA2MDAxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRIwEAYDVQQDEwlDTlJTLVBsdXMC Ag53MEcGCyqGSIb3DQEJEAILMTigNjAwMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzES MBAGA1UEAxMJQ05SUy1QbHVzAgIOdzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4G CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAN BgkqhkiG9w0BAQEFAASCAQA04y3ZTPTP04e07uaMNwF5+4i+329g+KgAd+lmUvfaGJsOyGjw pCsZQIqeBzZFAfCNtmp8VyU2TCVcF6A5odWabasUltXe8HfLN64njJ/50iUQfDRFZEcZfh9b nYSTsHiuCyua78Iim18gNflXQReHWdreoSkg0MDaq0MTd98tNxZsOFPa4l9e7Xj29F4HHgck pD/0XXmP6/ZtFOxZUojL92H31RS6MlPeLC0EX5RjkLQ4maXlMvjX1MQUpv6uwOG1rkSaTDKW zEcUcKP/gYFHL7LDUZC8GlhLGvuzxrSamS2RRJE+mAzc/U+aOf6O7qeFyje8PM6r57qc0iQQ XCDeAAAAAAAA --------------ms090100030100000501010002--

1 0

Re: (ITS#5663) Declaring substitute syntax as LDAP syntax
by ando＠sys-net.it 08 Sep '08

08 Sep '08

The suggested extension has been added to syntax add code; parsing of a syntax with the given extension will result in using the implementation of the substitute syntax if an implementation is missing for the given syntax. This only works for syntaxes added programmatically using syn_add(), e.g. by run-time modules, as there's no provisions for adding syntaxes via configuration. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5687) corrupted double-linked list on shutdown
by quanah＠zimbra.com 06 Sep '08

06 Sep '08

--On Saturday, September 06, 2008 2:26 PM +0000 ando(a)sys-net.it wrote: > ando(a)sys-net.it wrote: >> The problem is in glue_op_search(): it saves a copy of the rewritten DN; >> in case of CTRL^C, the rewritten DN is deleted by rwm_op_cleanup, and a >> dangling pointer to it is later restored in o_req_[n]dn by >> glue_op_search (lines 446-7 or 463-4). Trying to fix it... > > I've applied a fix that works around this issue without apparently > breaking back-glue (servers/slapd/backglue.c 1.139 -> 1.140). Please > test. I have no more issues after applying these additional fixes. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#5679) Translucent search
by ando＠sys-net.it 06 Sep '08

06 Sep '08

julien(a)famille-garnier.com wrote: > It seems to be impossible to search local and remote together : > > a search request against one local attribute work correctly and return result 1 > (ldapsearch "(local=*)") > a search on a remote atttribute works fine and return result 2 (ldapsearch > "(remote=*)") > > Finaly, a search with the local and remote attribute (ldapsearch > "($(local=*)(remote=*))") I assume "$" is a typo, while you meant "&" in the above filter. > only return results as the search on the local > attribute and doesn't take the remote attribute. The respons is the same as > result 1 > > > In slapd.conf : > translucent_local local > translucent_remote remote I've checked the current code, and it appears to work as intended. Can you confirm the fact that the local and remote attributes are contained only in the local and the remote database, respectively? You can easily check by directly searching the remote database. Otherwise, you don't provide enough information about configuration and database contents to reproduce the issue. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5687) corrupted double-linked list on shutdown
by ando＠sys-net.it 06 Sep '08

06 Sep '08

hyc(a)symas.com wrote: > The serious problem is in thread 5, where rwm_op_cleanup frees a DN that > do_search also tries to free. It looks like rwm_op_cleanup is badly broken > here, it apparently should be checking to make sure ros->ro_dn is != ros->r_dn > before freeing r_dn (and ndn). This issue can be serious since it could also hit in case of abandon, not just in case of shutdown. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5687) corrupted double-linked list on shutdown
by ando＠sys-net.it 06 Sep '08

06 Sep '08

ando(a)sys-net.it wrote: > The problem is in glue_op_search(): it saves a copy of the rewritten DN; > in case of CTRL^C, the rewritten DN is deleted by rwm_op_cleanup, and a > dangling pointer to it is later restored in o_req_[n]dn by > glue_op_search (lines 446-7 or 463-4). Trying to fix it... I've applied a fix that works around this issue without apparently breaking back-glue (servers/slapd/backglue.c 1.139 -> 1.140). Please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs