- openldap-bugs - openldap.org

Re: (ITS#4860) Sets' enhancement
by ando＠sys-net.it 13 Sep '07

13 Sep '07

> I've tested your latest commit, and most of our tests now run great. > However, I still get a segault with the two rules below. Please note > that this segfault only happens when *both* rules are present, each one > by itself does not cause a segfault : > >> access to dn.sub="ou=Affectations,dc=linagora,dc=org" >> attrs=sigleAbrege,labeledURI,mailRoutingAddress,telephoneNumber,facsimileTelephoneNumber,entry >> by set="([ldap:///] + (([ldap:///] + ((([ldap:///] + this + >> [??base?(|(objectClass=affectationLiee)(objectClass=affectationSemiLibre))])/entryDN)/-0) >> + [??base?])/responsable) + >> [??base?(|(administrateurResponsable=] + user + >> [)(administrateur=] + user + [)(membre=] + user + [))])/entryDN" >> +rscx >> by * break > >> access to dn.sub="ou=Affectations,dc=linagora,dc=org" >> attrs=domaineMessagerie,finValidite,identifiantHarpegeStructure,responsable,objectClass,entry >> by set="[ldap:///] + (((([ldap:///] + this + >> [??base?(|(objectClass=affectationLiee)(objectClass=affectationSemiLibre))])/entryDN)/-100) >> & ((([ldap:///] + user + >> [??base?(objectClass=personnel)])/entryDN)/-100)) + >> [??sub?entryDN=] + user/entryDN" +rscx >> by * break > > I'm afraid that we use quite a few specific schemas so you may not be > able to reproduce this easily. However, I hope these rules will enable > you to determine the problematic case. If necessary, I could prepare a > data and schema extract to reproduce the problem. That would help, but before you do it, could you please post a backtrace of the stack when the issue occurs? In case this doesn't suffice, and I can't figure things out myself, I'll ask you to provide a self-contained set of data that causes the issue. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4860) Sets' enhancement
by jclarke＠linagora.com 13 Sep '07

13 Sep '07

ando(a)sys-net.it a écrit : > raphael.ouazana(a)linagora.com wrote: > >> It seems OK with HEAD, but only if I revert this patch: >> http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/sets.c.diff?r1=1.28.… >> >> With this patch, I get a segfault. > > I have just committed a cleanup of the slap_set_join() function that > should be consistent. It should fix a leak in case of '&' on > overlapping sets, and consistently handle memory. Can you please test > it and point out failures? If you get any, please post the rules that > cause them, as those I could design worked fine (tested with valgrind). I am one of Raphael's colleagues, answering on his behalf. I've tested your latest commit, and most of our tests now run great. However, I still get a segault with the two rules below. Please note that this segfault only happens when *both* rules are present, each one by itself does not cause a segfault : > access to dn.sub="ou=Affectations,dc=linagora,dc=org" attrs=sigleAbrege,labeledURI,mailRoutingAddress,telephoneNumber,facsimileTelephoneNumber,entry > by set="([ldap:///] + (([ldap:///] + ((([ldap:///] + this + [??base?(|(objectClass=affectationLiee)(objectClass=affectationSemiLibre))])/entryDN)/-0) + [??base?])/responsable) + [??base?(|(administrateurResponsable=] + user + [)(administrateur=] + user + [)(membre=] + user + [))])/entryDN" +rscx > by * break > access to dn.sub="ou=Affectations,dc=linagora,dc=org" attrs=domaineMessagerie,finValidite,identifiantHarpegeStructure,responsable,objectClass,entry > by set="[ldap:///] + (((([ldap:///] + this + [??base?(|(objectClass=affectationLiee)(objectClass=affectationSemiLibre))])/entryDN)/-100) & ((([ldap:///] + user + [??base?(objectClass=personnel)])/entryDN)/-100)) + [??sub?entryDN=] + user/entryDN" +rscx > by * break I'm afraid that we use quite a few specific schemas so you may not be able to reproduce this easily. However, I hope these rules will enable you to determine the problematic case. If necessary, I could prepare a data and schema extract to reproduce the problem. Regards, Jon -- Jonathan Clarke Cellule OSSA - Groupe LINAGORA 27 rue de Berri, 75008 Paris Tél: 01 58 18 68 28, fax: 01 58 18 68 29 http://www.linagora.com - http://www.08000linux.com

1 0

Re: (ITS#5069) SyncRepl on request
by ando＠sys-net.it 12 Sep '07

12 Sep '07

hadmut(a)danisch.de wrote: > Therefore, slapd should have a client mode where the SyncRepl process is > performed only on request, but then immediately. There should be an external > trigger to pull, e.g. send a signal oder do a special LDAP request. slapd should > then start a SyncRepl. A simple approach to performing what require is to use back-config to re-configure syncrepl for the consumer database; this should trigger an immediate sync. The trigger would then be a LDAPModify replace on the olcSyncrepl attribute of the database entry. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4860) Sets' enhancement
by ando＠sys-net.it 10 Sep '07

10 Sep '07

raphael.ouazana(a)linagora.com wrote: > It seems OK with HEAD, but only if I revert this patch: > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/sets.c.diff?r1=1.28.… > > With this patch, I get a segfault. I have just committed a cleanup of the slap_set_join() function that should be consistent. It should fix a leak in case of '&' on overlapping sets, and consistently handle memory. Can you please test it and point out failures? If you get any, please post the rules that cause them, as those I could design worked fine (tested with valgrind). > >> And, could you >> document it on the FAQ, please? > > Done: http://www.openldap.org/faq/data/cache/1133.html. Does it seems > good for you ? Well, I'd prefer you to merge your comments with the existing, giant one. The contents look fine (although I'm not a native English speaker), except for one consideration: for consistency, "/-0" should return the DN untouched (although useless); perhaps "/-*" or something like that could be used to explode the DN into all ancestors. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4860) Sets' enhancement
by ando＠sys-net.it 10 Sep '07

10 Sep '07

raphael.ouazana(a)linagora.com wrote: > Le Lun 10 septembre 2007 00:12, Pierangelo Masarati a écrit : >> raphael.ouazana(a)linagora.com wrote: >> >>> Do you think this patch has any chance to be accepted for future 2.4? >> Applied (with minor changes) to HEAD, please test. > > It seems OK with HEAD, but only if I revert this patch: > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/sets.c.diff?r1=1.28.… > > With this patch, I get a segfault. I think that's somehow related to ITS#4873, which I should definitely take time to solve. Unfortunately, with the proposed patch I see a leak, and I couldn't find time to track it down. > >> And, could you >> document it on the FAQ, please? > > Done: http://www.openldap.org/faq/data/cache/1133.html. Does it seems > good for you ? > >> One improvement that could be applied >> is to allow numbers larger than 9... > > As far as I know, there is no such limitation... Then I probably misinterpreted that bit of parsing. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4860) Sets' enhancement
by raphael.ouazana＠linagora.com 10 Sep '07

10 Sep '07

Le Lun 10 septembre 2007 00:12, Pierangelo Masarati a écrit : > raphael.ouazana(a)linagora.com wrote: > >> Do you think this patch has any chance to be accepted for future 2.4? > > Applied (with minor changes) to HEAD, please test. It seems OK with HEAD, but only if I revert this patch: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/sets.c.diff?r1=1.28.… With this patch, I get a segfault. > And, could you > document it on the FAQ, please? Done: http://www.openldap.org/faq/data/cache/1133.html. Does it seems good for you ? > One improvement that could be applied > is to allow numbers larger than 9... As far as I know, there is no such limitation... Regards, Raphael Ouazana.

1 0

Re: (ITS#4860) Sets' enhancement
by ando＠sys-net.it 10 Sep '07

10 Sep '07

raphael.ouazana(a)linagora.com wrote: > Do you think this patch has any chance to be accepted for future 2.4? Applied (with minor changes) to HEAD, please test. And, could you document it on the FAQ, please? One improvement that could be applied is to allow numbers larger than 9... p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#4860) Sets' enhancement
by raphael.ouazana＠linagora.com 09 Sep '07

09 Sep '07

Hi, I have uploaded a new version of this patch: ftp://ftp.openldap.org/incoming/raphael-ouazana-070906.patch Now /-0 allows to get all the parents of an entry. So to keep the example where user is cn=user,ou=people,dc=example,dc=com: user/-0 : resolves to set { "cn=user,ou=people,dc=example,dc=com" , "ou=people,dc=example,dc=com", "dc=example,dc=com" , "dc=com" , "" } In fact it was already possible to do that with sets with filters using entryDN:dnSuperiorMatch, but it was really slower (in 2.3 as in HEAD). Do you think this patch has any chance to be accepted for future 2.4? Regards, Raphael Ouazana. Legal notice : This patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in this following patch were developed by Raphael Ouazana raphael.ouazana(a)linagora.com. These modifications are not subject to any license of Linagora. The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2007 Raphael Ouazana, Linagora Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License.

1 0

Re: (ITS#5130) "Reply" oddities
by kurt＠OpenLDAP.org 08 Sep '07

08 Sep '07

On Sep 8, 2007, at 10:02 AM, ando(a)sys-net.it wrote: > Full_Name: Pierangelo Masarati > Version: none > OS: none > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (131.175.154.35) > Submitted by: ando > > > When hitting "reply" from the ITS, messages are not sent to the > mailing list, > even if openldap-its(a)openldap.org is added to the CC field. Kind of by (broken) design. A reply is intended to be used to send a note directly to the submitter. It's broken in that you need to change the from header to openldap-its(a)openldap.org for any follow-up to be returned to openldap-its(a)openldap.org. If you want to reply-all, reply-all to the copy forwarded to openldap-bugs(a)openldap.org.

1 0

Re: (ITS#5130) "Reply" oddities
by ghenry＠suretecsystems.com 08 Sep '07

08 Sep '07

<quote who="ando(a)sys-net.it"> > ghenry(a)suretecsystems.com wrote: > >>> When hitting "reply" from the ITS, messages are not sent to the mailing >>> list, >>> even if openldap-its(a)openldap.org is added to the CC field. >>> >> >> Testing. > > I've received yours (twice, as usual), but I don't receive mine. This is a reply via a normal mail client to openldap-its only, not cc'd to you. > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: pierangelo.masarati(a)sys-net.it > --------------------------------------- > > > >

1 0

Re: (ITS#5130) "Reply" oddities
by ando＠sys-net.it 08 Sep '07

08 Sep '07

ghenry(a)suretecsystems.com wrote: >> When hitting "reply" from the ITS, messages are not sent to the mailing >> list, >> even if openldap-its(a)openldap.org is added to the CC field. >> > > Testing. I've received yours (twice, as usual), but I don't receive mine. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5130) "Reply" oddities
by ghenry＠suretecsystems.com 08 Sep '07

08 Sep '07

<quote who="ando(a)sys-net.it"> > Full_Name: Pierangelo Masarati > Version: none > OS: none > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (131.175.154.35) > Submitted by: ando > > > When hitting "reply" from the ITS, messages are not sent to the mailing > list, > even if openldap-its(a)openldap.org is added to the CC field. > Testing.

1 0

(ITS#5130) "Reply" oddities
by ando＠sys-net.it 08 Sep '07

08 Sep '07

Full_Name: Pierangelo Masarati Version: none OS: none URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.175.154.35) Submitted by: ando When hitting "reply" from the ITS, messages are not sent to the mailing list, even if openldap-its(a)openldap.org is added to the CC field.

1 0

Re: (ITS#5120) slapadd -q makes database logs unusable
by ando＠sys-net.it 08 Sep '07

08 Sep '07

hyc(a)symas.com wrote: > ando(a)sys-net.it wrote: >> hyc(a)symas.com wrote: >>> ando(a)sys-net.it wrote: >>>> When slapadd'ing -q, existing database log files seem to become unusable. If >>>> this is correct, as it seems to be, slapadd could refuse to start with -q if log >>>> files are present, or, for example, remove the logs if -qq. >>> I guess we could add that check. The docs already say that if an error occurs, >>> the entire database will be unusable. As such, you should only use it for >>> initially populating a database, not for adding to an existing one. >> The story is that I placed logs in a separate directory and I forgot to >> clean them up when regenerating the DB after removing the database files :) > > Ugh. I don't see how we can reliably detect this case. > > In what way do the logs become unusable? I've tried to reproduce this situation > and see no errors of any kind. > > E.g., sh run test001 > rm testrun/db.1.a/{alock,*db*} > ../servers/slapd/slapadd -q -f testrun/slapd.1.conf -l testdata/test-ordered.ldif > (the above works fine) > ../servers/slapd/slapd -f testrun/slapd.1.conf ... > (works fine) > > db_stat -h testrun/db.1.a -l > > (no complaints there either) Initially, I thought your check was not much representative, since test001 doesn't do any writes. In my original case, I forgot to mention that DB_LOG_AUTOREMOVE was set. So I tried that configuration and manually ran the load of test008, resulting in creating multiple logs, part of which were removed. Then I ran the commands you suggested above, but nothing happened, so I'm at a loss. In fact, old log files were immediately removed by slapd itself, and log files numbering correctly restarted from where it left. Probably I was chasing a red herring. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5120) slapadd -q makes database logs unusable
by hyc＠symas.com 08 Sep '07

08 Sep '07

ando(a)sys-net.it wrote: > hyc(a)symas.com wrote: >> ando(a)sys-net.it wrote: >>> When slapadd'ing -q, existing database log files seem to become unusable. If >>> this is correct, as it seems to be, slapadd could refuse to start with -q if log >>> files are present, or, for example, remove the logs if -qq. >> I guess we could add that check. The docs already say that if an error occurs, >> the entire database will be unusable. As such, you should only use it for >> initially populating a database, not for adding to an existing one. > > The story is that I placed logs in a separate directory and I forgot to > clean them up when regenerating the DB after removing the database files :) Ugh. I don't see how we can reliably detect this case. In what way do the logs become unusable? I've tried to reproduce this situation and see no errors of any kind. E.g., sh run test001 rm testrun/db.1.a/{alock,*db*} ../servers/slapd/slapadd -q -f testrun/slapd.1.conf -l testdata/test-ordered.ldif (the above works fine) ../servers/slapd/slapd -f testrun/slapd.1.conf ... (works fine) db_stat -h testrun/db.1.a -l (no complaints there either) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5129) slapindex -q corrupts database if the DB_CONFIG file has changed
by hyc＠symas.com 08 Sep '07

08 Sep '07

quanah(a)zimbra.com wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.3.37 > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (71.202.148.128) > > > After getting repeat DB corruptions, I finally tracked down the issue to this: > > If DB_CONFIG has changed since the last time slapd was started, and slapindex -q > is run, the database ends up corrupt. Don't do that. HEAD has been fixed to exit in this situation. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5129) slapindex -q corrupts database if the DB_CONFIG file has changed
by quanah＠zimbra.com 08 Sep '07

08 Sep '07

Full_Name: Quanah Gibson-Mount Version: 2.3.37 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (71.202.148.128) After getting repeat DB corruptions, I finally tracked down the issue to this: If DB_CONFIG has changed since the last time slapd was started, and slapindex -q is run, the database ends up corrupt. For example, I did the following with a perfectly happy slapd: ldap stop Killing slapd with pid 9857 done. cd /opt/zimbra/openldap-data touch DB_CONFIG /opt/zimbra/openldap/sbin/slapindex -b '' -q -f /opt/zimbra/conf/slapd.conf bdb_db_open: DB_CONFIG for suffix has changed. Performing database recovery to activate new settings. bdb(): DB_RECOVER and DB_RECOVER_FATAL require DB_TXN_INIT in DB_ENV->open bdb(): PANIC: Invalid argument bdb_db_open: Database cannot be recovered, err -30978. Restore from backup! backend_startup_one: bi_db_open failed! (-30978) slap_startup failed One of the things this does, is break syncreplication, as it apparently clears out the glue entry. :/ --Quanah

1 0

(ITS#5128) slapd startup fails to note suffix when DB_CONFIG chagnes and suffix is ""
by quanah＠zimbra.com 08 Sep '07

08 Sep '07

Full_Name: Quanah Gibson-Mount Version: 2.3.37 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (71.202.148.128) I noticed that when using the empty suffix, and DB_CONFIG is updated, this gets logged: bdb_db_open: DB_CONFIG for suffix has changed. Note the extra space and lack of suffix.

1 0

Re: ldap_unbind unhandled SIGPIPE (ITS#5127)
by ando＠sys-net.it 07 Sep '07

07 Sep '07

ando(a)sys-net.it wrote: > I've prepared a trivial client that ldap_sasl_bind_s(), holds on while I > shut down the server, ldap_search_ext_s() with LDAP_SERVER_DOWN and > ldap_unbind_ext(). Prior to patching, I always got SIGPIPE. Let me add that the above patch does not work when using ldapi://; in that case, the SIGPIPE occurs when first flushing a request on the broken connection (in sb_stream_write()), while on regular INET sockets the flush succeeds and the SIGPIPE prior to patching was returned much later at unbind. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: ldap_unbind unhandled SIGPIPE (ITS#5127)
by ando＠sys-net.it 07 Sep '07

07 Sep '07

ando(a)sys-net.it wrote: > ando(a)sys-net.it wrote: >> I've seen something similar in recent code. I was just tracking it >> down, so you basically saved me the effort of opening a ticket :). What >> I found so far is that when ldap_unbind(3) is called (which is required >> to release resources after the connection broke), the client library >> tries to send a LDAPUnbind request to the server, even though it just >> got a LDAP_SERVER_DOWN (-1). The behavior seems to be more frequent >> when the connection brakes while using ldapi://, and I couldn't spot the >> difference up to now, I'm just mentioning it in case it rings any bells. > > > What happens is that when try_read1msg() finds out the connection is > broken, it sets ld_errno to LDAP_SERVER_DOWN, but leaves > lc->lconn_status to LDAP_CONNST_CONNECTED, so a subsequent call to > ldap_unbind_ext causes ldap_free_connection() to try sending the > LDAPUnbind anyway. Either we also check that ld->ld_errno is not > LDAP_SERVER_DOWN (provided no one resets it in the meanwhile), or clear > lc->lconn_status as soon as we find out the connection is broken. I'd > go for the second, but probably someone else is more familiar than me > with the library's internals. This is the fix I propose: ========================================== diff -u -r1.154 result.c --- libraries/libldap/result.c 14 Jun 2007 20:35:41 -0000 1.154 +++ libraries/libldap/result.c 7 Sep 2007 20:57:52 -0000 @@ -558,6 +558,14 @@ if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING; #endif ld->ld_errno = LDAP_SERVER_DOWN; +#ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); +#endif + ldap_free_connection( ld, lc, 1, 0 ); +#ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); +#endif + lc = *lcp = NULL; return -1; default: ========================================== I've prepared a trivial client that ldap_sasl_bind_s(), holds on while I shut down the server, ldap_search_ext_s() with LDAP_SERVER_DOWN and ldap_unbind_ext(). Prior to patching, I always got SIGPIPE. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: ldap_unbind unhandled SIGPIPE (ITS#5127)
by ando＠sys-net.it 07 Sep '07

07 Sep '07

ando(a)sys-net.it wrote: > I've seen something similar in recent code. I was just tracking it > down, so you basically saved me the effort of opening a ticket :). What > I found so far is that when ldap_unbind(3) is called (which is required > to release resources after the connection broke), the client library > tries to send a LDAPUnbind request to the server, even though it just > got a LDAP_SERVER_DOWN (-1). The behavior seems to be more frequent > when the connection brakes while using ldapi://, and I couldn't spot the > difference up to now, I'm just mentioning it in case it rings any bells. What happens is that when try_read1msg() finds out the connection is broken, it sets ld_errno to LDAP_SERVER_DOWN, but leaves lc->lconn_status to LDAP_CONNST_CONNECTED, so a subsequent call to ldap_unbind_ext causes ldap_free_connection() to try sending the LDAPUnbind anyway. Either we also check that ld->ld_errno is not LDAP_SERVER_DOWN (provided no one resets it in the meanwhile), or clear lc->lconn_status as soon as we find out the connection is broken. I'd go for the second, but probably someone else is more familiar than me with the library's internals. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: ldap_unbind unhandled SIGPIPE (ITS#5127)
by ando＠sys-net.it 07 Sep '07

07 Sep '07

I've seen something similar in recent code. I was just tracking it down, so you basically saved me the effort of opening a ticket :). What I found so far is that when ldap_unbind(3) is called (which is required to release resources after the connection broke), the client library tries to send a LDAPUnbind request to the server, even though it just got a LDAP_SERVER_DOWN (-1). The behavior seems to be more frequent when the connection brakes while using ldapi://, and I couldn't spot the difference up to now, I'm just mentioning it in case it rings any bells. I think not trapping SIGPIPE is correct, since this should definitely be delegated to the application. But the library itself shouldn't trigger false SIGPIPEs by trying to use a connection it knows it's broken. I'll keep digging. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5127) ldap_unbind unhandled SIGPIPE
by aberry0364＠hotmail.com 07 Sep '07

07 Sep '07

Full_Name: Arlene Berry Version: 2.3.38 OS: Solaris URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (64.221.115.100) I am using OpenLDAP 2.3.38 with Cyrus SASL and MIT Kerberos to communicate with Active Directory on Windows Server 2003 R2. I have been primarily working on Solaris 8 and 9 but we've also seen signs of this problem on Solaris 10, AIX, and HPUX. Initially I was using OpenLDAP 2.3.19 which also had the problem. The sequence of events is that I bind to Active Directory, do a search, and successfully retrieve the results. Then I let my program and the LDAP connection sit idle for at least 15 minutes so that the LDAP connection will time out. Next I have the program do another ldap_search_ext which returns 0 and then ldap_result which returns -1. At this point the program does an ldap_unbind. What the program is supposed to do next is create a new LDAP connection and try the search again. Sometimes it does and sometimes I see an unhandled SIGPIPE error which causes the program to halt. When run under a debugger with the LDAP debug level set to 65535 this is what it shows: ldap_unbind ldap_free_request (origid 8, msgid 8) ldap_free_connection 1 1 ldap_send_unbind t@1 (l@1) signal PIPE (Broken Pipe) in _libc_write at 0xff21e15c 0xff21e15c: _libc_write+0x000c: bgeu _libc_write+0x40 ! 0xff21e190 Current function is sb_stream_write 521 return write( sbiod->sbiod_sb->sb_fd, buf, len ); If I tell the debugger to continue or if I set SIGPIPE to SIG_IGN at the beginning of the program, it appears to continue successfully.

1 0

Re: (ITS#5124) segfault on modify operation by slurpd with rwm overlay
by jclarke＠linagora.com 07 Sep '07

07 Sep '07

Hi Pierangelo, Pierangelo Masarati a écrit : > ando(a)sys-net.it wrote: >> I'll check >> if this could also happen with syncrepl, and try to figure out a >> workaround. > > This is now fixed in HEAD and in re23. Please test. Thanks, p. Just tested in re23, with slurpd, and it works great ! Thanks a lot, Jon -- Jonathan Clarke Cellule OSSA - Groupe LINAGORA 27 rue de Berri, 75008 Paris Tél: 01 58 18 68 28, fax: 01 58 18 68 29 http://www.linagora.com - http://www.08000linux.com

1 0

Re: OpenLdap ERROR: passwd: Authentication token manipulation error (ITS#5125)
by ando＠sys-net.it 07 Sep '07

07 Sep '07

Anne Moore wrote: > No, it's not that easy. Not just untar, configure, etc. Remember, RHEL 4.0 > doesn't support the latest OpenLdap version. So, "tar, configure, etc" would > not do any good. ;-) Wish it did!! I routinely **develop** OpenLDAP on RHEL 4.0; what does in your opinion prevent it from **supporting** the latest OpenLDAP? All you need is a compiler and few tools available with any Linux distribution. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs