openldap-bugs

openldap-bugs@openldap.org

1 participants
20963 discussions

Re: (ITS#7213) back-mdb corruption with quickmode
by hyc＠symas.com 26 Mar '12

26 Mar '12

quanah(a)zimbra.com wrote: > --On Wednesday, March 21, 2012 1:41 AM +0000 quanah(a)OpenLDAP.org wrote: > >> Full_Name: Quanah Gibson-Mount >> Version: 2.4.30 >> OS: Linux 2.6 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (75.108.184.39) >> >> >> Using quickmode with slapadd can result in a corrupt database. Fixed in git master >> > > zimbra@zqa-067:~$ /opt/zimbra/openldap/sbin/slapadd -q -F > /opt/zimbra/data/ldap/config -b '' -l /opt/zimbra/data/ldap/ldap.80 > _#################### 100.00% eta none elapsed none fast! > Closing DB... > zimbra@zqa-067:~$ ldap start > Started slapd: pid 27998 > zimbra@zqa-067:~$ ./libexec/zmslapcat /tmp > # no data for entry id=00000024 > > No issue when you don't use -q: > > /opt/zimbra/openldap/sbin/slapadd -F /opt/zimbra/data/ldap/config -b '' -l > /opt/zimbra/data/ldap/ldap.80 > _#################### 100.00% eta none elapsed none fast! > Closing DB... > zimbra@zqa-067:~$ ldap start > Started slapd: pid 30573 > zimbra@zqa-067:~$ ./libexec/zmslapcat /tmp > zimbra@zqa-067:~$ > > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7217) libperl-dev check is missing in configure
by hyc＠symas.com 26 Mar '12

26 Mar '12

robert.eikermann(a)rwth-aachen.de wrote: > Full_Name: Robert Eikermann > Version: 2.4.30 > OS: Ubuntu 11.10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (137.226.168.117) > > > Hi, > "configure" checked a lot libraries in my system, but not libperl-dev the error > (/usr/bin/ld: cannot find -lperl) appears first when I was compiling openldap. > > sudo apt-get install libperl-dev helped. Not an OpenLDAP bug. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7217) libperl-dev check is missing in configure
by robert.eikermann＠rwth-aachen.de 26 Mar '12

26 Mar '12

Full_Name: Robert Eikermann Version: 2.4.30 OS: Ubuntu 11.10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (137.226.168.117) Hi, "configure" checked a lot libraries in my system, but not libperl-dev the error (/usr/bin/ld: cannot find -lperl) appears first when I was compiling openldap. sudo apt-get install libperl-dev helped.

1 0

Re: (ITS#7207) Re-binding to a failed connection segfaults
by hyc＠symas.com 26 Mar '12

26 Mar '12

jsynacek(a)redhat.com wrote: > Full_Name: Jan Synacek > Version: 2.4.30 > OS: Fedora 16 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.132.186.34) > > > I've created a small reproducer, that calls ldap_sasl_interactive_bind_s after > it has been called once and failed, which causes a segfault. Fixed now in git master, thanks for the report. > > I've traced this bug with gdb: > $ gdb ./reproducer > > GNU gdb (GDB) Fedora (7.3.50.20110722-10.fc16) > Copyright (C) 2011 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later<http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-redhat-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from > /home/jsynacek/work/bz784989-openldap-rebinding/reproducer...done. > (gdb) r > Starting program: /home/jsynacek/work/bz784989-openldap-rebinding/reproducer > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > ldap_sasl_interactive_bind: user selected: GSSAPI > ldap_int_sasl_bind: GSSAPI > ldap_new_connection 1 1 0 > ldap_int_open_connection > ldap_connect_to_host: TCP localhost:636 > ldap_new_socket: 7 > ldap_prepare_socket: 7 > ldap_connect_to_host: Trying ::1 636 > ldap_pvt_connect: fd: 7 tm: -1 async: 0 > TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory > TLS: error: connect - force handshake failure: errno 21 - moznss error -5938 > TLS: can't connect: TLS error -5938:Encountered end of file. > ldap_msgfree > ldap_err2string > bind failed: Can't contact LDAP server, retrying for fun and profit! > ldap_sasl_interactive_bind: user selected: GSSAPI > ldap_int_sasl_bind: GSSAPI > > Program received signal SIGSEGV, Segmentation fault. > ldap_int_sasl_bind (ld=0x603130, dn=0x0, mechs=0x401a30 "GSSAPI", sctrls=0x0, > cctrls=0x0, flags=1, > interact=0x401660<lutil_sasl_interact>, defaults=0x60cae0, result=0x0, > rmech=0x7fffffffd878, > msgid=0x7fffffffd88c) at ../../../libraries/libldap/cyrus.c:444 > 444 oldctx = ld->ld_defconn->lconn_sasl_authctx; > (gdb) p ld->ldc->ldc_defconn > $1 = (LDAPConn *) 0x0 > > If you set slapd to use TLS certs (uncomment the 'TLS*' lines in the config), > there is no segfault. > > The reproducer and the config can be found here: > URL1: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/reproducer.c > URL2: http://jsynacek.fedorapeople.org/openldap/rebind-segfault/cn=config.ldif > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7205) olcSuffix does not support modifications
by hyc＠symas.com 26 Mar '12

26 Mar '12

elecharny(a)apache.org wrote: > Full_Name: Emmanuel Lecharny > Version: 2.4.24 > OS: Ubuntu > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (78.226.4.211) > > > The olcSuffix AT, which is not declared as SINGLE-VALUED, does not support more > than one value. Per se, the definition of this AT should be explicit about it. No. The attribute is not single-valued, but individual backend implementations may only allow a single suffix. > However, this is not the main issue. > > Trying to modify its value using such a LDIF file : > > dn: olcDatabase={3}ldif,cn=config > changetype: modify > delete: olcSuffix > olcSuffix: cn=test2 > - > add: olcSuffix > olcSuffix: cn=test3 > - > > leads to an error : > #!ERROR [LDAP: error code 80 -<olcSuffix> Only one suffix is allowed on this > ldif backend] > > It seems that there is an internal check that is done to insure that the > olcSuffix does not contain more than one value, bypassing the AT definition, and > that this check is not correctly done when a modify operation is sent. Thanks for the report, now fixed in master. > > Deleting the olcSuffix AT and injcting a new one works. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7214) Openldap contextCSN issue on seconday ldap server
by hyc＠symas.com 26 Mar '12

26 Mar '12

pawank.kamboj(a)gmail.com wrote: > Full_Name: Pawan Kumar > Version: openldap-2.3.32 > OS: CentOS release 4.5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (14.140.116.135) > > That release is over 5 years old and the Project stopped supporting it years ago. If you require support on this release contact your distribution provider. Otherwise, upgrade to a current release (2.4.30 is latest). > Hi, > We are using openldap-2.3.32 on CentOS release 4.5(2.6.9-89.0.25.ELsmp). > We have master-slave setup and we have two secondary ldap servers on which we > are only replicating the one of our OU. We are not able see the contextCSN on > secondary ldap servers. we are using the syncreplca(delta sync replication using > accesslog. > Below are the secondary slapd.conf replication section. > > syncrepl rid=111 provider=ldap://masterldapserver type=refreshAndPersist > retry="60 10 300 +" searchbase="ou=people,dc=example,dc=co,dc=in" > schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=co,dc=in" > credentials=password logbase="cn=accesslog" > logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog > > And how we can monitor ldap replication in that case where we are replicating > only one OU from master ldap server? > > any quick response will be appreciated. > > > > > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7215) Configuration Bug of index_substr_if_{max, min}len
by hyc＠symas.com 26 Mar '12

26 Mar '12

tixu(a)cs.ucsd.edu wrote: > Full_Name: Tianyin Xu > Version: 2.4.30 > OS: Ubuntu Linux 10.04 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (128.54.167.68) > > > 1. Symptom: > > In the main configuration file of OpenLDAP (slapd.conf), set the following > configuration: > > index_substr_if_minlen 100 > index_substr_if_maxlen 5 > > Then, everything is fine. The system behaves as expectation. However, if reverse > the order of the two configuration line as follows: > > index_substr_if_maxlen 5 > index_substr_if_minlen 100 > > Then, the system refused to start, with the following misleading message: > > Mar 25 21:29:18 tianyin-desktop slapd[12700]: > /home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf: line 1: > <index_substr_if_minlen> invalid value (5) Unable to reproduce this symptom. In both cases I get testrun/slapd.1.conf: line 31: <index_substr_if_minlen> invalid value (100) Closing this ITS. > > --------------------------------------------------------- > > 2. Root cause in terms of code snippet > > (1) servers/slapd/slap.h > > #define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2 > #define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4 > > (2) servers/slapd/schema_init.c > > unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT; > unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT; > > (3) servers/slapd/bconfig.c > > case CFG_SSTR_IF_MAX: > if (c->value_uint< index_substr_if_minlen) { > snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s> invalid value", > c->argv[0]); > Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg, > c->value_int); > return(1); > } > index_substr_if_maxlen = c->value_uint; > break; > > case CFG_SSTR_IF_MIN: > if (c->value_uint> index_substr_if_maxlen) { > snprintf(c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", > c->argv[0]); > Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg, c->value_int > ); > return(1); > } > index_substr_if_minlen = c->value_uint; > break; > > (4) backtrace > > #0 config_generic (c=0x915760) at bconfig.c:1996 > #1 0x0000000000433a00 in config_set_vals (Conf=0x8146c0, c=0x915760) at > config.c:345 > #2 0x0000000000433f5f in config_add_vals (Conf=0x8146c0, c=0x915760) at > config.c:418 > #3 0x00000000004351b3 in read_config_file (fname=0x5a0a98 > "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, > cft=0x8140c0) at config.c:783 > #4 0x000000000042846b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 > #5 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 > > --------------------------------------------------------- > > It's quite clear that the order matters, and this should be a bug related to > configuration. > > Thanks, > Tianyin > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7216) Recursive function call of "include"
by hyc＠symas.com 26 Mar '12

26 Mar '12

tixu(a)cs.ucsd.edu wrote: > Full_Name: Tianyin Xu > Version: 2.4.30 > OS: Ubuntu Linux 10.04 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (128.54.167.68) > > > 1. Problem > > In OpenLDAP-2.4.30, the recursive "include" directive in the configuration files > cannot be detected but only terminated by the OS. The message cannot pinpoint > the root cause (it's quite misleading). Here, the recursive "include" is > referred to the following case: > > In slapd.conf: include sub.conf > In sub.conf: include slapd.conf Don't do that. Closing this ITS. > > The message will be like: > > Mar 22 11:39:03 tianyin-desktop start_slapd[30825]: could not open config file > "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf": Too many open files > (24) > > > 2. Root Cause > > (1) The bomb point is in read_config_file() in servers/slapd/config.c > > if ( stat( fname,&s ) != 0 ) { > ldap_syslog = 1; > Debug(LDAP_DEBUG_ANY, > "could not stat config file \"%s\": %s (%d)\n", > fname, strerror(errno), errno); > ch_free( c ); > return(1); > } > > (2) The recursive call chain: notice #0, #4, and #8 > > #0 read_config_file (fname=0x94ebc8 > "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=1, cf=0x94c790, > cft=0x845de0) at config.c:704 > #1 0x00000000004124e9 in config_include (c=0x94c790) at bconfig.c:3754 > #2 0x000000000041f0cc in config_set_vals (Conf=0x8463a0, c=0x94c790) at > config.c:345 > #3 0x000000000041f62b in config_add_vals (Conf=0x8463a0, c=0x94c790) at > config.c:418 > #4 0x000000000042087f in read_config_file (fname=0x9493f0 > "/home/tianyin/openldap-2.4.30/sub.conf", depth=1, cf=0x949ad0, cft=0x845de0) at > config.c:783 > #5 0x00000000004124e9 in config_include (c=0x949ad0) at bconfig.c:3754 > #6 0x000000000041f0cc in config_set_vals (Conf=0x8463a0, c=0x949ad0) at > config.c:345 > #7 0x000000000041f62b in config_add_vals (Conf=0x8463a0, c=0x949ad0) at > config.c:418 > #8 0x000000000042087f in read_config_file (fname=0x5c5198 > "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, > cft=0x845de0) at config.c:783 > #9 0x0000000000413c9b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 > #10 0x0000000000407fc7 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 > > > Thanks! > Tianyin > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7216) Recursive function call of "include"
by tixu＠cs.ucsd.edu 26 Mar '12

26 Mar '12

Full_Name: Tianyin Xu Version: 2.4.30 OS: Ubuntu Linux 10.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.54.167.68) 1. Problem In OpenLDAP-2.4.30, the recursive "include" directive in the configuration files cannot be detected but only terminated by the OS. The message cannot pinpoint the root cause (it's quite misleading). Here, the recursive "include" is referred to the following case: In slapd.conf: include sub.conf In sub.conf: include slapd.conf The message will be like: Mar 22 11:39:03 tianyin-desktop start_slapd[30825]: could not open config file "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf": Too many open files (24) 2. Root Cause (1) The bomb point is in read_config_file() in servers/slapd/config.c if ( stat( fname, &s ) != 0 ) { ldap_syslog = 1; Debug(LDAP_DEBUG_ANY, "could not stat config file \"%s\": %s (%d)\n", fname, strerror(errno), errno); ch_free( c ); return(1); } (2) The recursive call chain: notice #0, #4, and #8 #0 read_config_file (fname=0x94ebc8 "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=1, cf=0x94c790, cft=0x845de0) at config.c:704 #1 0x00000000004124e9 in config_include (c=0x94c790) at bconfig.c:3754 #2 0x000000000041f0cc in config_set_vals (Conf=0x8463a0, c=0x94c790) at config.c:345 #3 0x000000000041f62b in config_add_vals (Conf=0x8463a0, c=0x94c790) at config.c:418 #4 0x000000000042087f in read_config_file (fname=0x9493f0 "/home/tianyin/openldap-2.4.30/sub.conf", depth=1, cf=0x949ad0, cft=0x845de0) at config.c:783 #5 0x00000000004124e9 in config_include (c=0x949ad0) at bconfig.c:3754 #6 0x000000000041f0cc in config_set_vals (Conf=0x8463a0, c=0x949ad0) at config.c:345 #7 0x000000000041f62b in config_add_vals (Conf=0x8463a0, c=0x949ad0) at config.c:418 #8 0x000000000042087f in read_config_file (fname=0x5c5198 "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, cft=0x845de0) at config.c:783 #9 0x0000000000413c9b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 #10 0x0000000000407fc7 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 Thanks! Tianyin

1 0

(ITS#7215) Configuration Bug of index_substr_if_{max, min}len
by tixu＠cs.ucsd.edu 26 Mar '12

26 Mar '12

Full_Name: Tianyin Xu Version: 2.4.30 OS: Ubuntu Linux 10.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.54.167.68) 1. Symptom: In the main configuration file of OpenLDAP (slapd.conf), set the following configuration: index_substr_if_minlen 100 index_substr_if_maxlen 5 Then, everything is fine. The system behaves as expectation. However, if reverse the order of the two configuration line as follows: index_substr_if_maxlen 5 index_substr_if_minlen 100 Then, the system refused to start, with the following misleading message: Mar 25 21:29:18 tianyin-desktop slapd[12700]: /home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf: line 1: <index_substr_if_minlen> invalid value (5) --------------------------------------------------------- 2. Root cause in terms of code snippet (1) servers/slapd/slap.h #define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2 #define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4 (2) servers/slapd/schema_init.c unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT; unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT; (3) servers/slapd/bconfig.c case CFG_SSTR_IF_MAX: if (c->value_uint < index_substr_if_minlen) { snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s> invalid value", c->argv[0]); Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg, c->value_int); return(1); } index_substr_if_maxlen = c->value_uint; break; case CFG_SSTR_IF_MIN: if (c->value_uint > index_substr_if_maxlen) { snprintf(c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0]); Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n", c->log, c->cr_msg, c->value_int ); return(1); } index_substr_if_minlen = c->value_uint; break; (4) backtrace #0 config_generic (c=0x915760) at bconfig.c:1996 #1 0x0000000000433a00 in config_set_vals (Conf=0x8146c0, c=0x915760) at config.c:345 #2 0x0000000000433f5f in config_add_vals (Conf=0x8146c0, c=0x915760) at config.c:418 #3 0x00000000004351b3 in read_config_file (fname=0x5a0a98 "/home/tianyin/openldap-2.4.30/etc/openldap/slapd.conf", depth=0, cf=0x0, cft=0x8140c0) at config.c:783 #4 0x000000000042846b in read_config (fname=0x0, dir=0x0) at bconfig.c:4213 #5 0x000000000041c217 in main (argc=1, argv=0x7fffffffe2f8) at main.c:792 --------------------------------------------------------- It's quite clear that the order matters, and this should be a bug related to configuration. Thanks, Tianyin

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs