openldap-bugs

openldap-bugs@openldap.org

1 participants
20967 discussions

(ITS#5520) infinite recursion in syncrepl overlay
by jeff＠jeffrodriguez.com 20 May '08

20 May '08

Full_Name: Jeff Rodriguez Version: 2.3.30 OS: Debian etch URL: ftp://ftp.openldap.org/incoming/jeff-rodriguez-080520.tgz Submission from: (NULL) (208.48.140.97) syncprov seems to be causing a segfault when importing kerberos entries. slapd.conf, LDIFs, heimdal kerberos schema, and logs included. These are live files I was used to generate the segfault. It's also reproducible with the conf and ldif files customized to the environment. Commenting out syncprov and related lines in the conf eliminates the segfault. 1. stop slapd 2. wipe out current database 3. slapadd schema.ldif and chown the database to openldap user and group 4. start slapd with: /usr/sbin/slapd -g openldap -u openldap -d 1 -h "ldap:/// ldapi:///" 5. add ldif entries live: ldapadd -H ldapi:///var/run/ldapi -D cn=admin,o=example -w CHANGE_THIS_PASSWORD -f bugged.ldif 6. segfault uname -a: Linux ds1.phx2 2.6.18-6-xen-amd64 #1 SMP Sun Feb 10 18:02:52 UTC 2008 x86_64 GNU/Linux

1 0

Re: (ITS#5518) Assertion error in io.c:234: ber_flush2
by hyc＠symas.com 20 May '08

20 May '08

zulcss(a)ubuntu.com wrote: > Full_Name: Chuck Short > Version: 2.4.7 > OS: Ubuntu > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.142.121.161) > > > We are getting assertion errors in libraries/liblber/io.c. The original bug > report is located at the following: > > http://bugs.launchpad.net/bugs/215904 I've requested some more information on the above bug report. Looking back over ITS, it seems this has been a long-standing problem with nss-ldap. http://www.openldap.org/its/index.cgi/Incoming?id=3874;expression=liblber http://www.openldap.org/its/index.cgi/Incoming?id=4014;expression=liblber https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124549 http://www.openldap.org/its/index.cgi/Incoming?id=4445;expression=liblber Unfortunately the information in the other reports is a bit confusing; e.g. the redhat bug indicates that a kernel update fixed the issue. That doesn't really make any sense. Hopefully we can get some consistent info to track it down this time. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5519) Compilation fails when linking with ldap threading symbols
by h.b.furuseth＠usit.uio.no 20 May '08

20 May '08

fredme writes: > Ldap compilation fails when I am trying to compile with-threads and > back_shell enabled. I think you mean --without-threads broke it... BTW, note that --enable-backends and --enable-overlays enable all backends/overlays, you don't need --enable-<individual backend/overlay> switches in addition. And to drop the shell backend as Howard suggests, you'd then override with --disable-shell. -- Hallvard

1 0

Re: (ITS#5519)
by hyc＠symas.com 20 May '08

20 May '08

fredme(a)gmail.com wrote: > All works fine if I change the flags to --with-threads and --disable-shell. This is now fixed in CVS HEAD. It's probably best that you build with --disable-shell anyway though. Migrate to back-sock instead... -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5519)
by fredme＠gmail.com 19 May '08

19 May '08

All works fine if I change the flags to --with-threads and --disable-shell.

1 0

(ITS#5519) Compilation fails when linking with ldap threading symbols
by fredme＠gmail.com 19 May '08

19 May '08

Full_Name: Eugenio Grytsenko Version: 2.4.9 OS: Suse Linux Enterprise Server 9 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.5.92.164) Ldap compilation fails when I am trying to compile with-threads and back_shell enabled. Here is the trace: ============ CUT HERE ============ creating .libs/slapdS.c (cd .libs && cc -c -fno-builtin "slapdS.c") rm -f .libs/slapdS.c .libs/slapd.nm .libs/slapd.nmS .libs/slapd.nmT cc -g -O2 .libs/slapdS.o -o .libs/slapd main.o globals.o bconfig.o config.o daemon.o connection.o search.o filter.o add.o cr.o attr.o entry.o backend.o backends.o result.o operation.o dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o value.o ava.o bind.o unbind.o abandon.o filterentry.o phonetic.o acl.o str2filter.o aclparse.o init.o user.o lock.o controls.o extended.o passwd.o schema.o schema_check.o schema_init.o schema_prep.o schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o oidm.o starttls.o index.o sets.o referral.o root_dse.o sasl.o module.o mra.o mods.o sl_malloc.o zn_malloc.o limits.o operational.o matchedValues.o cancel.o syncrepl.o backglue.o backover.o ctxcsn.o ldapsync.o frontend.o slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o slappasswd.o slaptest.o slapauth.o slapacl.o component.o aci.o alock.o txn.o version.o -rdynamic -Wl,-rpath -Wl,/usr/lib/perl5/5.8.3/x86_64-linux-thread-multi/CORE -Wl,--export-dynamic libbackends.a liboverlays.a ../../libraries/liblunicode/liblunicode.a ../../libraries/librewrite/librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/.libs/libldap_r.so /root/fred/ldap24/openldap-2.4.9/libraries/liblber/.libs/liblber.so ../../libraries/liblber/.libs/liblber.so /usr/lib64/libdb-4.2.so -L/usr/local/lib64 /usr/lib/perl5/5.8.3/x86_64-linux-thread-multi/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl5/5.8.3/x86_64-linux-thread-multi/CORE -lperl /usr/lib64/libodbc.so -lpthread /usr/lib64/libslp.so -lm -lnsl /usr/lib64/libsasl2.so -lssl -lcrypto -lcrypt -lresolv libslapi.a /usr/lib64/libltdl.so -ldl -lwrap daemon.o(.text+0xe3f): In function `slap_listener_thread': /root/fred/ldap24/openldap-2.4.9/servers/slapd/daemon.c:1824: warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead daemon.o(.text+0xe2e):/root/fred/ldap24/openldap-2.4.9/servers/slapd/daemon.c:1824: warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead result.o(.text+0x12cd): In function `slap_send_search_entry': /root/fred/ldap24/openldap-2.4.9/servers/slapd/result.c:1042: undefined reference to `ldap_pvt_thread_pool_pausing' syncrepl.o(.text+0x6bd5): In function `do_syncrep2': /root/fred/ldap24/openldap-2.4.9/servers/slapd/syncrepl.c:1140: undefined reference to `ldap_pvt_thread_pool_pausing' syncrepl.o(.text+0x6d2c):/root/fred/ldap24/openldap-2.4.9/servers/slapd/syncrepl.c:1140: undefined reference to `ldap_pvt_thread_pool_pausing' liboverlays.a(syncprov.o)(.text+0x4e2d): In function `syncprov_op_mod': /root/fred/ldap24/openldap-2.4.9/servers/slapd/overlays/syncprov.c:1809: undefined reference to `ldap_pvt_thread_pool_pausecheck' collect2: ld returned 1 exit status make[2]: *** [slapd] Error 1 make[2]: Leaving directory `/root/fred/ldap24/openldap-2.4.9/servers/slapd' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/root/fred/ldap24/openldap-2.4.9/servers' make: *** [all-common] Error 1 ============ CUT HERE ============ OS I am using: Suse Linux Enterprise Server 9 GCC version string: Reading specs from /usr/lib64/gcc-lib/x86_64-suse-linux/3.3.3/specs Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada --disable-checking --libdir=/usr/lib64 --enable-libgcj --with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib64 --with-system-zlib --enable-shared --enable-__cxa_atexit x86_64-suse-linux Thread model: posix gcc version 3.3.3 (SuSE Linux) My machine architecture: x86_64 My Kernel: Linux cs9 2.6.16.27-0.9-xen #1 SMP Tue Feb 13 09:35:18 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux My OpenLDAP configure command: ./configure \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/lib64 \ --datadir=/usr/share \ --sysconfdir=/etc \ --sharedstatedir=/usr/share/com \ --localstatedir=/var/run/slapd \ --libdir=/usr/lib64 \ --includedir=/usr/include \ --oldincludedir=/usr/include \ --infodir=/usr/share/info \ --mandir=/usr/share/man \ --enable-debug \ --enable-dynamic \ --enable-syslog \ --enable-proctitle \ --enable-ipv6 \ --enable-local \ --enable-slapd \ --enable-dynacl \ --enable-aci \ --enable-cleartext \ --enable-crypt \ --enable-lmpasswd \ --enable-spasswd \ --enable-modules \ --enable-rewrite \ --enable-rlookups \ --enable-slapi \ --enable-slp \ --enable-wrappers \ --enable-backends \ --enable-bdb \ --enable-dnssrv \ --enable-hdb \ --enable-ldap \ --enable-meta \ --enable-monitor \ --enable-null \ --enable-passwd \ --enable-perl \ --enable-relay \ --enable-shell \ --enable-sock \ --enable-sql \ --enable-overlays \ --enable-accesslog \ --enable-auditlog \ --enable-constraint \ --enable-dds \ --enable-dyngroup \ --enable-dynlist \ --enable-memberof \ --enable-ppolicy \ --enable-proxycache \ --enable-refint \ --enable-retcode \ --enable-rwm \ --enable-seqmod \ --enable-syncprov \ --enable-translucent \ --enable-unique \ --enable-valsort \ --enable-static \ --enable-shared \ --enable-fast-install \ --with-cyrus-sasl \ --without-threads \ --with-tls \ --with-yielding-select \ --with-mp \ --with-odbc=unixodbc \ --with-gnu-ld \ --with-pic Thanks.

1 0

Re: (ITS#5515) v2.4.9 + GnuTLS fails with wildcard certificate, OpenSSL works correctly
by quanah＠zimbra.com 19 May '08

19 May '08

--On Sunday, May 18, 2008 6:24 AM +0000 hyc(a)symas.com wrote: > bgoldsbury(a)gleim.com wrote: >> Full_Name: Ben Goldsbury >> Version: 2.4.9 >> OS: Debian >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (209.208.68.2) >> >> >> When OpenLDAP 2.4.9 is compiled against GnuTLS (version 2.2.1 in my >> testing) and using a valid Wildcard SSL certificate, TLS connections to >> OpenLDAP fail with: >> >> TLS certificate verification: Error, unable to get local issuer >> certificate User verifies that this is a GnuTLS bug, this ITS will be closed. See last follow up in: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477396> --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#5518) Assertion error in io.c:234: ber_flush2
by zulcss＠ubuntu.com 19 May '08

19 May '08

Full_Name: Chuck Short Version: 2.4.7 OS: Ubuntu URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.142.121.161) We are getting assertion errors in libraries/liblber/io.c. The original bug report is located at the following: http://bugs.launchpad.net/bugs/215904 Thanks chuck

1 0

(ITS#5517) add superclass of existing class fails
by h.b.furuseth＠usit.uio.no 18 May '08

18 May '08

Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard If objectclass B is a subclass of A, and an entry contains objectclass B but not A, slapd returns attributeOrValueExists to a request to add A. OTOH it allows replace(objectClass: <A, B>), and after that it allows delete(objectClass: A). This is inconsistent. If the objectClass attribute contains B, does it "really" contain A as well? I couldn't find such a statement in the RFCs, so my guess is that add(objectClass: A) should be allowed. Though I haven't looked all that hard. Example: ldapadd -cx <<'EOF' # Create initial object dn: c=NO objectClass: friendlyCountry c: NO co: Norway # error dn: c=NO changetype: modify add: objectClass objectClass: top - # error dn: c=NO changetype: modify add: objectClass objectClass: country - # success dn: c=NO changetype: modify replace: objectClass objectClass: top objectClass: country objectClass: friendlyCountry - # success dn: c=NO changetype: modify delete: objectClass objectClass: top - # success dn: c=NO changetype: modify delete: objectClass objectClass: country - EOF

1 0

Re: (ITS#5515) v2.4.9 + GnuTLS fails with wildcard certificate, OpenSSL works correctly
by bpgoldsb＠gleim.com 18 May '08

18 May '08

We're using *.domain.tld in the CN and subjectAltName:DNS:*.domain.tld This may be a GnuTLS issue, as I am able to reproduce it with the GnuTLS server/client testing tools. On Sat, 2008-05-17 at 23:23 -0700, Howard Chu wrote: > bgoldsbury(a)gleim.com wrote: > > Full_Name: Ben Goldsbury > > Version: 2.4.9 > > OS: Debian > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (209.208.68.2) > > > > > > When OpenLDAP 2.4.9 is compiled against GnuTLS (version 2.2.1 in my testing) and > > using a valid Wildcard SSL certificate, TLS connections to OpenLDAP fail with: > > > > TLS certificate verification: Error, unable to get local issuer certificate > > > > When OpenLDAP 2.4.9 is compiled against OpenSSL (version 0.9.8c in my testing) > > and using the same certificate, connections work properly. > > > > Please contact me if you need any additional information. > > This sounds an awful lot like ITS#5361, which is a known defect in GnuTLS. > > What exactly do you mean by "Wildcard SSL certificate" ? There are a couple > different approaches to that. One uses the subjectAltName extension, and that > is the officially sanctioned approach. One uses "*" in the certificate CN, and > that is non-standard and generally not supposed to work.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs