- openldap-bugs - openldap.org

Re: (ITS#5070) Issues in X.509 certificate parsing
by ando＠sys-net.it 02 Aug '07

02 Aug '07

ando(a)sys-net.it wrote: > I've an issue with X.509 certificate parsing in HEAD/re24. The certificate, > according to OpenSSL, has a SerialNumber c8:5b:9a:dd:ea:bf:f9:fa and HEAD fails > to parse it because it is an integer with length equal to 9, which is larger > than sizeof(ber_int_t), as tested in ber_getnint() at decode.c:254. The DER > encoded value is: 2 9 0 200 91 154 221 234 191 249 250. Seems to be time > to get past the sizeof(ber_int_t) limitation... ... which would violate RFC 4511 where it states that INTEGER means from 0 up to 2^31-1... I have a simple solution for this problem, at the cost of partially violating rfc 4523: if an integer is larger than 2^31-1, it could be represented in the certificateExactMatch normalization in hexadecimal form, much like OpenSSL does. This would increase interoperability with OpenSSL and be at least self-consistent, since all serialNumbers that large would be consistently expanded that way. Another solution, preserving the decimal representation, would probably require some arbitrary precision support from external libraries. If there's consensus, I'd post my simple patch. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5070) Issues in X.509 certificate parsing
by ando＠sys-net.it 02 Aug '07

02 Aug '07

Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando I've an issue with X.509 certificate parsing in HEAD/re24. The certificate, according to OpenSSL, has a SerialNumber c8:5b:9a:dd:ea:bf:f9:fa and HEAD fails to parse it because it is an integer with length equal to 9, which is larger than sizeof(ber_int_t), as tested in ber_getnint() at decode.c:254. The DER encoded value is: 2 9 0 200 91 154 221 234 191 249 250. Seems to be time to get past the sizeof(ber_int_t) limitation... p.

1 0

Re: (ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by bgmilne＠staff.telkomsa.net 02 Aug '07

02 Aug '07

On Friday 27 July 2007 17:19:26 pbrinette(a)cc.in2p3.fr wrote: > > 1) both 2.0 and 2.2 are ancient. OpenLDAP 2.3 is mature, and 2.4 is > > about to exit beta stage. Unless the problem is related to a real > > software bug, and it persists either in HEAD/2.4 or in 2.3 code, this > > ITS will be closed. > > Currently, I've no mean to use an openldap 2.3 unless exists an RPM > update package for RHEL 4 (or CentOS). There is no update from RHEL or CentOS, but there are these (mine): http://staff.telkomsa.net/packages/rhel4/openldap/ Since you can install them in parallel, the upgrade path is quite easy ... (slapcat|slapadd2.3 after configuration). There is also: http://staff.telkomsa.net/packages/rhel3/openldap/ Regards, Buchan

1 0

(ITS#5069) SyncRepl on request
by hadmut＠danisch.de 01 Aug '07

01 Aug '07

Full_Name: Hadmut Danisch Version: 2.3.35 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (85.180.64.215) This is an enhancement request: When having a distributed LDAP structure with a master and several SyncRepl clients, the clients can do the SyncRepl only on fixed refresh intervals (e.g. type=refreshOnly, interval=00:00:20:00) However, there are many situations where this is inappropriate, e.g. on dial-on connections, roaming notebooks, and things like that. Therefore, slapd should have a client mode where the SyncRepl process is performed only on request, but then immediately. There should be an external trigger to pull, e.g. send a signal oder do a special LDAP request. slapd should then start a SyncRepl. E.g. this could be put in scripts run at connect-time (pppd provides that kind of scripting), or when notebook autoconfiguration detects (e.g. with tools like guessnet) that it is connected to the home network to update it's local slapd. regards Hadmut

1 0

Re: (ITS#5067) olcLogLevel value is incorrect
by ando＠sys-net.it 30 Jul '07

30 Jul '07

Quanah Gibson-Mount wrote: > --On Tuesday, July 31, 2007 4:35 AM +0000 ando(a)sys-net.it wrote: > >> quanah(a)zimbra.com wrote: >>> Full_Name: Quanah Gibson-Mount >>> Version: 2.3.37 >>> OS: NA >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (66.92.25.194) >>> >>> >>> When using cn=config with a slapd.conf driven slapd, the value for >>> olcLogLevel is not correct: >>> >>> ldapsearch -LLL -x -h build -b "cn=config" -s base -D "cn=config" -W >>> olcLogLevel >>> Enter LDAP Password: >>> dn: cn=config >>> olcLogLevel: None >>> >>> However: >>> >>> grep loglevel conf/slapd.conf >>> loglevel 32768 >>> >>> And the logging that is happening is actually for level 32768. >>> Modifying the loglevel works, and once that is done, the right loglevel >>> is shown. However, this makes it impossible to know what loglevel is >>> set via a remote query unless it has been changed. >> >>> From slapd.conf(5), loglevel: >> 32768 (0x8000 none) only messages that get logged >> whatever log level is set >> >> Seems to be correct. > > Yet if I modify it to be "256", then olcLogLevel is "256". If I modify > it to be "32768", then it is "32768". That's because in EMIT the loglevel goes through loglevel2bvarray(), which turns the level into an array of pretty values. You're supposed to modify the loglevel by adding multiple values, each with the descriptive name of the level you're using. The use of loglevel with OR'ed integers is stylistically deprecated. > So if the loglevel setting in > slapd.conf is "32768", then that is what it should match. In any case, > "None" has the unfortunate ring of sounding like an unset value. In LDAP, if the value were unset, the attribute would be missing, which is what you get if, for example, you set loglevel to 0. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5067) olcLogLevel value is incorrect
by quanah＠zimbra.com 30 Jul '07

30 Jul '07

--On Tuesday, July 31, 2007 4:35 AM +0000 ando(a)sys-net.it wrote: > quanah(a)zimbra.com wrote: >> Full_Name: Quanah Gibson-Mount >> Version: 2.3.37 >> OS: NA >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (66.92.25.194) >> >> >> When using cn=config with a slapd.conf driven slapd, the value for >> olcLogLevel is not correct: >> >> ldapsearch -LLL -x -h build -b "cn=config" -s base -D "cn=config" -W >> olcLogLevel >> Enter LDAP Password: >> dn: cn=config >> olcLogLevel: None >> >> However: >> >> grep loglevel conf/slapd.conf >> loglevel 32768 >> >> And the logging that is happening is actually for level 32768. >> Modifying the loglevel works, and once that is done, the right loglevel >> is shown. However, this makes it impossible to know what loglevel is >> set via a remote query unless it has been changed. > >> From slapd.conf(5), loglevel: > 32768 (0x8000 none) only messages that get logged > whatever log level is set > > Seems to be correct. Yet if I modify it to be "256", then olcLogLevel is "256". If I modify it to be "32768", then it is "32768". So if the loglevel setting in slapd.conf is "32768", then that is what it should match. In any case, "None" has the unfortunate ring of sounding like an unset value. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#5067) olcLogLevel value is incorrect
by ando＠sys-net.it 30 Jul '07

30 Jul '07

quanah(a)zimbra.com wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.3.37 > OS: NA > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (66.92.25.194) > > > When using cn=config with a slapd.conf driven slapd, the value for olcLogLevel > is not correct: > > ldapsearch -LLL -x -h build -b "cn=config" -s base -D "cn=config" -W > olcLogLevel > Enter LDAP Password: > dn: cn=config > olcLogLevel: None > > However: > > grep loglevel conf/slapd.conf > loglevel 32768 > > And the logging that is happening is actually for level 32768. Modifying the > loglevel works, and once that is done, the right loglevel is shown. However, > this makes it impossible to know what loglevel is set via a remote query unless > it has been changed. >From slapd.conf(5), loglevel: 32768 (0x8000 none) only messages that get logged whatever log level is set Seems to be correct. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5068) buglet in charray.c
by quanah＠zimbra.com 30 Jul '07

30 Jul '07

--On July 30, 2007 9:28:06 PM +0000 mb(a)g10code.com wrote: > Full_Name: Marcus Brinkmann > Version: 2.1.30 > OS: GNU/Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (87.123.156.61) OpenLDAP 2.1 is no longer a supported release. The current release branch is OpenLDAP 2.3. Please do not file ITSes on dead releases. Thanks. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#5068) buglet in charray.c
by mb＠g10code.com 30 Jul '07

30 Jul '07

Full_Name: Marcus Brinkmann Version: 2.1.30 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (87.123.156.61) This fixes a warning and seems locally correct. I did not check the expected semantics of this code. Thanks, Marcus. diff -ru openldap2-2.1.30-orig/libraries/libldap/charray.c openldap2-2.1.30/libraries/libldap/charray.c --- openldap2-2.1.30-orig/libraries/libldap/charray.c 2003-03-03 18:10:04.000000000 +0100 +++ openldap2-2.1.30/libraries/libldap/charray.c 2007-07-30 23:24:30.000000000 +0200 @@ -183,7 +183,7 @@ i = 1; for ( s = str; *s; s++ ) { - if ( ldap_utf8_strchr( brkstr, s ) != NULL ) { + if ( ldap_utf8_strchr( brkstr, *s ) != NULL ) { i++; } }

1 0

(ITS#5067) olcLogLevel value is incorrect
by quanah＠zimbra.com 30 Jul '07

30 Jul '07

Full_Name: Quanah Gibson-Mount Version: 2.3.37 OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (66.92.25.194) When using cn=config with a slapd.conf driven slapd, the value for olcLogLevel is not correct: ldapsearch -LLL -x -h build -b "cn=config" -s base -D "cn=config" -W olcLogLevel Enter LDAP Password: dn: cn=config olcLogLevel: None However: grep loglevel conf/slapd.conf loglevel 32768 And the logging that is happening is actually for level 32768. Modifying the loglevel works, and once that is done, the right loglevel is shown. However, this makes it impossible to know what loglevel is set via a remote query unless it has been changed.

1 0

Re: Contribution: Active Directory Password Cache (ITS#5042)
by s.hetze＠linux-ag.de 30 Jul '07

30 Jul '07

Hi Gavin, I just uploaded a patch for my contribution as Sebastian-Hetze-070630.patch (sorry for the wrong date) The adpwc as contributed has a dependency to samba3.schema to be present, which is fixed with this patch. The patch also makes adpwc fold realm names to upper case since AD stores them mixed case and gives tickets upper case. I introduced a new config option adpw-cache-keep-realm-case to keep the old behaviour if needed. It looks like I cannot add this patch to ticket #5042, so I ask you to attach it if possible. Thanx alot, Sebastian On Thu, Jul 19, 2007 at 09:48:58AM +0000, Gavin Henry wrote: > Hi, > > This looks like it is in the correct format for our contrib section. Just > testing is needed. As I don't have access to an Active Directory server I can't > test. > > Anyone else? > > Gavin. -- Sebastian Hetze Mitglied des Vorstands Linux Information Systems AG Ehrenbergstr. 19, D-10245 Berlin Fon: +49 30 726238-0, Fax: +49 30 726238-99 s.hetze(a)linux-ag.com, http://www.linux-ag.com ---------------------------------------------------------- Sitz der Gesellschaft: Stefan-George-Ring 8, 81929 München Amtsgericht München: HRB 128 019 Vorstand: Rudolf Strobl, Sebastian Hetze Aufsichtsrat: Michael Tarabochia (Vorsitzender)

1 0

(ITS#5066) ldap error :server down
by jalali_azam＠yahoo.com 30 Jul '07

30 Jul '07

Full_Name: Azam Jalali Version: 2.2.29 OS: windows URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.207.237.38) I installed openldap 2.2.9 and set sldap.conf as following: /////////////////////////////////////////////////////////////////////////// ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/inetorgperson.schema include ./schema/nis.schema include ./schema/dyngroup.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap:/root.openldap.org pidfile ./run/slapd.pid argsfile ./run/slapd.args # Load dynamic backend modules: # modulepath ./libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory ./data # Indices to maintain index objectClass eq access to attr=userpassword by anonymous auth by self write by dn="cn=Manager,dc=my-domain,dc=com" write by * none access to * by dn="cn=Manager,dc=my-domain,dc=com" write by users write by self write by * read by * write /////////////////////////////////////////////////////////////////////////// After running some query on this openldap i got ldap error:server down. This event occurs every time i reinstalled it and ran some query on it? How i fix this error? Thanks in advance Azam Jalali

1 0

Slapd doesn't start after update
by ツ Leandro Sales 27 Jul '07

27 Jul '07

Hello folks... I update the openldap from version 2.2.28-r7 to 2.3.35-r1 using emerge. After update the slapd deamon didn't start. I enabled the log and realized that the problem was the incompatible version of the database. I then downgrade to the 2.2.28 version and when I started slapd I got the message: "/usr/lib64/openldap/slapd: error while loading shared libraries: liblber-2.3.so.0: cannot open shared object file: No such file or directory". I then reinstall and this problem doesn't happen anymore, but slapd still doesn't start and print the following messages in the log file: Jul 27 17:55:11 embedded slapd[2957]: bdb_db_init: Initializing BDB database Jul 27 17:55:11 embedded slapd[2958]: bdb(o=Embedded,c=BR): Program version 4.5 doesn't match environment version 0.22 Jul 27 17:55:11 embedded slapd[2958]: bdb_db_open: dbenv_open failed: DB_VERSION_MISMATCH: Database environment version mismatch (-30972) Jul 27 17:55:11 embedded slapd[2958]: backend_startup: bi_db_open failed! (-30972) Jul 27 17:55:11 embedded slapd[2958]: bdb(o=Embedded,c=BR): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem Jul 27 17:55:11 embedded slapd[2958]: bdb(o=Embedded,c=BR): txn_checkpoint interface requires an environment configured for the transaction subsystem Jul 27 17:55:11 embedded slapd[2958]: bdb_db_destroy: txn_checkpoint failed: Invalid argument (22) Please, help me on this. []s Leandro.

2 1

Re: (ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by ando＠sys-net.it 27 Jul '07

27 Jul '07

ando(a)sys-net.it wrote: > What would make things totally different is the persistence of a problem > in 2.3 and 2.4. But the very existence of a problem has to be proven > yet. If you look at my analysis with dntest, you'll see that your DN I confirm that using the schema extracted from <ldap://cclcgtopbdii01.in2p3.fr:2170/>, 2.3/2.4 slapdn can successfully handle the offending DN: $ slapdn \ 'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid' DN: <GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid> check succeeded normalized: <GlueVOViewLocalID=/vo\3Dswetest/group\3D/swetest/role\3Dswadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,Mds-Vo-name=uporto,Mds-Vo-name=local,o=grid> pretty: <GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,Mds-Vo-name=UPorto,Mds-Vo-name=local,o=grid> I'd consider this ITS closed. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5065) out of order ctxcsn from old entryCSN
by donn＠u.washington.edu 27 Jul '07

27 Jul '07

Full_Name: Donn Cave Version: 2.4.4 OS: RH Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.95.135.150) Old entryCSN values imported into the data from another server, can crash replicas. In loop at top of syncrepl_updateCookie, replica encounters a syncCookie whose value is less than its matching si_cookieState->cs_val. This breaks out of the inner loop, and the outer loop, without copying anything into `first', so slap_queue_csn crashes on the null csn. Both are element 0 of their respective arrays. I assume it is no surprise that syncCookie takes its value from an entryCSN attribute. To duplicate, add an entry with an explicit entryCSN, with value less than the current contextCSN. In my case, the entryCSN is of the format without the `decimal fraction' field, but I doubt that matters. I don't want to say OpenLDAP needs to support this, but maybe it would be better to catch the problem in the master, than crash the replicas.

1 0

Re: (ITS#5058) LDAP/Egroupware addressbook issue
by ando＠sys-net.it 27 Jul '07

27 Jul '07

chandra(a)sentienthealth.com wrote: > Jul 23 13:39:35 shs slapd[20739]: SRCH "o=sen,dc=domainname,dc=com" 2 0 > Jul 23 13:39:35 shs slapd[20739]: 300 0 0 > Jul 23 13:39:35 shs slapd[20739]: begin get_filter > Jul 23 13:39:35 shs slapd[20739]: OR > Jul 23 13:39:35 shs slapd[20739]: begin get_filter_list > Jul 23 13:39:35 shs slapd[20739]: begin get_filter > Jul 23 13:39:35 shs slapd[20739]: EQUALITY > > Its stop here and hang and we have to restart ldap to make it work. Seems to be related to filter parsing, but we don't get any logging about the filter, and there's too little information to detect what's the issue. You might add "packets" to the log level to see what actually gets sent along with the request (beware that log level will be very verbose, then), and post the output concerning the sole initiation of the search request up to the hang. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5062) back-sql with non-integer keycol's
by ando＠sys-net.it 27 Jul '07

27 Jul '07

lehner(a)webdynamite.com wrote: > Full_Name: GeorgLehner > Version: 2.3.30 > OS: Debian Gnu/Linux i386 > URL: > Submission from: (NULL) (83.64.52.210) > > > The slapd-sql(5) man page states: > > '- the key must be an integer. ... > If anyone needs support for different types for keys > - he may want to write a patch,' > > I am configuring back-sql as a frontend to the SugarCRM Customer Database. > SugarCRM uses UUID's as keys: > > http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#functio… > > so I want (to write) a patch. Can you please give me some hint where > to start? Actually, I think this has been already implemented (although possibly experimental). You need to rebuild back-sql after manually defining BACKSQL_ARBITRARY_KEY in <servers/slapd/back-sql/back-sql.h>. In that case, however, all keys need to be strings. Please test and report. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5062) back-sql with non-integer keycol's
by ando＠sys-net.it 27 Jul '07

27 Jul '07

lehner(a)webdynamite.com wrote: > Full_Name: GeorgLehner > Version: 2.3.30 > OS: Debian Gnu/Linux i386 > URL: > Submission from: (NULL) (83.64.52.210) > > > The slapd-sql(5) man page states: > > '- the key must be an integer. ... > If anyone needs support for different types for keys > - he may want to write a patch,' > > I am configuring back-sql as a frontend to the SugarCRM Customer Database. > SugarCRM uses UUID's as keys: > > http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#functio… > > so I want (to write) a patch. Can you please give me some hint where > to start? Actually, I think this has been already implemented (although possibly experimental). You need to rebuild back-sql after manually defining BACKSQL_ARBITRARY_KEY in <servers/slapd/back-sql/back-sql.h>. In that case, however, all keys need to be strings. Please test and report. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by ando＠sys-net.it 27 Jul '07

27 Jul '07

Pierre-Emmanuel Brinette wrote: > > > 1) both 2.0 and 2.2 are ancient. OpenLDAP 2.3 is mature, and 2.4 is > > about to exit beta stage. Unless the problem is related to a real > > software bug, and it persists either in HEAD/2.4 or in 2.3 code, this > > ITS will be closed. > > Currently, I've no mean to use an openldap 2.3 unless exists an RPM > update package for RHEL 4 (or CentOS). > > But the problem is that the request like > "attribute=a_string=another_string,..." worked fine with openldap 2.0 > but not with openldap 2.2. I'm not sure I made the point: both 2.0 and 2.2 are ancient. The fact that something worked with 2.0 doesn't prove anything, as that software was very poor in validating things, and very forgiving with respect to syntax and specs compliance errors (which I value as a defect, while others might see it as a "feature"). The fact that something does no longer work with 2.2 while it worked with 2.0 is a pity, but it doesn't mean anything as well. Either (a) 2.0 was wrong, and 2.2 correctly detects an error, or (b) 2.0 was right, and 2.2 introduced a bug, or (c) both were plainly wrong. In any case 2.2 is historical and no longer supported, so in cases (b) and (c) no one on the OpenLDAP side is going to fix 2.2. You could try asking the distributor of the packages you're using (YMMV). What would make things totally different is the persistence of a problem in 2.3 and 2.4. But the very existence of a problem has to be proven yet. If you look at my analysis with dntest, you'll see that your DN 'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid' is split in ldap_rdn2str() = "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\ 3Dswadmin" ldap_rdn2str() = "GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge -swetest" ldap_rdn2str() = "mds-vo-name=UPorto" ldap_rdn2str() = "mds-vo-name=local" ldap_rdn2str() = "o=grid" Is this what you'd expect? Note that in GlueVOViewLocalID embedded '=' are expanded as '\3D'. If any of the commas/equals in the DN are actually parts of the IA5 string, you'll need to escape them to have them parsed as expected. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by pbrinette＠cc.in2p3.fr 27 Jul '07

27 Jul '07

> 1) both 2.0 and 2.2 are ancient. OpenLDAP 2.3 is mature, and 2.4 is > about to exit beta stage. Unless the problem is related to a real > software bug, and it persists either in HEAD/2.4 or in 2.3 code, this > ITS will be closed. Currently, I've no mean to use an openldap 2.3 unless exists an RPM update package for RHEL 4 (or CentOS). But the problem is that the request like "attribute=a_string=another_string,..." worked fine with openldap 2.0 but not with openldap 2.2. [..CUT..] > > 2) were GlueCEUniqueID and mds-vo-name declared anywhere? There seems > to be nothing wrong with your DN per se; in fact, dntest yields [..CUT..] > > But apparently some attribute declarations are missing; in fact, slapdn > (after declaring GlueVOViewLocalID as indicated above) yields > > slapdn -f testrun/slapd.1.conf > 'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid' > > DN: > <GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid> > check failed 21 (Invalid syntax) > > where the failure refers exactly to the fact that GlueCEUniqueID was not > declared. > If you want some informations regarding the schema used, you will find here : http://glueschema.forge.cnaf.infn.it/Spec/V13 And you ca download the schema here : https://forge.cnaf.infn.it/plugins/scmsvn/viewcvs.php/v_1_3/mapping/ldap/sc… if you want to import some datas with slapadd, you could find here a reference ldiff file : ldap://cclcgtopbdii01.in2p3.fr:2170/ root : o=grid Regards. Pierre-Emmanuel -- Pierre-Emmanuel Brinette Grid computing - EGEE/LCG team IN2P3/CNRS Computing Centre - Lyon (France) 27 bd du 11 novembre, F-69622 Villeurbanne cedex pbrinette(a)cc.in2p3.fr - Tél. : +33 (0) 4 78 93 08 80

1 0

Re: (ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by ando＠sys-net.it 27 Jul '07

27 Jul '07

pbrinette(a)cc.in2p3.fr wrote: > Openldap is used as information provider in a GRID middleware project > (http://www.eu-egee.org/). This information provider is known as BDII. > > The information about grid nodes are published via openldap. > > Until now, the platform supported by the middleware is Scientific Linux 3 (a > RHEL 3 clone like CentOS). The openldap version provided with this system is > openldap 2.0.27. > > We updated our systems with Scientific Linux 4.4 (RHEL 4.4) for new hardware > support. The openldap version provided is now 2.2.13. > > When I put the new service in production, I find some issues with some > attributes that disappears from the directory. > > In our openldap schema, we have an attribute declared like this: > > attributetype ( 1.3.6.1.4.1.8005.100.2.2.7.1 > NAME 'GlueVOViewLocalID' > DESC 'Local ID for this VO view' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE) > > > This attribute may containt string like these: > > GlueVOViewLocalID=dteam > GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin, > > It seem that theses both sample strings are IA5 compliant. > > When I ask the openldap server with this request, Ive got different results > regarding the openldap version : > > ------------ Openldap 2.0.27 ----------------------- > > ldapsearch -x -P3 -H ldap://cclcgtopbdii01.in2p3.fr:2170 -b > "GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid" > version: 2 > > # > # filter: (objectclass=*) > # requesting: ALL > # > > # /VO=swetest/GROUP=/swetest/ROLE=swadmin, grid001.fc.up.pt:2119/jobmanager-l > cgsge-swetest, UPorto, local, grid > dn: GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=g > rid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name > =local,o=grid > objectClass: GlueCETop > objectClass: GlueVOView > objectClass: GlueCEInfo > objectClass: GlueCEState > objectClass: GlueCEAccessControlBase > objectClass: GlueCEPolicy > objectClass: GlueKey > objectClass: GlueSchemaVersion > GlueVOViewLocalID: /VO=swetest/GROUP=/swetest/ROLE=swadmin > GlueCEAccessControlBaseRule: VOMS:/VO=swetest/GROUP=/swetest/ROLE=swadmin > GlueCEAccessControlBaseRule: DENY:dteam > GlueCEAccessControlBaseRule: DENY:ops > GlueCEAccessControlBaseRule: DENY:swetest > GlueCEAccessControlBaseRule: DENY:/VO=dteam/GROUP=/dteam/ROLE=lcgadmin > GlueCEAccessControlBaseRule: DENY:/VO=dteam/GROUP=/dteam/ROLE=production > GlueCEAccessControlBaseRule: DENY:/VO=ops/GROUP=/ops/ROLE=lcgadmin > GlueCEStateRunningJobs: 0 > GlueCEStateWaitingJobs: 0 > GlueCEStateTotalJobs: 0 > GlueCEStateFreeJobSlots: 22 > GlueCEStateEstimatedResponseTime: 0 > GlueCEStateWorstResponseTime: 0 > GlueCEInfoDefaultSE: hades.up.pt > GlueCEInfoApplicationDir: /vosoft/swetestsoft > GlueCEInfoDataDir: unset > GlueChunkKey: GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest > GlueSchemaVersionMajor: 1 > GlueSchemaVersionMinor: 2 > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > > --------------------- openldap 2.2.13 ------------------------ > > ldapsearch -P3 -x -H ldap://cclcgtopbdii02.in2p3.fr:2170 -b > "GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid" > version: 2 > > # > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 34 Invalid DN syntax > text: invalid DN > > # numResponses: 1 > > --------------------------------------------------- > > > > Each time a dn contain an attribute of the following form : > "attribute=a_string=another_string,..." (eg: > "/VO=swetest/GROUP=/swetest/ROLE=swadmin") openldap 2.2 produce an error "could > not parse entry" > > In fact, each time the attribute value contain more that one equal ("=") > character, openldap failed to handle the string, even though this character is > included in the IA5 table. > > Best regards. > > 1) both 2.0 and 2.2 are ancient. OpenLDAP 2.3 is mature, and 2.4 is about to exit beta stage. Unless the problem is related to a real software bug, and it persists either in HEAD/2.4 or in 2.3 code, this ITS will be closed. 2) were GlueCEUniqueID and mds-vo-name declared anywhere? There seems to be nothing wrong with your DN per se; in fact, dntest yields $ dntest \ 'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid' ldap_rdn2str() = "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\ 3Dswadmin" ldap_rdn2str() = "GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge -swetest" ldap_rdn2str() = "mds-vo-name=UPorto" ldap_rdn2str() = "mds-vo-name=local" ldap_rdn2str() = "o=grid" ldap_dn2str(ldap_str2dn("GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadm in,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UP orto,mds-vo-name=local,o=grid")) = "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin,GlueC EUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds -vo-name=local,o=grid" ldap_dn2domain("GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCE UniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds- vo-name=local,o=grid") = "" ldap_dn2ufn("GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUni queID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo- name=local,o=grid") = "/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin, grid001.fc.up.pt:2119/ jobmanager-lcgsge-swetest, UPorto, local, grid" ldap_dn2dcedn("GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEU niqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-v o-name=local,o=grid") = "/o=grid/mds-vo-name=local/mds-vo-name=UPorto/GlueCEUniqueID=grid001.f c.up.pt:2119\/jobmanager-lcgsge-swetest/GlueVOViewLocalID=\/VO\=swetest\/GROUP\= \/swetest\/ROLE\=swadmin" ldap_dcedn2dn("/o=grid/mds-vo-name=local/mds-vo-name=UPorto/GlueCEUniqueID=grid0 01.fc.up.pt:2119\/jobmanager-lcgsge-swetest/GlueVOViewLocalID=\/VO\=swetest\/GRO UP\=\/swetest\/ROLE\=swadmin") = "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin,GlueC EUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds -vo-name=local,o=grid" ldap_dn2ad_canonical("GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin, GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPort o,mds-vo-name=local,o=grid") = "grid/local/UPorto/grid001.fc.up.pt:2119\/jobmanager-lcgsge-swetest/\/ VO\=swetest\/GROUP\=\/swetest\/ROLE\=swadmin/" ldap_explode_dn("GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin ,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPor to,mds-vo-name=local,o=grid"): "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin" ldap_explode_rdn("GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\ 3Dswadmin") 'GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin ' ldap_explode_rdn("GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\ 3Dswadmin") (no types) "/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin" "GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest" ldap_explode_rdn("GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge -swetest") 'GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest' ldap_explode_rdn("GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge -swetest") (no types) "grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest" "mds-vo-name=UPorto" ldap_explode_rdn("mds-vo-name=UPorto") 'mds-vo-name=UPorto' ldap_explode_rdn("mds-vo-name=UPorto") (no types) "UPorto" "mds-vo-name=local" ldap_explode_rdn("mds-vo-name=local") 'mds-vo-name=local' ldap_explode_rdn("mds-vo-name=local") (no types) "local" "o=grid" ldap_explode_rdn("o=grid") 'o=grid' ldap_explode_rdn("o=grid") (no types) "grid" ldap_explode_dn("GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin ,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPor to,mds-vo-name=local,o=grid") (no types): "/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin" "grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest" "UPorto" "local" "grid" "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin,GlueCEUniqueID= grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=l ocal,o=grid" == "GlueVOViewLocalID=/VO\3Dswetest/GROUP\3D/swetest/ROLE\3Dswadmin,Glu eCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,m ds-vo-name=local,o=grid" ? yes But apparently some attribute declarations are missing; in fact, slapdn (after declaring GlueVOViewLocalID as indicated above) yields slapdn -f testrun/slapd.1.conf 'GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid' DN: <GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid> check failed 21 (Invalid syntax) where the failure refers exactly to the fact that GlueCEUniqueID was not declared. p. PS: don't look for those tools in ancient software; they've been introduced only in recent times (dntest: October 2001; slapdn: March 2004). Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

(ITS#5064) Issues with openldap 2.2 (Error 34 Invalid DN syntax )
by pbrinette＠cc.in2p3.fr 27 Jul '07

27 Jul '07

Full_Name: Pierre-Emmanuel Brinette Version: 2.2.13 (openldap-2.2.13-6.4E) OS: Scientific Linux 4.4 (RHEL 4.4 clone) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (134.158.71.215) Hello, Openldap is used as information provider in a GRID middleware project (http://www.eu-egee.org/). This information provider is known as BDII. The information about grid nodes are published via openldap. Until now, the platform supported by the middleware is Scientific Linux 3 (a RHEL 3 clone like CentOS). The openldap version provided with this system is openldap 2.0.27. We updated our systems with Scientific Linux 4.4 (RHEL 4.4) for new hardware support. The openldap version provided is now 2.2.13. When I put the new service in production, I find some issues with some attributes that disappears from the directory. In our openldap schema, we have an attribute declared like this: attributetype ( 1.3.6.1.4.1.8005.100.2.2.7.1 NAME 'GlueVOViewLocalID' DESC 'Local ID for this VO view' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) This attribute may containt string like these: GlueVOViewLocalID=dteam GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin, It seem that theses both sample strings are IA5 compliant. When I ask the openldap server with this request, Ive got different results regarding the openldap version : ------------ Openldap 2.0.27 ----------------------- ldapsearch -x -P3 -H ldap://cclcgtopbdii01.in2p3.fr:2170 -b "GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid" version: 2 # # filter: (objectclass=*) # requesting: ALL # # /VO=swetest/GROUP=/swetest/ROLE=swadmin, grid001.fc.up.pt:2119/jobmanager-l cgsge-swetest, UPorto, local, grid dn: GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=g rid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name =local,o=grid objectClass: GlueCETop objectClass: GlueVOView objectClass: GlueCEInfo objectClass: GlueCEState objectClass: GlueCEAccessControlBase objectClass: GlueCEPolicy objectClass: GlueKey objectClass: GlueSchemaVersion GlueVOViewLocalID: /VO=swetest/GROUP=/swetest/ROLE=swadmin GlueCEAccessControlBaseRule: VOMS:/VO=swetest/GROUP=/swetest/ROLE=swadmin GlueCEAccessControlBaseRule: DENY:dteam GlueCEAccessControlBaseRule: DENY:ops GlueCEAccessControlBaseRule: DENY:swetest GlueCEAccessControlBaseRule: DENY:/VO=dteam/GROUP=/dteam/ROLE=lcgadmin GlueCEAccessControlBaseRule: DENY:/VO=dteam/GROUP=/dteam/ROLE=production GlueCEAccessControlBaseRule: DENY:/VO=ops/GROUP=/ops/ROLE=lcgadmin GlueCEStateRunningJobs: 0 GlueCEStateWaitingJobs: 0 GlueCEStateTotalJobs: 0 GlueCEStateFreeJobSlots: 22 GlueCEStateEstimatedResponseTime: 0 GlueCEStateWorstResponseTime: 0 GlueCEInfoDefaultSE: hades.up.pt GlueCEInfoApplicationDir: /vosoft/swetestsoft GlueCEInfoDataDir: unset GlueChunkKey: GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest GlueSchemaVersionMajor: 1 GlueSchemaVersionMinor: 2 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 --------------------- openldap 2.2.13 ------------------------ ldapsearch -P3 -x -H ldap://cclcgtopbdii02.in2p3.fr:2170 -b "GlueVOViewLocalID=/VO=swetest/GROUP=/swetest/ROLE=swadmin,GlueCEUniqueID=grid001.fc.up.pt:2119/jobmanager-lcgsge-swetest,mds-vo-name=UPorto,mds-vo-name=local,o=grid" version: 2 # # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 --------------------------------------------------- Each time a dn contain an attribute of the following form : "attribute=a_string=another_string,..." (eg: "/VO=swetest/GROUP=/swetest/ROLE=swadmin") openldap 2.2 produce an error "could not parse entry" In fact, each time the attribute value contain more that one equal ("=") character, openldap failed to handle the string, even though this character is included in the IA5 table. Best regards. -- Pierre-Emmanuel Brinette Grid computing - EGEE/LCG team IN2P3/CNRS Computing Centre - Lyon (France) 27 bd du 11 novembre, F-69622 Villeurbanne cedex pbrinette(a)cc.in2p3.fr - Tél. : +33 (0) 4 78 93 08 80

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by ghenry＠OpenLDAP.org 27 Jul '07

27 Jul '07

Hi David, http://www.openldap.org/devel/cvsweb.cgi/contrib/slapd-modules/addpartial/ Will be pushed out in the next 2.4 beta. Please bear in mind that you will be looking after this overlay, so test as often as you can and re-submit and changes during our release cycle. Thank you for your contribution. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by ghenry＠OpenLDAP.org 27 Jul '07

27 Jul '07

David Hawes wrote: > On Thursday 26 July 2007 09:15, you wrote: >> dhawes(a)vt.edu wrote: >>> On Thursday 19 July 2007 17:18, ghenry(a)suretecsystems.com wrote: >>>> <quote who="dhawes(a)vt.edu"> >>>> >>>>> On Thursday 19 July 2007 05:35, Gavin Henry wrote: >>>>>>> An updated version of addpartial is available at: >>>>>>> >>>>>>> ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz >>>>>>> >>>>>>> This version includes changes to work with OpenLDAP 2.3 as well as >>>>>>> ensuring syncrepl works properly. >>>>>>> >>>>>>> david hawes >>>>>> If this hasn't been added to 2.4/HEAD yet, would you consider updating >>>>>> it >>>>>> for inclusion in 2.4 contrib? >>>>> Absolutely, I've been meaning to test with 2.4. I'll bump it to the >>>>> top of >>>>> the list. >>>> Can you make sure that is dynamically configurable via cn=config like >>>> everything else in 2.4. >>>> >>>> Thanks. >>> I have tested the overlay at >>> ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz, and it >>> works with 2.4.4alpha, including dynamic loading via cn=config. >>> >>> Apart from using "overlay addpartial", there is no slapd configuration >>> for addpartial. I believe this means it doesn't need its own schema to >>> work correctly. Please correct me if I am wrong about this. >>> >>> Thanks, >>> >>> dave >> Anyone mind if I commit this to contrib in HEAD? > > I don't think you were asking me about this, but I certainly have no problem > with it. If I need to state the disclaimer I'll gladly do so. The OpenLDAP > public license is included, so that may be all that is needed. > > dave Committed. Closing ITS. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by ghenry＠OpenLDAP.org 27 Jul '07

27 Jul '07

David Hawes wrote: > On Thursday 26 July 2007 09:15, you wrote: >> dhawes(a)vt.edu wrote: >>> On Thursday 19 July 2007 17:18, ghenry(a)suretecsystems.com wrote: >>>> <quote who="dhawes(a)vt.edu"> >>>> >>>>> On Thursday 19 July 2007 05:35, Gavin Henry wrote: >>>>>>> An updated version of addpartial is available at: >>>>>>> >>>>>>> ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz >>>>>>> >>>>>>> This version includes changes to work with OpenLDAP 2.3 as well as >>>>>>> ensuring syncrepl works properly. >>>>>>> >>>>>>> david hawes >>>>>> If this hasn't been added to 2.4/HEAD yet, would you consider updating >>>>>> it >>>>>> for inclusion in 2.4 contrib? >>>>> Absolutely, I've been meaning to test with 2.4. I'll bump it to the >>>>> top of >>>>> the list. >>>> Can you make sure that is dynamically configurable via cn=config like >>>> everything else in 2.4. >>>> >>>> Thanks. >>> I have tested the overlay at >>> ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz, and it >>> works with 2.4.4alpha, including dynamic loading via cn=config. >>> >>> Apart from using "overlay addpartial", there is no slapd configuration >>> for addpartial. I believe this means it doesn't need its own schema to >>> work correctly. Please correct me if I am wrong about this. >>> >>> Thanks, >>> >>> dave >> Anyone mind if I commit this to contrib in HEAD? > > I don't think you were asking me about this, but I certainly have no problem > with it. If I need to state the disclaimer I'll gladly do so. The OpenLDAP > public license is included, so that may be all that is needed. > > dave Yes, that is all that is needed. Adding shortly. Gavin. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs