- openldap-bugs - openldap.org

(ITS#5124) segfault on modify operation by slurpd with rwm overlay
by jclarke＠linagora.com 05 Sep '07

05 Sep '07

Full_Name: Jonathan Clarke Version: 2.3.37 OS: Debian Etch URL: ftp://ftp.openldap.org/incoming/jclarke-slurpd-rwm-modify-bug.tar.gz Submission from: (NULL) (134.157.159.100) Hello guys, With a simple master/slave setup, and the rwm overlay activated for the bindDN context, any modify operation made on the master, replicated with slurpd causes the slave to crash. You will find below a backtrace of the slave when it crashes, and the configuration files we're using on the master, the slave, an LDIF of the contents of the directory are in the archive on ftp.openldap.org indicated in the ITS. We are using 2.3.37 for both master and slave, and have confirmed that disactivating the rwm overlay in slapd.conf avoids the problem. Thanks in advance for your help ! Jon ***** BACKTRACE ****** conn=0 fd=14 ACCEPT from IP=127.0.0.1:57752 (IP=0.0.0.0:392) [New Thread 32771 (LWP 21187)] conn=0 op=0 BIND dn="uid=replicator,dc=linagora,dc=org" method=128 conn=0 op=0 BIND dn="uid=replicator,dc=linagora,dc=org" mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= conn=0 op=1 MOD dn="dc=linagora,dc=org" conn=0 op=1 MOD attr=description entryCSN modifiersName modifyTimestamp conn=0 op=1 RESULT tag=103 err=0 text= Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 32771 (LWP 21187)] 0x4035dafb in free () from /lib/libc.so.6 (gdb) bt #0 0x4035dafb in free () from /lib/libc.so.6 #1 0x4035f805 in malloc () from /lib/libc.so.6 #2 0x0813e70f in ber_memalloc_x (s=1, ctx=0x40412660) at memory.c:226 #3 0x08079fa8 in ch_malloc (size=16) at ch_malloc.c:54 #4 0x08101567 in rwm_op_modify (op=0x8246fc0, rs=0x6301dce4) at rwm.c:590 #5 0x080b6c5e in overlay_op_walk (op=0x8246fc0, rs=0x6301dce4, which=op_modify, oi=0x81e9688, on=0x81e9778) at backover.c:639 #6 0x080b70ce in over_op_func (op=0x8246fc0, rs=0x6301dce4, which=op_modify) at backover.c:701 #7 0x08077e00 in do_modify (op=0x8246fc0, rs=0x6301dce4) at modify.c:200 #8 0x080609bb in connection_operation (ctx=0x6301dd58, arg_v=0x8246fc0) at connection.c:1133 #9 0x0811a8b4 in ldap_int_thread_pool_wrapper (xpool=0x81d0000) at tpool.c:478 #10 0x402adc51 in pthread_start_thread () from /lib/libpthread.so.0 #11 0x402addb4 in pthread_start_thread_event () from /lib/libpthread.so.0 #12 0x403b438a in clone () from /lib/libc.so.6 ***** End of backtrace *****

1 0

Re: (ITS#5123) slaptest is not checking spelling of keyword access
by ando＠sys-net.it 05 Sep '07

05 Sep '07

lwartha(a)gmail.com wrote: > I made stupid typo and use word acces instead of access in slapd.confl. > Unforutnately slaptest -u does not display any notice about it and display > config file testing succeeded. Because up to 2.3 OpenLDAP didn't care about unrecognized statements. If you run staptest with -dconfig you'll notice warnings (if you're debugging slapd.conf you should; it is not the default because in most cases people are only interested in a yes/no question; ITS#4930 was filed to even remove the "success string"). > > This of cause takes lot of investigation to find it. > > Thanks for fixing it in the future. It's been changed in 2.4 ever since. Now all errors, including unrecognized statements, cause a bailout. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5123) slaptest is not checking spelling of keyword access
by lwartha＠gmail.com 05 Sep '07

05 Sep '07

Full_Name: Ladislav Wartha Version: 2.3.27-4 OS: Fedora Core release 6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.122.198.222) Hi, I made stupid typo and use word acces instead of access in slapd.confl. Unforutnately slaptest -u does not display any notice about it and display config file testing succeeded. This of cause takes lot of investigation to find it. Thanks for fixing it in the future. Best regards, Ladislav

1 0

Re: (ITS#5120) slapadd -q makes database logs unusable
by ando＠sys-net.it 04 Sep '07

04 Sep '07

hyc(a)symas.com wrote: > ando(a)sys-net.it wrote: >> When slapadd'ing -q, existing database log files seem to become unusable. If >> this is correct, as it seems to be, slapadd could refuse to start with -q if log >> files are present, or, for example, remove the logs if -qq. > > I guess we could add that check. The docs already say that if an error occurs, > the entire database will be unusable. As such, you should only use it for > initially populating a database, not for adding to an existing one. The story is that I placed logs in a separate directory and I forgot to clean them up when regenerating the DB after removing the database files :) p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5120) slapadd -q makes database logs unusable
by hyc＠symas.com 04 Sep '07

04 Sep '07

ando(a)sys-net.it wrote: > When slapadd'ing -q, existing database log files seem to become unusable. If > this is correct, as it seems to be, slapadd could refuse to start with -q if log > files are present, or, for example, remove the logs if -qq. I guess we could add that check. The docs already say that if an error occurs, the entire database will be unusable. As such, you should only use it for initially populating a database, not for adding to an existing one. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5121) IDL cache issue
by ando＠sys-net.it 04 Sep '07

04 Sep '07

To reproduce: - set idlcache - search one entry, so that the idl gets cached - delete that entry, so that the idl gets cleared - but head/tail don't - search another entry so that it gets cached - head/tail are corrupted I've a fix for this about to come (affects 2.4.5 as well, sigh; not sure about re23). p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5122) back-bdb occasionally allows bogus numeric values
by ando＠sys-net.it 04 Sep '07

04 Sep '07

Full_Name: Pierangelo Masarati Version: since back-config OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.203.230.29) Submitted by: ando Setting a negative number for cachesize causes an assertion in ch_calloc(); for idlcachesize is just accepted; same for most remaining numeric data. A neat solution would be to define ARG_UINT/ARG_ULONG, redefine types as appropriate (now they're ints, but the negative value has no meaning or causes crash). There seems to be room for 8 more types in the type mask. Not a showstopper, though.

1 0

Re: (ITS#5121) IDL cache issue
by ando＠sys-net.it 04 Sep '07

04 Sep '07

I noticed that I was intermixing overlay and database configuration statements, but this should be allowed in HEAD. Anyway, I now put configuration statements in the right order, but I've been able to reproduce the problem (not all times, and no devel tools on the maching where I could produce it, except gdb and an unstripped slapd build).... Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5121) IDL cache issue
by ando＠sys-net.it 04 Sep '07

04 Sep '07

Full_Name: Pierangelo Masarati Version: HEAD OS: Linux RH AS 4.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.203.230.29) Submitted by: ando I ran into an issue running HEAD code. I got the following core dump: #0 0x08103390 in bdb_idl_cache_put (bdb=0xa3e1110, db=0x3550c800, key=0x35f988a0, ids=0x34afc008, rc=0) at ../../../../servers/slapd/back-bdb/idl.c:354 #1 0x08104318 in bdb_idl_fetch_key (be=0x36058ec0, db=0x3550c800, locker=0, key=0x35f988a0, ids=0x34afc008, saved_cursor=0x0, get_flag=0) at ../../../../servers/slapd/back-bdb/idl.c:665 #2 0x081084a1 in bdb_key_read (be=0x36058ec0, db=0x3550c800, locker=100, k=0x352ff2d4, ids=0x34afc008, saved_cursor=0x0, get_flag=0) at ../../../../servers/slapd/back-bdb/key.c:50 #3 0x081013ab in bdb_filter_candidates (op=0xa46b3f8, locker=100, f=0x352ff2c4, ids=0x34bfc008, tmp=0x34afc008, stack=0x34c7c008) at ../../../../servers/slapd/back-bdb/filterindex.c:770 #4 0x081020e9 in list_candidates (op=0xa46b3f8, locker=100, flist=0x35f98dd0, ftype=161, ids=0x34b7c008, tmp=0x34afc008, save=0x34bfc008) at ../../../../servers/slapd/back-bdb/filterindex.c:580 #5 0x08100458 in bdb_filter_candidates (op=0xa46b3f8, locker=100, f=0x35f98dc0, ids=0x34b7c008, tmp=0x34afc008, stack=0x34bfc008) at ../../../../servers/slapd/back-bdb/filterindex.c:204 #6 0x081020e9 in list_candidates (op=0xa46b3f8, locker=100, flist=0x35f98db0, ftype=160, ids=0x35fd8e30, tmp=0x34afc008, save=0x34b7c008) at ../../../../servers/slapd/back-bdb/filterindex.c:580 #7 0x08100458 in bdb_filter_candidates (op=0xa46b3f8, locker=100, f=0x35f98de0, ids=0x35fd8e30, tmp=0x34afc008, stack=0x34b7c008) #8 0x081109b5 in bdb_search (op=0xa46b3f8, rs=0x3605a0f0) at ../../../../servers/slapd/back-bdb/search.c:1111 #9 0x080ee601 in overlay_op_walk (op=0xa46b3f8, rs=0x3605a0f0, which=op_search, oi=0xa3e21e0, on=0xa3e2740) at ../../../servers/slapd/backover.c:652 #10 0x080ee72f in over_op_func (op=0xa46b3f8, rs=0x3605a0f0, which=op_bind) at ../../../servers/slapd/backover.c:704 #11 0x0808a051 in fe_op_search (op=0xa46b3f8, rs=0x3605a0f0) at ../../../servers/slapd/search.c:368 #12 0x080894f7 in do_search (op=0xa46b3f8, rs=0x3605a0f0) at ../../../servers/slapd/search.c:217 #13 0x080875c3 in connection_operation (ctx=0x3605a210, arg_v=0xa46b3f8) at ../../../servers/slapd/connection.c:1145 #14 0x0808801b in connection_read_thread (ctx=0x3605a210, argv=0x14) at ../../../servers/slapd/connection.c:1271 #15 0x081afa01 in ldap_int_thread_pool_wrapper (xpool=0xa304fa8) at ../../../libraries/libldap_r/tpool.c:614 #16 0x008ad3cc in start_thread () from /lib/tls/libpthread.so.0 #17 0x00736c3e in clone () from /lib/tls/libc.so.6 where (gdb) p bdb->bi_idl_cache_max_size $27 = 30000 (gdb) p bdb->bi_idl_lru_head $28 = (bdb_idl_cache_entry_t *) 0x3550cd28 (gdb) p bdb->bi_idl_lru_tail $29 = (bdb_idl_cache_entry_t *) 0x3550cd28 (gdb) p bdb->bi_idl_lru_tail[0] $30 = {kstr = {bv_len = 3, bv_val = 0x3550ebd8 "top"}, idl = 0x6, db = 0x3550ebe8, idl_flags = 0, idl_lru_prev = 0x0, idl_lru_next = 0x0} The latter seems quite odd: obviously the head/tail is corrupted, but either bdb->bi_idl_lru_tail and bdb->bi_idl_lru_head should be null, or their idl_lru_prev and idl_lru_next members should be valid. There seems to be something odd in how entries are cleaned up from the cache: in fact, if the whole LRU is destroyed, then eprev would remain dangling, but this should never occur. p.

1 0

Re: (ITS#5120) slapadd -q makes database logs unusable
by ando＠sys-net.it 04 Sep '07

04 Sep '07

BTW, I'm currently using Berkeley 4.2.52 w/ patches w/ HEAD code, if it matters. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5120) slapadd -q makes database logs unusable
by ando＠sys-net.it 04 Sep '07

04 Sep '07

Full_Name: Pierangelo Masarati Version: all supporting -q OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.203.230.29) Submitted by: ando When slapadd'ing -q, existing database log files seem to become unusable. If this is correct, as it seems to be, slapadd could refuse to start with -q if log files are present, or, for example, remove the logs if -qq. p.

1 0

ITS#3636 more flexible file: URLs in LDIFs
by hyc＠symas.com 04 Sep '07

04 Sep '07

Some notes... Most of the forms in the original request have been supported in 2.3/2.4/HEAD for a long time, I just didn't remember this ITS existed. It has some bearing on #5117 as well. Specifically file:/absolute/path file:relative/path file:simple.name are allowed (but deprecated) by RFC 3986 and are supported. (RFC1808 and 3986 expect relative URLs to have no scheme specifier at all. We don't handle that case. We also don't handle file://localhost/absolute/path and probably should.) file://simple.name violates RFC3986 and is rejected. The latest draft spec for FILE URIs has died, and it looks like it was plagued with too many strange behaviors to formulate a coherent spec. http://tools.ietf.org/html/draft-hoffman-file-uri-03 http://offset.skew.org/wiki/URI/File_scheme/Plan_of_action In the meantime, the libcurl API is a lot more complicated than libfetch. Might be nice to have, but it will not be as straightforward... -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5119) double free in slapd
by hyc＠symas.com 03 Sep '07

03 Sep '07

quanah(a)zimbra.com wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.3.38/RE23 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (71.202.148.128) > > > There is apparently a bug in attribute normalization of objectClasses that can > result in a double free in slapd, causing it to crash. My mistake, not a double-free. Fixed in HEAD/RE23/RE24. > Please see: > <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632> > > This behavior still exists in current RE23. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5119) double free in slapd
by quanah＠zimbra.com 03 Sep '07

03 Sep '07

Full_Name: Quanah Gibson-Mount Version: 2.3.38/RE23 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (71.202.148.128) There is apparently a bug in attribute normalization of objectClasses that can result in a double free in slapd, causing it to crash. Please see: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632> This behavior still exists in current RE23. --Quanah

1 0

Re: (ITS#5114) pcache cache results for searches that hit size/timelimit
by rhafer＠suse.de 03 Sep '07

03 Sep '07

On Saturday 01 September 2007 17:35, ando(a)sys-net.it wrote: > ando(a)sys-net.it wrote: > > Ralf, > > This patch should now work as expected. > > <http://www.sys-net.it/~ando/Download/pcache_sizelimit.patch> > > Does it harmonize with your improvements? Your changes to the response and cleanup handles interfere a bit with my changes (I move much of the _response code to _cleanup) but it should be easy to sort that out once we have either of the two patches in HEAD. But as 2.4.5 is not tagged yet we should probably wait until that happened. > Or, if you prefer, first > commit your changes, and I'll harmonize the rest. That doesn't really matter to me. I have the felling that it is easier the other way around :) -- Ralf

1 0

(ITS#5118) DB_CONFIG missing from converted config
by hyc＠OpenLDAP.org 02 Sep '07

02 Sep '07

Full_Name: Howard Chu Version: 2.3/2.4 OS: URL: Submission from: (NULL) (76.168.84.21) Submitted by: hyc The back-bdb config code was only parsing the DB_CONFIG file in server mode, but it needs to be parsed in all modes so that slaptest -f slapd.conf -F slapd.d can see it when converting. Already fixed in HEAD

1 0

Re: (ITS#4848) Another slapd startup segfault
by hyc＠symas.com 02 Sep '07

02 Sep '07

ando(a)sys-net.it wrote: > Your problem is related > to the fact that you intermixed overlay and database configuration > statements, so the idletimeout statement after the accesslog overlay > instantiation was causing invalid memory write (beyond the private data > of the accesslog overlay instead of in the private data of the bdb > database) resulting in heap corruption. The fix in HEAD has been backported to RE23 now. (The fix for ITS#5082 needed part of this fix.) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: ITS#5082
by hyc＠symas.com 02 Sep '07

02 Sep '07

Howard Chu wrote: > ando(a)sys-net.it wrote: >> See also discussion in thread >> <http://www.openldap.org/lists/openldap-software/200708/msg00063.html> > > The fix currently in CVS HEAD is to remove the olcPasswordHash attribute from > the olcGlobal entry and move it to the frontendDB entry. For better backward compatibility, olcPasswordHash is allowed in both the olcGlobal entry and the frontendDB entry. The preferred location for this setting is now in the frontendDB entry. When generating a slapd.d from a slapd.conf file, only the frontendDB entry will carry the attribute. Existing slapd.d configs with the attribute in the global entry should continue to work but they should be manually updated to use only the frontendDB entry. This fix is now in RE23 as well as RE24. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5070) Issues in X.509 certificate parsing
by hyc＠symas.com 02 Sep '07

02 Sep '07

ando(a)sys-net.it wrote: > ando(a)sys-net.it wrote: > >> I've an issue with X.509 certificate parsing in HEAD/re24. The certificate, >> according to OpenSSL, has a SerialNumber c8:5b:9a:dd:ea:bf:f9:fa and HEAD fails >> to parse it because it is an integer with length equal to 9, which is larger >> than sizeof(ber_int_t), as tested in ber_getnint() at decode.c:254. The DER >> encoded value is: 2 9 0 200 91 154 221 234 191 249 250. Seems to be time >> to get past the sizeof(ber_int_t) limitation... > > ... which would violate RFC 4511 where it states that INTEGER means from > 0 up to 2^31-1... I have a simple solution for this problem, at the > cost of partially violating rfc 4523: if an integer is larger than > 2^31-1, it could be represented in the certificateExactMatch > normalization in hexadecimal form, much like OpenSSL does. This would > increase interoperability with OpenSSL and be at least self-consistent, > since all serialNumbers that large would be consistently expanded that > way. Another solution, preserving the decimal representation, would > probably require some arbitrary precision support from external > libraries. If there's consensus, I'd post my simple patch. I would go with the hex representation. IMO LDAP/X.500 has long needed a hex integer syntax (or at least some other binary base, but hex is probably best), since we can parse/validate them bytewise without any word size limitations or expensive conversions. And IMO GSER is a giant leap backward in network protocol efficiency. If it were merely a UI format, like LDIF, that would have been ok, but over the wire, that's ridiculous. (But that's a separate discussion entirely...) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5117) test049/test050 failures
by hyc＠symas.com 01 Sep '07

01 Sep '07

hyc(a)symas.com wrote: > hyc(a)symas.com wrote: >> I see the same result on FreeBSD 6.2. It appears to be because libfetch was >> detected by configure and used here, and libfetch failed to open the FILE URLs >> that load the necessary schema. > > The test script uses relative URLs (RFC1808) which our liblutil stuff supports, > but apparently libfetch only knows how to parse absolute URLs (RFC1738) - see > their CVS > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/fetch.c?rev=1.38 > > Seems to me to be a deficiency in libfetch, but I guess we can rework the > scripts to use absolute FILE URLs here. Dunno if it's worth reporting this upstream, but libfetch accepts relative paths like this file://./foo/bar -> "./foo/bar" which violates both RFC1738 and RFC1808 (and RFC2396). I.e., when the "//" authority-spec is present the path must be absolute. Probably, since libfetch provides no mechanism for defining a base URI, it should just never accept relative paths. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5117) test049/test050 failures
by hyc＠symas.com 01 Sep '07

01 Sep '07

hyc(a)symas.com wrote: > I see the same result on FreeBSD 6.2. It appears to be because libfetch was > detected by configure and used here, and libfetch failed to open the FILE URLs > that load the necessary schema. The test script uses relative URLs (RFC1808) which our liblutil stuff supports, but apparently libfetch only knows how to parse absolute URLs (RFC1738) - see their CVS http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/fetch.c?rev=1.38 Seems to me to be a deficiency in libfetch, but I guess we can rework the scripts to use absolute FILE URLs here. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5117) test049/test050 failures
by hyc＠symas.com 01 Sep '07

01 Sep '07

kurt(a)OpenLDAP.org wrote: > Full_Name: Kurt Zeilenga > Version: HEAD > OS: MacoSX 10.4.8/FreeBSD 6.2 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (24.180.46.200) > Submitted by: kurt > > > On both MacOS X and FreeBSD, I see test047 fail trying to configure the server > via cn=config. Both built using ./configure --enable-backends > --enable-overlays, nothing fancy. > > Cleaning up test run directory leftover from previous run. > Running ./scripts/test049-sync-config... > running defines.sh > Starting producer slapd on TCP/IP port 9011... > Using ldapsearch to check that producer slapd is running... > Inserting syncprov overlay on producer... > Starting consumer slapd on TCP/IP port 9012... > Using ldapsearch to check that consumer slapd is running... > Configuring syncrepl on consumer... > Waiting 10 seconds for syncrepl to receive changes... > Using ldapsearch to check that syncrepl received config changes... > Adding schema and databases on producer... I see the same result on FreeBSD 6.2. It appears to be because libfetch was detected by configure and used here, and libfetch failed to open the FILE URLs that load the necessary schema. > ldapadd failed for database config (21)! > > where test.out contains: > ldap_add: Invalid syntax (21) > additional info: olcSuffix: value #0 invalid per syntax > > and the LDIF was: > dn: olcDatabase={1}bdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcbdbConfig > olcDatabase: {1}bdb > olcSuffix: dc=example,dc=com > olcDbDirectory: ./db > olcRootDN: cn=Manager,dc=example,dc=com > olcRootPW: secret > olcSyncRepl: rid=002 provider=ldap://localhost:9011/ > binddn="cn=Manager,dc=example,dc=com" bindmethod=simple > credentials=secret searchbase="dc=example,dc=com" type=refreshOnly > interval=00:00:00:10 > olcUpdateRef: ldap://localhost:9011/ > > dn: olcOverlay=syncprov,olcDatabase={1}bdb,cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcSyncProvConfig > olcOverlay: syncprov > > > > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5117) test049/test050 failures
by kurt＠OpenLDAP.org 01 Sep '07

01 Sep '07

Full_Name: Kurt Zeilenga Version: HEAD OS: MacoSX 10.4.8/FreeBSD 6.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (24.180.46.200) Submitted by: kurt On both MacOS X and FreeBSD, I see test047 fail trying to configure the server via cn=config. Both built using ./configure --enable-backends --enable-overlays, nothing fancy. Cleaning up test run directory leftover from previous run. Running ./scripts/test049-sync-config... running defines.sh Starting producer slapd on TCP/IP port 9011... Using ldapsearch to check that producer slapd is running... Inserting syncprov overlay on producer... Starting consumer slapd on TCP/IP port 9012... Using ldapsearch to check that consumer slapd is running... Configuring syncrepl on consumer... Waiting 10 seconds for syncrepl to receive changes... Using ldapsearch to check that syncrepl received config changes... Adding schema and databases on producer... ldapadd failed for database config (21)! where test.out contains: ldap_add: Invalid syntax (21) additional info: olcSuffix: value #0 invalid per syntax and the LDIF was: dn: olcDatabase={1}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcbdbConfig olcDatabase: {1}bdb olcSuffix: dc=example,dc=com olcDbDirectory: ./db olcRootDN: cn=Manager,dc=example,dc=com olcRootPW: secret olcSyncRepl: rid=002 provider=ldap://localhost:9011/ binddn="cn=Manager,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=example,dc=com" type=refreshOnly interval=00:00:00:10 olcUpdateRef: ldap://localhost:9011/ dn: olcOverlay=syncprov,olcDatabase={1}bdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov

1 0

Re: (ITS#5114) pcache cache results for searches that hit size/timelimit
by ando＠sys-net.it 01 Sep '07

01 Sep '07

ando(a)sys-net.it wrote: Ralf, This patch should now work as expected. <http://www.sys-net.it/~ando/Download/pcache_sizelimit.patch> Does it harmonize with your improvements? Or, if you prefer, first commit your changes, and I'll harmonize the rest. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5114) pcache cache results for searches that hit size/timelimit
by ando＠sys-net.it 01 Sep '07

01 Sep '07

Howard Chu wrote: > If the client provides a sizelimit, save that away. Forward the request > with no sizelimit, so the cache can see everything. > > If the forwarded request hits a sizelimit, I think we can still use the > result. While there's no guarantee that repeated attempts to search the > remote server would return the exact same set of entries, there's also > no harm done if the cache does so. > > But if the result exceeds the cache's sizelimit, the result set must be > uncached, same as now. Well, I don't quite agree about this. In fact, if we know in advance that the cache can only cache up to <entry_limit>, removing the client requested size limit might lead to waste of resources, because a search could then potentially return much many entries than <entry_limit>, which wouldn't be cached nor returned to the client, thus defeating the purpose of caching. So if the client requests a sizelimit <client_sl>, we should: if <client_sl> > <entry_limit>, leave it in place. If less than <entry_limit> entries result, fine; if less than <client_sl> entries result, fine but don't cache; otherwise, return LDAP_SIZELIMIT_EXCEEDED. if <client_sl> < <entry_limit>, set size limit to <entry_limit>. If less than <client_sl> entries result, fine; if less than <entry_limit> entries result, return LDAP_SIZE_LIMIT, but keep caching; otherwise, don't cache at all. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs