https://bugs.openldap.org/show_bug.cgi?id=9505
Issue ID: 9505
Summary: Should be admin guide section on logging detail
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
Currently we do not document information about the log levels, particularly
stats.
For example, we don't document anywhere outside the slap.h header what time
units etime and qtime use (microseconds). This would be helpful, since other
directory servers use (and DOCUMENT) milliseconds.
Overall it would likely be helpful to end users so they understand more about
what the information stats logging is providing.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9449
Issue ID: 9449
Summary: When the "lockdetect" is setted in slapd.conf, the db
deadlock detected policy is setted incorrected
Product: OpenLDAP
Version: 2.4.57
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: li(a)lihaitao.cn
Target Milestone: ---
I have the "lockdetect random" setted in slapd.conf,the expected deadlock
detected policy is "DB_LOCK_RANDOM" but I got the valude "DB_LOCK_EXPIRE".
After many search of the source file, the lockdetect parse source is found on
openldap-2.4.57\servers\slapd\back-bdb\config.c :Line 894-903
---------------------
case BDB_LOCKD:
rc = verb_to_mask( c->argv[1], bdb_lockd );
if ( BER_BVISNULL(&bdb_lockd[rc].word) ) {
fprintf( stderr, "%s: "
"bad policy (%s) in \"lockDetect <policy>\" line\n",
c->log, c->argv[1] );
return 1;
}
bdb->bi_lock_detect = (u_int32_t)rc;
break;
---------------------
After analyse the verb_to_mask's return value, the "rc" is the index of the
bdb_lockd's setting items. So it can't be passwd to bi_lock_detect.
The right value is The "bdb_lockd[rc].mask".
I think it is a bug, my recommendation fix is like the next.
bdb->bi_lock_detect = (u_int32_t)rc;
->
bdb->bi_lock_detect = bdb_lockd[rc].mask;
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8996
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|IN_PROGRESS |RESOLVED
--- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 3eea13bd
by Hugh McMaster at 2021-03-15T21:39:55+00:00
ITS#8996 - Generate and install a pkg-config file for the liblber library
• baee6c47
by Hugh McMaster at 2021-03-15T21:39:55+00:00
ITS#8996 - Generate and install a pkg-config file for the libldap library
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8889
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|IN_PROGRESS |RESOLVED
--- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 4e0f0a31
by Quanah Gibson-Mount at 2021-03-15T20:30:07+00:00
ITS#8889 - Clarify loglevel and debug level portions of admin guide.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9501
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|CONFIRMED |RESOLVED
--- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 5f935298
by Tero Saarni at 2021-03-15T19:03:59+00:00
ITS#9419 fix comparison
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9419
Issue ID: 9419
Summary: Add support for HAProxy proxy protocol v2
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: henson(a)acm.org
Target Milestone: ---
Add support for the HAProxy proxy protocol v2:
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
This will allow slapd to receive and act upon client addresses when operating
behind a NAT'ing load balancer or proxy server which would otherwise obscure
the true client address.
Patch will be submitted as a pull request on gitlab.
The submitted pull request is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the pull request were
developed by Paul B. Henson <henson(a)acm.org> based on specifications and
example code provided by HAProxy at the above listed URL. I have not assigned
rights and/or interest in this work to any party.
The modifications to OpenLDAP Software are subject to the following notice:
Copyright 2020 Paul B. Henson
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP Public License.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9499
Issue ID: 9499
Summary: Clean up seqmod configure bits
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: build
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
seqmod is an example overlay and is not meant to be used. configure needs to
be adjusted for this fact.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9503
Issue ID: 9503
Summary: Openldap client is not populating GID name instead of
it just getting GID with empty Group name
Product: OpenLDAP
Version: 2.4.54
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: ramsy21(a)gmail.com
Target Milestone: ---
Created attachment 809
--> https://bugs.openldap.org/attachment.cgi?id=809&action=edit
Openldap client is not populating GID name instead of it just getting GID with
empty Group name
Hi Team,
we are using OpenLDAP 2.4.54 version on RHEL7.8 systems and these OpenLDAP
servers are using backend Microsoft AD URI to load the User POSIX info. Clients
are using SSSD software. On the client's side, we are seeing odd behavior of
Group name.
it's failing to fetch Group name while logging in to the LDAP clients.
uid=1946***(balna**) gid=1478 groups=1478
we have to similar setup on two sites, One site is working fine and the second
site is not working sure where is the exact problem both the sites' OpenLDAP
configuration is intact and SSL certs are offloaded properly.
the only difference I see no of clients connections the working one having
fewer client around 25-30 in that site whereas non-working site OpenLDAP
servers takes around 3K clients connections, I am not sure if any there is
additional tuning required based on no of clients.
i also checked limits 4K values set for nproc/nofile and i did not see any
issue with limits.
we have a similar working two sites setup of 2.4.36 on RHEL6 servers for the
same no of clients and we are trying to migrate to RHEL7 with 2.4.54 version
where we are seeing the issue.
Can you please check and help us to see if similar kind of issue reported by
any clients or any tuning in required ?
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8773
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|IN_PROGRESS |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 91a51591
by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00
ITS#8773 - Add slapo-deref.5 man page
• 641ecb41
by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00
ITS#8773 - Add test for slapo-deref overlay
• f2e6efed
by OndÅ™ej KuznÃk at 2021-03-15T16:31:55+00:00
ITS#5768 Avoid extraneous newlines in deref printing
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9501
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|needs_review |
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9501
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |2.5.3
Ever confirmed|0 |1
Status|UNCONFIRMED |CONFIRMED
--- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Can you please file an MR for this? Thanks!
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9501
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |needs_review
Group|OpenLDAP-devs |
--- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
beta releases are not production releases, no need for this to be private.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6830
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|2.5.3 |2.5.4
Keywords|OL_2_5_REQ, reviewed |
Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8677
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|reviewed |
Target Milestone|2.4.53 |2.6.0
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9101
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
Target Milestone|2.5.3 |---
Keywords|OL_2_5_REQ |
Assignee|quanah(a)openldap.org |bugs(a)openldap.org
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9101
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Actually the text in the man page covering these sections explicitly states
they can be configured at the DB level as well.
slapd.conf(5):
Options described in this section apply to all backends, unless
specifically overridden in a backend definition.
slapd-config(5):
Options in this section may be set in the special "frontend" database
and inherited in all the other databases. These options may be altered
by further settings in each specific database.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8889
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |IN_PROGRESS
--- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
https://git.openldap.org/openldap/openldap/-/merge_requests/287
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8742
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|IN_PROGRESS |RESOLVED
--- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• 2fcfeb83
by Quanah Gibson-Mount at 2021-03-11T19:24:25+00:00
ITS#8742 - Bring slapd.conf.5 and slapd-config.5 in sync
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8889
--- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
And to note, if compiled with the default options (--enable-debug=yes), the
*loglevel* defaults to 256 (stats).
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8736
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |IN_PROGRESS
Ever confirmed|0 |1
--- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
https://git.openldap.org/openldap/openldap/-/merge_requests/286
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6912
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|needs_review |
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9474
Issue ID: 9474
Summary: ldap_install_tls() should return meaningful error code
Product: OpenLDAP
Version: 2.4.57
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: bugs(a)openldap.org
Reporter: simon.pichugin(a)gmail.com
Target Milestone: ---
The description of my findings (take a note that these are OpenLDAP logs that
happen under the application that uses libldap):
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_write: want=610,
written=610
...
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace:
SSL_connect:SSLv3 flush data
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_read: want=5
error=Interrupted system call
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace:
SSL_connect:error in SSLv3 read finished A
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace:
SSL_connect:error in SSLv3 read finished A
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS: can't connect: .
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection 1
1
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_send_unbind
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ber_flush2: 7 bytes to
sd 23
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01
00 42 00
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_write: want=7,
written=7
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01
01 42 00
[sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection:
actually freed
So, 'error=Interrupted system call' is caught by this:
https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…https://git.openldap.org/openldap/openldap/-/blob/master/libraries/liblber/…
It is only the debug message that comes from the caller itself so we can see
what is passed to OpenSSL.
And 'Interrupted system call' is just an EINTR string representation.
What we should do is to catch the error that OpenSSL returns to us after it is
interrupted.
As we can see from the logs:
"libldap: TLS: can't connect: ."
This line returns nothing:
https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…
So 'ld->ld_error' is set to empty value.
If we go deeper into the 'tls_imp->ti_session_errmsg' call we can reach the
point where ERR_peek_error() is called:
https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…
In the conclusion:
ldap_install_tls() should return meaningful error code that would allow to
figure out a reason for the failure, especially network IO fail due to EITR.
--
You are receiving this mail because:
You are on the CC list for the issue.