- openldap-bugs - openldap.org

Re: (ITS#4857) Subtree accesslog support
by Frank.Swasey＠uvm.edu 07 Mar '07

07 Mar '07

This is a cryptographically signed message in MIME format. --------------ms050409020803020407000508 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 3/6/07 6:31 PM, quanah(a)stanford.edu wrote: > I was looking at adding access log configurations to my main database that would > log operations based on subtree. For example, I'd like to have all operations > on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on > "cn=people,dc=stanford,dc=edu" go into another accesslog. My root is > "dc=stanford,dc=edu". There doesn't seem to be a way with the way accesslog is > currently designed to do this. I believe it would be a useful feature. I have wished for a similar capability. However, have always been stopped from proceeding to look at modifying the code because all my consumers need to replicate the full database. However, it would be nice to be able to break things apart and have them expire out of the accesslog at different times. For instance, our sendmail spam blocking rules live for a max of several hours and so I could expire those from the accesslog after 8 hours, but the core (people, groups, accounts) I'd like to keep for a couple days to make certain they get to the replica servers. Is that the same kind of thing you are thinking of Quanah? -- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900) --------------ms050409020803020407000508 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJDzCC AuIwggJLoAMCAQICEAq9rKiduK3HCbKzsBiBodUwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDcxNzE2NTcyNloX DTA3MDcxNzE2NTcyNlowRjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEjMCEG CSqGSIb3DQEJARYURnJhbmsuU3dhc2V5QHV2bS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCzhSmesaR8qf2y5cNt0qa27m42Kq3Bwubs28CzSxR1uRUaRZUfL/C2FEFV kKSat6da5b19UEWxM1giaWvLeDtQE5Tok8GhN8LNgScTiSEM6gFWnL0o7A9W7oAj42dfFvBV md7/u7nSJoAP3Wt9cU3TBJBh99U89EzIYLNik8iVhzbwfNmisxmuR5870AHURoR1sN/X4jWx q5114Rv8r60+bVitlXL7P20Z2S9+va9+a7+C1P/yJLPq1GK8+X9uaoUaGHlapBeBYNu3QWQG Q+mF+QuidS01jbaburvJxUm7dVO3QRt1PovVhlidv89eqcH8n4h7xSG1IG3teNJkschdAgMB AAGjMTAvMB8GA1UdEQQYMBaBFEZyYW5rLlN3YXNleUB1dm0uZWR1MAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEEBQADgYEAblV8ye5ZLs/y3DX0W3NU67N2T6tOSZ1609L+BRWB/Md7RDFd Cm8AXFIldDLzkyPFqs9WpgAQLvZ0gRXQ8aqwYEBB3WlZzkpUS+YTuY6X9wjcroMjHCyWNpq0 /joDumCNSEWiZJ6AZMRom9Z/P6foBxXmgCBKVq/O0mGqgArlxdkwggLiMIICS6ADAgECAhAK vayonbitxwmys7AYgaHVMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNjA3MTcxNjU3MjZaFw0wNzA3MTcxNjU3MjZa MEYxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxIzAhBgkqhkiG9w0BCQEWFEZy YW5rLlN3YXNleUB1dm0uZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4Up nrGkfKn9suXDbdKmtu5uNiqtwcLm7NvAs0sUdbkVGkWVHy/wthRBVZCkmrenWuW9fVBFsTNY Imlry3g7UBOU6JPBoTfCzYEnE4khDOoBVpy9KOwPVu6AI+NnXxbwVZne/7u50iaAD91rfXFN 0wSQYffVPPRMyGCzYpPIlYc28HzZorMZrkefO9AB1EaEdbDf1+I1sauddeEb/K+tPm1YrZVy +z9tGdkvfr2vfmu/gtT/8iSz6tRivPl/bmqFGhh5WqQXgWDbt0FkBkPphfkLonUtNY22m7q7 ycVJu3VTt0EbdT6L1YZYnb/PXqnB/J+Ie8UhtSBt7XjSZLHIXQIDAQABozEwLzAfBgNVHREE GDAWgRRGcmFuay5Td2FzZXlAdXZtLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA A4GBAG5VfMnuWS7P8tw19FtzVOuzdk+rTkmdetPS/gUVgfzHe0QxXQpvAFxSJXQy85MjxarP VqYAEC72dIEV0PGqsGBAQd1pWc5KVEvmE7mOl/cI3K6DIxwsljaatP46A7pgjUhFomSegGTE aJvWfz+n6AcV5oAgSlavztJhqoAK5cXZMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUF ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw ZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNh dGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4X DTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h bCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxV c1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J 8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9I BH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0f BDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1h aWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRl TGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aU nX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3d qZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCA2Qw ggNgAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB AhAKvayonbitxwmys7AYgaHVMAkGBSsOAwIaBQCgggHDMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDMwNzE3MDkyMFowIwYJKoZIhvcNAQkEMRYEFO+D /RPLcK9KWgTC5ESQ348qOn2BMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGFBgkr BgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu ZyBDQQIQCr2sqJ24rccJsrOwGIGh1TCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYT AlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQCr2sqJ24rccJsrOwGIGh1TAN BgkqhkiG9w0BAQEFAASCAQBWlKbCnxB4o7stfK+pDIAWxonGW8d4AKZr0IU/76SqFqlSQQAx sBSrw2Dg+NHLPsTlBlqe6tseFGjg3EL2436XOY75dbResLsyVffIxE25bVu12P6TpXe6d4xv B6/EvCxlJAjk0UP/ahjmxRCEofnPZybSfd2XIvgbfCstuV8U7ioJolTJZnTq4NhLcliSelyN AjLuBLWGlQj7FxoP7I4KQruZftPu5GVgrj1gpYCUWG457agxEi8w/0mDPUh6gtp5wcN6t+NH 6lYkBoDgb1HuHCrg6Wq/PInNYIxipqcs2Ls7YtR2OpjVJry+8nGlw/N6ueZZWqdSFlQghAk2 xkDXAAAAAAAA --------------ms050409020803020407000508--

1 0

(ITS#4859) sasl_client_init Problem
by m.birkenkamp＠e-fact-gmbh.de 07 Mar '07

07 Mar '07

Full_Name: Marcel Birkenkamp Version: 2.1.22 OS: HP UX 11.11 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.63.24.153) Hi, i have a Problem, i've implemented a c program using OpenLDAP to connect to an ActiveDirectory for uservalidation, the Problem is that whenever i use one of the OpenLDAP functions (i.e. ldap_init, ldap_initialize) i get the following error: "/usr/lib/dld.sl: Unresolvable symbol: sasl_client_init (code) from /opt/iexpress/openldap/lib/libldap.sl - IOT trap". I've reinstalled OpenLDAP but the Problem persists. Does anyone have an idea what might be causing this or how i can find out where this Problem originates? thanks in advance Marcel

1 0

(ITS#4858) sasl_client_init Problem
by m.birkenkamp＠e-fact-gmbh.de 07 Mar '07

07 Mar '07

Full_Name: Marcel Birkenkamp Version: 2.1.22 OS: HP UX 11.11 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.63.24.153) Hi, i have a Problem, i've implemented a c program using OpenLDAP to connect to an ActiveDirectory for uservalidation, the Problem is that whenever i use one of the OpenLDAP functions (i.e. ldap_init, ldap_initialize) i get the following error: "/usr/lib/dld.sl: Unresolvable symbol: sasl_client_init (code) from /opt/iexpress/openldap/lib/libldap.sl - IOT trap". I've reinstalled OpenLDAP but the Problem persists. Does anyone have an idea what might be causing this or how i can find out where this Problem originates? thanks in advance Marcel

1 0

(ITS#4857) Subtree accesslog support
by quanah＠stanford.edu 06 Mar '07

06 Mar '07

Full_Name: Quanah Gibson-Mount Version: 2.3/2.4/HEAD OS: NA URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (171.66.155.86) I was looking at adding access log configurations to my main database that would log operations based on subtree. For example, I'd like to have all operations on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on "cn=people,dc=stanford,dc=edu" go into another accesslog. My root is "dc=stanford,dc=edu". There doesn't seem to be a way with the way accesslog is currently designed to do this. I believe it would be a useful feature. --Quanah

1 0

Re: slapd segfaults with certain ACL's (ITS#4854)
by ando＠sys-net.it 06 Mar '07

06 Mar '07

hjensen(a)gmx.de wrote: > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 16384 (LWP 16160)] > 0x4043e049 in free () from /lib/libc.so.6 > (gdb) bt > #0 0x4043e049 in free () from /lib/libc.so.6 > #1 0x40069ef8 in ber_memfree_x () from /usr/lib/liblber-2.3.so.0 > #2 0x0809d4b6 in ch_free () > #3 0x080be84d in str2anlist () > #4 0x080ab33e in parse_acl () > #5 0x08070c5c in config_generic () > #6 0x0807b0f6 in config_set_vals () > #7 0x0807cdd9 in read_config_file () > #8 0x08075d1d in config_include () > #9 0x0807b0f6 in config_set_vals () > #10 0x0807cdd9 in read_config_file () > #11 0x0807667b in read_config () > #12 0x0806ffce in main () OK, then it should be fixed; you can pull servers/slapd/ad.c from the CVS under the OPENLDAP_REL_ENG_2_3 tag and rebuild. Note that this confirms that your schema is missing either or both the offending objectClasses mozillaAbPersonAlpha, evolutionPerson. Please test and feedback. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: slapd segfaults with certain ACL's (ITS#4854)
by hjensen＠gmx.de 06 Mar '07

06 Mar '07

Hello, here the additional information: configure command line: ./configure --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=/usr/sbin \ --localstatedir=/var/openldap \ --disable-nls \ --enable-debug \ --enable-syslog \ --with-threads \ --with-tls \ --with-cyrus-sasl \ --enable-spasswd \ --enable-dynamic \ --enable-ipv6 \ --enable-modules \ --enable-crypt \ --enable-rewrite \ --enable-ldbm \ --enable-ldbm-api=berkeley \ --enable-ldbm-type=btree \ --enable-bdb \ --enable-hdb \ --enable-ldap \ --enable-meta \ --enable-monitor \ --enable-dnssrv \ --enable-null \ --enable-perl \ --with-dyngroup \ --with-proxycache \ --enable-wrappers \ --enable-slurpd \ --enable-aci \ --enable-shared Backtrace of the segfault: (gdb) run Starting program: /ports/openldap/work/src/openldap-2.3.34/servers/slapd/.libs/slapd [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 16160)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 16160)] 0x4043e049 in free () from /lib/libc.so.6 (gdb) bt #0 0x4043e049 in free () from /lib/libc.so.6 #1 0x40069ef8 in ber_memfree_x () from /usr/lib/liblber-2.3.so.0 #2 0x0809d4b6 in ch_free () #3 0x080be84d in str2anlist () #4 0x080ab33e in parse_acl () #5 0x08070c5c in config_generic () #6 0x0807b0f6 in config_set_vals () #7 0x0807cdd9 in read_config_file () #8 0x08075d1d in config_include () #9 0x0807b0f6 in config_set_vals () #10 0x0807cdd9 in read_config_file () #11 0x0807667b in read_config () #12 0x0806ffce in main () Regards, Henry

1 0

Re: (ITS#4856) Back-SQL + Subtree search hits 'assert(0)'
by ando＠sys-net.it 05 Mar '07

05 Mar '07

Kevin Vargo wrote: > Hi Pierangelo, Please keep replies in CC to the ITS system. > Thanks for the quick response. I just want to make sure I understand: you're saying that removing the assertion (as I did) is the correct solution? Well, removing the assert(0) prevents the crash; the right fix is to disallow the "subtree shortcut" in slapd.conf (slapd-sql(5)), which causes the extra filtering on the DN to take place, so no false hits show up. But yes, the assert(0) was overparanoid, and I removed it from the code. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4856) Back-SQL + Subtree search hits 'assert(0)'
by ando＠sys-net.it 05 Mar '07

05 Mar '07

vargok(a)yahoo.com wrote: > Full_Name: K Vargo > Version: 2.3.32 > OS: Linux (RH-EL4) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (128.237.233.195) > > > Given a Base-DN, Subtree scoped ldapsearch, while the database contains > non-DN-matching items runs up against the 'assert(0)' in Back-SQL/search.c > +2186. > > Based on how the selection works, there doesn't appear to be a reason for the > assertion. The FIXME does not indicate WHY the dnIsSuffix should never fail: > the comparison in dnIsSuffix tries to compare incompatible-dn records and fails > -- as it should. > > Removing the assertion provides for the expected behavior in my simple case. > Basically, it appears that a Base-DN is not being pre-filtered by the Back-SQL > selection search, so it needs to be filtered by the dnIsSuffix check. > > While I could certainly see that my metadata is not correct (stock metadata from > 2.3 + changes from 200511/msg00504.html) I'm not sure an assert(0) is > appropriate. > > Additionally, there's no indication that back-sql can't support data with > multiple DNs. Actually, your assumption is partially incorrect, since back-sql doesn't do prefiltering of the DN if the search is rooted at the database's suffix (it's called the "subtree shortcut") unless you tell it otherwise, by using "use_subtree_shortcut no" (the docs state it's the default; this is wrong). I admit assert(0) there is a bit too strong, but I believe it was put there to catch this type of problems. I think the "right" solution, apart from fixing the docs, consists in removing the assertion. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

(ITS#4856) Back-SQL + Subtree search hits 'assert(0)'
by vargok＠yahoo.com 05 Mar '07

05 Mar '07

Full_Name: K Vargo Version: 2.3.32 OS: Linux (RH-EL4) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.237.233.195) Given a Base-DN, Subtree scoped ldapsearch, while the database contains non-DN-matching items runs up against the 'assert(0)' in Back-SQL/search.c +2186. Based on how the selection works, there doesn't appear to be a reason for the assertion. The FIXME does not indicate WHY the dnIsSuffix should never fail: the comparison in dnIsSuffix tries to compare incompatible-dn records and fails -- as it should. Removing the assertion provides for the expected behavior in my simple case. Basically, it appears that a Base-DN is not being pre-filtered by the Back-SQL selection search, so it needs to be filtered by the dnIsSuffix check. While I could certainly see that my metadata is not correct (stock metadata from 2.3 + changes from 200511/msg00504.html) I'm not sure an assert(0) is appropriate. Additionally, there's no indication that back-sql can't support data with multiple DNs.

1 0

Re: (ITS#4855) slapd crash on exit (tpool)
by gael.roualland＠oleane.net 05 Mar '07

05 Mar '07

Pierangelo Masarati a écrit : > gael.roualland(a)oleane.net wrote: >> Full_Name: Gaël Roualland >> Version: 2.3.34 >> OS: Linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (213.56.0.199) > > Good catch. This is a re23-only bug; fixed, will appear in next > release. Please test re23 out of the CVS, if you can. It works fine with the version from CVS. Thanks, -- Gaël Roualland -+- gael.roualland(a)oleane.net

1 0

Re: (ITS#4855) slapd crash on exit (tpool)
by ando＠sys-net.it 05 Mar '07

05 Mar '07

gael.roualland(a)oleane.net wrote: > Full_Name: Gaël Roualland > Version: 2.3.34 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.56.0.199) Good catch. This is a re23-only bug; fixed, will appear in next release. Please test re23 out of the CVS, if you can. Thanks, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4855) slapd crash on exit (tpool)
by gael.roualland＠oleane.net 05 Mar '07

05 Mar '07

Erratum : the changed line is "( ctx[i].ltk_key == NULL )" and not "( ctx[i].ltk_key != NULL )" which is the same as the release... -- Gaël Roualland -+- gael.roualland(a)oleane.net

1 0

(ITS#4855) slapd crash on exit (tpool)
by gael.roualland＠oleane.net 05 Mar '07

05 Mar '07

Full_Name: Gaël Roualland Version: 2.3.34 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.56.0.199) Hello, Upgrading 2.3.33 to 2.3.34 introduced a bug on slapd stop: the daemon segfaults while waiting for threads to stop. This is reproducible on every run, and without any queries processed. Running under gdb on a test system, the following is reported: slapd starting [New Thread 32769 (LWP 22877)] [New Thread 16386 (LWP 22878)] daemon: added 7r listener=(nil) daemon: added 9r listener=0x813df78 [New Thread 32771 (LWP 22879)] daemon: select: listen=9 active_threads=0 tvp=zero Program received signal SIGTERM, Terminated. [Switching to Thread 16384 (LWP 22876)] 0x40070604 in __pthread_sigsuspend () from /lib/libpthread.so.0 (gdb) n Single stepping until exit from function __pthread_wait_for_restart_signal, which has no line number information. daemon: shutdown requested and initiated. daemon: closing 9 slapd shutdown: waiting for 0 threads to terminate Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 32771 (LWP 22879)] 0x401e1aa0 in __check_rhosts_file () from /lib/libc.so.6 (gdb) bt #0 0x401e1aa0 in __check_rhosts_file () from /lib/libc.so.6 #1 0x080c3c36 in ldap_pvt_thread_pool_context_reset (vctx=0xbf5ff94c) at tpool.c:670 #2 0x080c38df in ldap_int_thread_pool_wrapper (xpool=0x814aa78) at tpool.c:494 #3 0x4006de51 in pthread_start_thread () from /lib/libpthread.so.0 #4 0x4006decf in pthread_start_thread_event () from /lib/libpthread.so.0 #5 0x401908aa in clone () from /lib/libc.so.6 (gdb) info threads * 4 Thread 32771 (LWP 22879) 0x401e1aa0 in __check_rhosts_file () from /lib/libc.so.6 3 Thread 16386 (LWP 22878) 0x40070604 in __pthread_sigsuspend () from /lib/libpthread.so.0 2 Thread 32769 (LWP 22877) 0x40187a5a in poll () from /lib/libc.so.6 1 Thread 16384 (LWP 22876) 0x40070604 in __pthread_sigsuspend () from /lib/libpthread.so.0 Looking at ldap_pvt_thread_pool_context_reset, it seems that the test "if ( ctx[i].ltk_key )" should be reversed as "if ( ctx[i].ltk_key != NULL )". This change fixed the bug. Regards,

1 0

Re: (ITS#4789) can't add BDB database when monitoring
by ando＠sys-net.it 04 Mar '07

04 Mar '07

For the records: I'm sort of working at this. What I'm trying to do is add some specialized calls to monitor_extra_t that allow to register backends, databases, overlays, overlay instances and so. This would allow entity registration/deregistration routines to provide the related monitor entry registration/deregistration as appropriate from within back-config, with all sorts of atomicity issues one can imagine... Cheers, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4816) slurpd generates invalid ldapadd/modify requests
by gael.roualland＠oleane.net 01 Mar '07

01 Mar '07

This is a multi-part message in MIME format. --------------090002080605050903080106 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Hello, >> As far as I can see, slurpd merely processes the changes in the replog. If it >> is generating requests out of sequence, then they must have been recorded >> out-of-sequence in the log. And yet I don't see any reason why slapd would >> generate the modifications out of sequence. > > That's right for changetype=modify, since the original code aggregates > multiple values of the same attributes in a signle LDAPmod if they're > given in order in the replog file. > But it doesn't do that for changetype=add, which toggled the bug. I > choosed to use the same code path for both for simplicity when fixing add. > >> What are the circumstances that cause these improper sequences to get into >> the replog in the first place? > > In our case, it was just "add" that was problematic. Although I could > imagine the replog to be generated by something else than slapd, and I'd > expect slurpd to be able to process it as long as it is valid ldif ? The second patch I uploaded has an issue with deleting whole attributes. I have a fixed version of it, but I also wrote another patch to fix the initial issue only on the problematic case (entry adding), so that's a less intrusive change : instead of adding a new LDAPMod for each attribute/value pair, the previous LDAPMod (if any) is reused and the current value added to it if it's for the same attribute. The new patch is attached (no space left on ftp). Would it be possible for such a fix to be in mainline ? Thanks, -- Gaël Roualland -+- gael.roualland(a)oleane.net --------------090002080605050903080106 Content-Type: text/x-patch; name="openldap2.3-slurpd-ldapadd.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="openldap2.3-slurpd-ldapadd.diff" --- openldap-2.3.33/servers/slurpd/ldap_op.c.orig 2007-01-25 12:01:46.000000000 +0100 +++ openldap-2.3.33/servers/slurpd/ldap_op.c 2007-03-01 18:05:44.315232000 +0100 @@ -52,7 +52,6 @@ #include "slurp.h" /* Forward references */ -static struct berval **make_singlevalued_berval LDAP_P(( char *, int )); static int op_ldap_add LDAP_P(( Ri *, Re *, char **, int * )); static int op_ldap_modify LDAP_P(( Ri *, Re *, char **, int * )); static int op_ldap_delete LDAP_P(( Ri *, Re *, char **, int * )); @@ -183,28 +182,42 @@ ) { Mi *mi; - int nattrs, rc = 0, i; + int nattrs, nvals, rc = 0, i; LDAPMod *ldm, **ldmarr; int lderr = 0; nattrs = i = 0; ldmarr = NULL; + ldm = NULL; /* * Construct a null-terminated array of LDAPMod structs. */ mi = re->re_mods; while ( mi[ i ].mi_type != NULL ) { - ldm = alloc_ldapmod(); - ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr, - ( nattrs + 2 ) * sizeof( LDAPMod * )); - ldmarr[ nattrs ] = ldm; - ldm->mod_op = LDAP_MOD_BVALUES; - ldm->mod_type = mi[ i ].mi_type; - ldm->mod_bvalues = - make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len ); + if (ldm == NULL || strcmp(ldm->mod_type, mi[ i ].mi_type) != 0) { + /* not the same attribute, add a new ldm */ + ldm = alloc_ldapmod(); + ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr, + ( nattrs + 2 ) * sizeof( LDAPMod * )); + ldmarr[ nattrs ] = ldm; + nattrs++; + ldm->mod_op = LDAP_MOD_BVALUES; + ldm->mod_type = mi[ i ].mi_type; + nvals = 0; + } + + ldm->mod_bvalues = ( struct berval ** ) + ch_realloc( ldm->mod_bvalues, + ( nvals + 2 ) * sizeof( struct berval * )); + ldm->mod_bvalues[ nvals + 1 ] = NULL; + ldm->mod_bvalues[ nvals ] = ( struct berval * ) + ch_malloc( sizeof( struct berval )); + ldm->mod_bvalues[ nvals ]->bv_val = mi[ i ].mi_val; + ldm->mod_bvalues[ nvals ]->bv_len = mi[ i ].mi_len; + nvals++; + i++; - nattrs++; } if ( ldmarr != NULL ) { @@ -579,25 +592,6 @@ /* - * Create a berval with a single value. - */ -static struct berval ** -make_singlevalued_berval( -char *value, -int len ) -{ - struct berval **p; - - p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * )); - p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval )); - p[ 1 ] = NULL; - p[ 0 ]->bv_val = value; - p[ 0 ]->bv_len = len; - return( p ); -} - - -/* * Given a modification type (string), return an enumerated type. * Avoids ugly copy in op_ldap_modify - lets us use a switch statement * there. --------------090002080605050903080106--

1 0

Re: ITS#4853
by ando＠sys-net.it 27 Feb '07

27 Feb '07

Richard Bos wrote: > Hello Pierangelo, > > Op dinsdag 27 februari 2007 22:27, schreef u: >> Fixed in re23; please test. >> >> I note that the name of the macro may have tricked you; Debug() is >> actually the logging system of OpenLDAP software, not a mere debug >> statement. > > I assume I may not update the ticket, You should never __assume__, when the system is self-documented: > Replies and Followups > --------------------- > > A reply is a message that has been sent from JitterBug to answer an > incoming message. > > A followup is a reply to a reply. Followups are created when a user > sends a email reply to a JitterBug generated message. Followups are > detected by looking for the PR# automatically added to the subject > line in replies. > hence this email to you: > > What do you mean with fixed in "re23". The code has been fixed in the release engineering branch of 2.3 code, and will thus appear in the next release. > Which release is that exactly? Likely, 2.3.35, if any. > What does the change involve? Look at the code from the CVS. > Is the message now sent to a log file? > < Debug(LDAP_DEBUG_ANY, "%s: line %d: new attribute <%s>\n", >> Debug(LDAP_DEBUG_CONFIG, "%s: line %d: new attribute <%s>\n", It's sent wherever configured, like it was before (see slapd(8) and slapd.conf(5) for details about logging). The difference is that earlier that message was being always issued, while now it's only issued if expressly requested, since it's just informative and not indicative of any bug. The macros seem pretty self-esplicative. I hope that bug didn't cause any harm to your system, though. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

ITS#4853
by ando＠sys-net.it 27 Feb '07

27 Feb '07

Fixed in re23; please test. I note that the name of the macro may have tricked you; Debug() is actually the logging system of OpenLDAP software, not a mere debug statement. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

(ITS#4853) A debug message is printed, from the released version
by ml＠radoeka.nl 27 Feb '07

27 Feb '07

Full_Name: Richard Bos Version: 2.3.27 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.126.75.243) I just upgraded to the new slapd.conf file from cvs and now when I run slapcat I get the following output: # slapcat >/dev/null /etc/openldap/slapd.conf: line 67: new attribute <member> The config file contains: 63 #### Using overlays to improve data consistency 64 # Ensure that we never get dangling member attributes 65 # Checked on rename and delete 66 overlay refint 67 refint_attributes member 68 The code in servers/slapd/overlays/refint.c reads as follows: if(!strcasecmp(*argv, "refint_attributes")) { for(i = 1; i < argc; i++) { ... some checks for error conditions here but if all is fine we fall through to the following section ... ip = ch_malloc(sizeof(refint_attrs)); ip->attr = ad; ip->next = id->attrs; id->attrs = ip; Debug(LDAP_DEBUG_ANY, "%s: line %d: new attribute <%s>\n", fname, lineno, argv[i]); The final debug message results seems to be the message that is printed. It's my assumption that no debug messages should be printed in a released product/version/project. The initial bug report is located at: https://intevation.de/roundup/kolab/issue1622

1 0

Re: (ITS#4845) Back-perl is non working
by hyc＠symas.com 27 Feb '07

27 Feb '07

kiwi(a)oav.net wrote: >> No surprise that such a careful redesign resulted, as a side >> effect, in a stricter compliance with RFC2589. The fact that >> nobody complained up to now indicates that strict adherence to >> specs usually helps in code portability. > > Yeah. But I didn't know that RFC2589 is used inside back_<whatever>. > Now I am aware of that and I really thanks about your help and your > kindness to take some time to find where my error was. I think he meant RFC2849, which is the LDIF specification. > Maybe a little not in slapd-perl man page that entry sent to openldap > have to conform to RFC2589 should be a point to avoid such loss of time. The slapd-perl(5) man page says that it expects LDIF entries to be returned. As such, it is already a given that they must actually conform to the LDIF spec. > Thanks again, and this bug is closed for me. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Potential bug (schema or ldap add?)
by Andrew Seguin 27 Feb '07

27 Feb '07

I'm not too sure of the details yet, I wanted to check with this list first, but here's the story. In general, I'm using phpLDAPadmin to work with the ldap directory. I added the iaaa-radius.schema from Interlink. I found it was missing the EQUALITY statements, so phpLDAPadmin couldn't "add" new aaaReply items once the first one was added. Via import and adding a user all at once was not a problem. I modified the iaaa-radius.schema file, found the aaaReply attribute and added the lines "EQUALITY caseIgnoreMatch" and "SUBSTR caseIgnoreSubstringsMatch". I went into phpLDAPadmin, created a new aaaPerson with one initial aaaReply attribute, then added a second aaaReply value without problem. To date all is good. I went to a user which already exists, which already has three aaaReply attributes/values, and tried to add a new aaaReply value - at which point it would seem that slapd either crashed or shutdown. I turned on logging and couldn't see anything really abnormal... nor did I find any core dump file. Any ideas if this is a bug or possibly just some kind of internal consistency check on records created before the Schema was modified? Thank you, Andrew

3 3

Re: (ITS#4845) Back-perl is non working
by kiwi＠oav.net 27 Feb '07

27 Feb '07

--Apple-Mail-13-1003230263 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hello, >> By the way, I still don't understand why this kind of script was >> working on >> openldap 2.1 and 2.2.... ? >> Does str2entry() is more picky since openldap 2.3 ? > > The fact that something __worked__ doesn't mean it was correct. > That code working was apparently the consequence of two bugs > canceling each other. I totaly agree with you :) > str2entry() is not just more picky: it has been __entirely__ > rewritten, to reduce the performance impact of the related memory > allocation, which guaranteed orders of magnitude of improvement > from 2.0 to 2.3 (the amount of fragmented malloc()s was a > considerable bottleneck). Redesigning code for performance, as well > as for stricter adherence to specs, is part of its natural evolution. Again I agree with you. I am also maintainer of some opensource project and sometimes we need to recode something that is slow to have better performances. > No surprise that such a careful redesign resulted, as a side > effect, in a stricter compliance with RFC2589. The fact that > nobody complained up to now indicates that strict adherence to > specs usually helps in code portability. Yeah. But I didn't know that RFC2589 is used inside back_<whatever>. Now I am aware of that and I really thanks about your help and your kindness to take some time to find where my error was. Maybe a little not in slapd-perl man page that entry sent to openldap have to conform to RFC2589 should be a point to avoid such loss of time. Thanks again, and this bug is closed for me. /Xavier --Apple-Mail-13-1003230263 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILJjCCAz8w ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0 ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A 9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYI Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggOVMIIC/qADAgECAgEAMA0GCSqGSIb3 DQEBBAUAMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBLYXphcjEUMBIGA1UECxMLQ0EgRGl2aXNp b24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEOMAwGA1UEBxMFUGFyaXMxDjAMBgNVBAgT BVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6YXIgUm9vdCBDQTAeFw0wMzExMTQxNDEz MjBaFw0xMzExMTExNDEzMjBaMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBLYXphcjEUMBIGA1UE CxMLQ0EgRGl2aXNpb24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEOMAwGA1UEBxMFUGFy aXMxDjAMBgNVBAgTBVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6YXIgUm9vdCBDQTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArTJ/TWJb1B9Tgg2Be6BK+KfnNCfyingorlFmQGmN lUvZ+1kK3JSWr7+N4i7oRLRv0htL+oyj7LHoL0OrXhuRdYkG6A3VN73O8Wb+rGI+1Ak2i06TNYRE 7vDtauItxGOwABWgR6Fr+2eItDd8o3+s7H1hwpOZo8zMrVfwyNQOMlcCAwEAAaOB9DCB8TAMBgNV HRMEBTADAQH/MB0GA1UdDgQWBBT7L+QPhVGztBVc65wVFYz95pkTwjCBwQYDVR0jBIG5MIG2gBT7 L+QPhVGztBVc65wVFYz95pkTwqGBmqSBlzCBlDEaMBgGA1UEChMRQXNzb2NpYXRpb24gS2F6YXIx FDASBgNVBAsTC0NBIERpdmlzaW9uMRswGQYJKoZIhvcNAQkBFgxraXdpQG9hdi5uZXQxDjAMBgNV BAcTBVBhcmlzMQ4wDAYDVQQIEwVQYXJpczELMAkGA1UEBhMCRlIxFjAUBgNVBAMTDUthemFyIFJv b3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEASmOaz1/6V1um4PQSvkEqy5YgWdCoheEIHldkXUk2 Ox9FVDo9tft6S8+phoagZnXyHq6sGISq5ptLNf5BoTJSm4yqPb7W0/IlzCrMoghlYf7DS3RDKiG+ CdTta906lswo04uV8OPYyFjXYFkaxtdlxcXc/vRCdqIvO5QCEyRvGlgwggRGMIIDr6ADAgECAhBf WXY2/Lp97IQmaQuqdQ8+MA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgSXNzdWluZyBDQTAeFw0wNzAyMDYxNTE2NTRaFw0wODAyMDYxNTE2NTRaMIIBKTEfMB0G A1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEbMBkGCSqGSIb3DQEJARYMa2l3aUBvYXYubmV0 MR0wGwYJKoZIhvcNAQkBFg5raXdpQDZtZWF0Lm5ldDEdMBsGCSqGSIb3DQEJARYOa2l3aUBrYXph ci5vcmcxITAfBgkqhkiG9w0BCQEWEmtpd2lAc3VwZXJmbHV4LmJpejEfMB0GCSqGSIb3DQEJARYQ a2l3aUBjYXVkaXVtLm5ldDEfMB0GCSqGSIb3DQEJARYQa2l3aS1tc25Ab2F2Lm5ldDEhMB8GCSqG SIb3DQEJARYScG9zdG1hc3RlckBvYXYubmV0MSMwIQYJKoZIhvcNAQkBFhR4YXZpZXJAYmVhdWRv dWluLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdNOyX58MnQHVmyXZAiOkRd niRbx7HUUZg5picgmHOlHlAM8EEcv8tyZfaAxNndt1OtkSDlFrPdeqgbJXW6F/VNksATpxJPAXMc 0hmiiQon5qJvCAtjKTUZHPifNu8IwDHXuuOJm9Xl8dzkmzyy1XkHDnlV2yAPDiuwfV5PjgBcVJQb Pl2jncfQBFoInlfeGdZaChFQKpqIULFUAyuOhpp5vsNQqPAjCfAvGbPKZEIpom1OfBPUshzMB32E eWhG4vF+wKV4F7NlFMsSwAPas9Qil3mvUcwDigei5/nmwvxCsfyQtHCm/A0XcK5//4fKNGeSQK7W 7pkxdUKQFmCJCMsCAwEAAaOBrzCBrDCBmwYDVR0RBIGTMIGQgQxraXdpQG9hdi5uZXSBDmtpd2lA Nm1lYXQubmV0gQ5raXdpQGthemFyLm9yZ4ESa2l3aUBzdXBlcmZsdXguYml6gRBraXdpQGNhdWRp dW0ubmV0gRBraXdpLW1zbkBvYXYubmV0gRJwb3N0bWFzdGVyQG9hdi5uZXSBFHhhdmllckBiZWF1 ZG91aW4ubmV0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAA1oQbxpPOZbFEqKS4aph 2LBd+fy6nvBtFFpdgVOx3LZkU3bcXJtk2m6sJPW72sHKpU5m93uQqJCuT6s+sfI062Q3pp27EJjv 0gkIs6OpI36IOKf7zQp7qmN4YANeuE60U4hCrSlXK5uLrPguoBk72PWdPGI8hMOnfJmHa9+0YXIx ggNcMIIDWAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ X1l2Nvy6feyEJmkLqnUPPjAJBgUrDgMCGgUAoIIBuzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNzAyMjcxMzQ1NThaMCMGCSqGSIb3DQEJBDEWBBQ9bmnTVofdoSRh 8583ZE8AFNXOujCBqwYJKwYBBAGCNxAEMYGdMIGaMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBL YXphcjEUMBIGA1UECxMLQ0EgRGl2aXNpb24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEO MAwGA1UEBxMFUGFyaXMxDjAMBgNVBAgTBVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6 YXIgUm9vdCBDQQIBADCBrQYLKoZIhvcNAQkQAgsxgZ2ggZowgZQxGjAYBgNVBAoTEUFzc29jaWF0 aW9uIEthemFyMRQwEgYDVQQLEwtDQSBEaXZpc2lvbjEbMBkGCSqGSIb3DQEJARYMa2l3aUBvYXYu bmV0MQ4wDAYDVQQHEwVQYXJpczEOMAwGA1UECBMFUGFyaXMxCzAJBgNVBAYTAkZSMRYwFAYDVQQD Ew1LYXphciBSb290IENBAgEAMA0GCSqGSIb3DQEBAQUABIIBAB98WnfO9tT2nVJIJ8FVh9+MiP9A 1tC2CirbtmCIgimXAC9A3briBvInedOr85WLpisE2M+VSmownkh9qkVtyIBdPs/M/7qfqvSD3Rlf FkEuIBSGKgU1AcYFmN/XoRTtetDnTgZNDe5aIh6rxd0s1juilxMsJiL4iCSBfk4cGVKpxCXsZlAp 3/QfI3yGscc9sZG2MoROANqAo6JU6vg6D+obhhXfgQqluahRk4LkPdqlgTVuhdaJADGuvQv0y/fY UDEYz3X5w5dDJG/HdECrgzPhRLNygcwUqANuUGXDI5vdrBSsmXOb4raeTfR0FSGjVssdPRMx3Nvc Elughcf1ZlsAAAAAAAA= --Apple-Mail-13-1003230263--

1 0

Re: (ITS#4845) Back-perl is non working
by ando＠sys-net.it 27 Feb '07

27 Feb '07

Xavier Beaudouin wrote: > By the way, I still don't understand why this kind of script was working on > openldap 2.1 and 2.2.... ? > > Does str2entry() is more picky since openldap 2.3 ? The fact that something __worked__ doesn't mean it was correct. That code working was apparently the consequence of two bugs canceling each other. str2entry() is not just more picky: it has been __entirely__ rewritten, to reduce the performance impact of the related memory allocation, which guaranteed orders of magnitude of improvement from 2.0 to 2.3 (the amount of fragmented malloc()s was a considerable bottleneck). Redesigning code for performance, as well as for stricter adherence to specs, is part of its natural evolution. No surprise that such a careful redesign resulted, as a side effect, in a stricter compliance with RFC2589. The fact that nobody complained up to now indicates that strict adherence to specs usually helps in code portability. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4845) Back-perl is non working
by kiwi＠oav.net 27 Feb '07

27 Feb '07

--Apple-Mail-8-1002308974 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Hello, Le 26 f=E9vr. 07 =E0 09:35, Pierangelo Masarati a =E9crit : > Xavier Beaudouin wrote: > > >>> Unless you can prove that back-perl LDIF parser doesn't work with >>> decently >>> formatted LDIF, I'll consider this ITS closed. >> >> It *is* buggy proove me the contrary and be not so arrogant. > > OK, I'll be less "arrogant". I've tested back-perl with your script > corrected, and it works exactly as expected both with OpenLDAP 2.3 and > with OpenLDAP 2.4. What are corrections? > > 1) > > <attr>: <value> > > 2) eliminate nonsensical "\t" at end of each line. What is really > offending is the space between "attr" and ":" and the last "\t", while > the other "\t" seem to be tolerated (I suggest to fix str2entry() in > order to detect this malformation as well). > > It took me 5 minutes to rebuild with back-perl and find the error, and > it's the first time in my life that I program perl. Thanks to helped me on that. You can close the bug and sorry to have bother you for such "easy" fix. By the way, I still don't understand why this kind of script was =20 working on openldap 2.1 and 2.2.... ? Does str2entry() is more picky since openldap 2.3 ? /Xavier= --Apple-Mail-8-1002308974 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILJjCCAz8w ggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0 ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcx KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0 ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxA dGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUg UGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA xKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDow OKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3Js MAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgw DQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A 9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYI Tq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8wggOVMIIC/qADAgECAgEAMA0GCSqGSIb3 DQEBBAUAMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBLYXphcjEUMBIGA1UECxMLQ0EgRGl2aXNp b24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEOMAwGA1UEBxMFUGFyaXMxDjAMBgNVBAgT BVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6YXIgUm9vdCBDQTAeFw0wMzExMTQxNDEz MjBaFw0xMzExMTExNDEzMjBaMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBLYXphcjEUMBIGA1UE CxMLQ0EgRGl2aXNpb24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEOMAwGA1UEBxMFUGFy aXMxDjAMBgNVBAgTBVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6YXIgUm9vdCBDQTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArTJ/TWJb1B9Tgg2Be6BK+KfnNCfyingorlFmQGmN lUvZ+1kK3JSWr7+N4i7oRLRv0htL+oyj7LHoL0OrXhuRdYkG6A3VN73O8Wb+rGI+1Ak2i06TNYRE 7vDtauItxGOwABWgR6Fr+2eItDd8o3+s7H1hwpOZo8zMrVfwyNQOMlcCAwEAAaOB9DCB8TAMBgNV HRMEBTADAQH/MB0GA1UdDgQWBBT7L+QPhVGztBVc65wVFYz95pkTwjCBwQYDVR0jBIG5MIG2gBT7 L+QPhVGztBVc65wVFYz95pkTwqGBmqSBlzCBlDEaMBgGA1UEChMRQXNzb2NpYXRpb24gS2F6YXIx FDASBgNVBAsTC0NBIERpdmlzaW9uMRswGQYJKoZIhvcNAQkBFgxraXdpQG9hdi5uZXQxDjAMBgNV BAcTBVBhcmlzMQ4wDAYDVQQIEwVQYXJpczELMAkGA1UEBhMCRlIxFjAUBgNVBAMTDUthemFyIFJv b3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADgYEASmOaz1/6V1um4PQSvkEqy5YgWdCoheEIHldkXUk2 Ox9FVDo9tft6S8+phoagZnXyHq6sGISq5ptLNf5BoTJSm4yqPb7W0/IlzCrMoghlYf7DS3RDKiG+ CdTta906lswo04uV8OPYyFjXYFkaxtdlxcXc/vRCdqIvO5QCEyRvGlgwggRGMIIDr6ADAgECAhBf WXY2/Lp97IQmaQuqdQ8+MA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl ZW1haWwgSXNzdWluZyBDQTAeFw0wNzAyMDYxNTE2NTRaFw0wODAyMDYxNTE2NTRaMIIBKTEfMB0G A1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEbMBkGCSqGSIb3DQEJARYMa2l3aUBvYXYubmV0 MR0wGwYJKoZIhvcNAQkBFg5raXdpQDZtZWF0Lm5ldDEdMBsGCSqGSIb3DQEJARYOa2l3aUBrYXph ci5vcmcxITAfBgkqhkiG9w0BCQEWEmtpd2lAc3VwZXJmbHV4LmJpejEfMB0GCSqGSIb3DQEJARYQ a2l3aUBjYXVkaXVtLm5ldDEfMB0GCSqGSIb3DQEJARYQa2l3aS1tc25Ab2F2Lm5ldDEhMB8GCSqG SIb3DQEJARYScG9zdG1hc3RlckBvYXYubmV0MSMwIQYJKoZIhvcNAQkBFhR4YXZpZXJAYmVhdWRv dWluLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdNOyX58MnQHVmyXZAiOkRd niRbx7HUUZg5picgmHOlHlAM8EEcv8tyZfaAxNndt1OtkSDlFrPdeqgbJXW6F/VNksATpxJPAXMc 0hmiiQon5qJvCAtjKTUZHPifNu8IwDHXuuOJm9Xl8dzkmzyy1XkHDnlV2yAPDiuwfV5PjgBcVJQb Pl2jncfQBFoInlfeGdZaChFQKpqIULFUAyuOhpp5vsNQqPAjCfAvGbPKZEIpom1OfBPUshzMB32E eWhG4vF+wKV4F7NlFMsSwAPas9Qil3mvUcwDigei5/nmwvxCsfyQtHCm/A0XcK5//4fKNGeSQK7W 7pkxdUKQFmCJCMsCAwEAAaOBrzCBrDCBmwYDVR0RBIGTMIGQgQxraXdpQG9hdi5uZXSBDmtpd2lA Nm1lYXQubmV0gQ5raXdpQGthemFyLm9yZ4ESa2l3aUBzdXBlcmZsdXguYml6gRBraXdpQGNhdWRp dW0ubmV0gRBraXdpLW1zbkBvYXYubmV0gRJwb3N0bWFzdGVyQG9hdi5uZXSBFHhhdmllckBiZWF1 ZG91aW4ubmV0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAA1oQbxpPOZbFEqKS4aph 2LBd+fy6nvBtFFpdgVOx3LZkU3bcXJtk2m6sJPW72sHKpU5m93uQqJCuT6s+sfI062Q3pp27EJjv 0gkIs6OpI36IOKf7zQp7qmN4YANeuE60U4hCrSlXK5uLrPguoBk72PWdPGI8hMOnfJmHa9+0YXIx ggNcMIIDWAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ X1l2Nvy6feyEJmkLqnUPPjAJBgUrDgMCGgUAoIIBuzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0wNzAyMjcxMzMwMzdaMCMGCSqGSIb3DQEJBDEWBBS7xwRCcJciq2f1 0nv+lAcwXB/WaTCBqwYJKwYBBAGCNxAEMYGdMIGaMIGUMRowGAYDVQQKExFBc3NvY2lhdGlvbiBL YXphcjEUMBIGA1UECxMLQ0EgRGl2aXNpb24xGzAZBgkqhkiG9w0BCQEWDGtpd2lAb2F2Lm5ldDEO MAwGA1UEBxMFUGFyaXMxDjAMBgNVBAgTBVBhcmlzMQswCQYDVQQGEwJGUjEWMBQGA1UEAxMNS2F6 YXIgUm9vdCBDQQIBADCBrQYLKoZIhvcNAQkQAgsxgZ2ggZowgZQxGjAYBgNVBAoTEUFzc29jaWF0 aW9uIEthemFyMRQwEgYDVQQLEwtDQSBEaXZpc2lvbjEbMBkGCSqGSIb3DQEJARYMa2l3aUBvYXYu bmV0MQ4wDAYDVQQHEwVQYXJpczEOMAwGA1UECBMFUGFyaXMxCzAJBgNVBAYTAkZSMRYwFAYDVQQD Ew1LYXphciBSb290IENBAgEAMA0GCSqGSIb3DQEBAQUABIIBAECl4VHgzjlhaIgC+ynI6fwsEig0 G2rw/NLSqYGw8cLsMx2iqXSnlQWVV8oLUe5gMGHV0eE65yfKx+vnXTUyJnUN08ECvHx+eM4bxxgV c1cvP6XqqR+nHRUVucriSGrMKqTfI9Qg9DyxPAdF1znIF2TrMwytcVHq+RptaREhEPrpH6+Klnp+ oT9HZwHIRC5tDkZ64uCisHno5QnvwRkT3V2PaSYK5wYtZBHOSchVWWPLeAA9yEzEeMbo07cHWVbj LAxwKoLF+ckJbQRSjWekQ7YwmOkRGVhb4hjtq17b4f6k3Cs3PSOPBOxhktJtinBgU9wSaBYzR5f3 i66IZQDPpkIAAAAAAAA= --Apple-Mail-8-1002308974--

1 0

Re: (ITS#4850) back-meta stops returning data
by ulf.moeller＠secardeo.com 27 Feb '07

27 Feb '07

2.3.34 solves the problem. Thanks. -- ____________________________________ Ulf Möller Senior Consultant Secardeo GmbH Office +49 (0)89 - 18 93 589-5 Fax +49 (0)89 - 18 93 589-9 E-mail ulf.moeller(a)secardeo.com Secardeo GmbH Betastrasse 9a D-85774 Unterföhring Web http://www.secardeo.de Geschäftsführer: Dr. Gunnar Jacobson Amtsgericht München HRB 137969 ____________________________________

1 0

Re: (ITS#4685) Updated changelog overlay by Neil Dunbar
by sebastian＠rieger.info 26 Feb '07

26 Feb '07

I placed an updated version in ftp://ftp.openldap.org/incoming/changelog-rieger-070226.c <ftp://ftp.openldap.org/incoming/changelog-rieger-060925.c> that compiles and works with CVS HEAD Sebastian Rieger

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs