openldap-bugs

openldap-bugs@openldap.org

1 participants
20958 discussions

(ITS#4907) Syncrepl consumer failing to perform deletes
by unix.gurus＠gmail.com 02 Apr '07

02 Apr '07

Full_Name: Sean Burford Version: 2.3.32 OS: Linux 2.4.20 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.57.245.11) I am attempting to set up syncrepl between two OpenLDAP 2.3.32 servers. Adds and Modifies are replicated from the provider to the consumer, but deletes result in thousands of "unknown filter type 136644788" messages in the consumer log and no deletion. Commenting out the syncprov-sessionlog directive works around the issue. The search that the syncrepl consumer does, when presented with a delete from the syncprov log, seems to be poorly formed or corrupted. Overflowing the syncprov-sessionlog between consumer polls prevents this behaviour. Provider config: overlay syncprov syncprov-checkpoint 100 10 # Values 1 and 100 tested for syncprov-sessionlog. # Both have same symptoms. syncprov-sessionlog 1 Consumer config: syncrepl rid=007 provider=ldaps://ldaptest-master.SITE:636 type=refreshOnly interval=00:00:00:10 searchbase="XXX" filter="(objectClass=*)" scope=sub # Different attrs values do not affect this issue attrs="*,+" schemachecking=off # Different bind methods do not affect this issue bindmethod=sasl saslmech=GSSAPI updateref ldap://ldaptest-master.SITE:389 With "loglevel stats sync" on the consumer, syslog logs this: Apr 2 13:18:16 slapd[964]: do_syncrep2: rid 007 LDAP_RES_SEARCH_RESULT Apr 2 13:18:26 slapd[964]: do_syncrep2: rid 007 LDAP_RES_SEARCH_RESULT Apr 2 13:18:36 slapd[964]: do_syncrep2: rid 007 LDAP_RES_SEARCH_RESULT Apr 2 13:18:46 slapd[964]: do_syncrep2: rid 007 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Apr 2 13:18:46 slapd[964]: unknown filter type 136644788 Apr 2 13:18:46 slapd[964]: unknown filter type 136644788 Apr 2 13:18:46 slapd[964]: unknown filter type 136644788 Apr 2 13:18:46 slapd[964]: unknown filter type 136644788 ... Running slapd with -d1 on the consumer produces the following debug output. You can see the intermediate result getting parsed (it contains the refreshdeletes flag then a set of (one) UUIDs to delete). The backend is then searched for the UUID, but each entry in the backend generates an unknown filter type message: ... read1msg: ld 0x8814ea0 msgid 2 message type intermediate ber_scanf fmt ({eaa) ber: ldap_parse_intermediate ber_scanf fmt ({) ber: ber_scanf fmt (a) ber: ber_scanf fmt (O) ber: ber_scanf fmt (t{) ber: ber_scanf fmt (m) ber: ber_scanf fmt (b) ber: ber_scanf fmt ([W]) ber: ber_scanf fmt (}) ber: => bdb_search bdb_dn2entry("dc=XXX") search_candidates: base="dc=XXX" (0x00000001) scope=2 => bdb_dn2idl("dc=XXX") bdb_search_candidates: id=-1 first=1 last=203912 unknown filter type 136644788 bdb_search: 1 does not match filter entry_decode: "ou=YYY,XXX" <= entry_decode(ou=YYY,XXX) => bdb_dn2id("ou=YYY,XXX") <= bdb_dn2id: got id=0x00000002 unknown filter type 136644788 bdb_search: 2 does not match filter ... entry_decode: "uid=ZZZ,YYY" <= entry_decode(uid=ZZZ,YYY) unknown filter type 136644788 bdb_search: 203912 does not match filter send_ldap_result: conn=-1 op=0 p=3 ldap_msgfree ldap_result ld 0x8814ea0 msgid -1 ldap_chkResponseList ld 0x8814ea0 msgid -1 all 0 ldap_chkResponseList returns ld 0x8814ea0 NULL wait4msg ld 0x8814ea0 msgid -1 (infinite timeout) wait4msg continue ld 0x8814ea0 msgid -1 all 0 136644788 (0x82508B4) is not consistent across runs, it appears to be an address in the JCR rather than a valid filter type. The delete message content looks OK: 0040 30 68 02 01 02 79 63 80 18 31 2e 33 2e 36 0h...y c..1.3.6 | | | | +---------------syncoid.syncinfo | | | +---------------------req oid (len 0x18) | | +-----------------------length 0x63 | +---------------------------result intermediate +-------------------------------------message ID 2 0050 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e .1.4.1.4 203.1.9. 0060 31 2e 34 81 47 a3 45 04 2c 63 73 6e 3d 32 30 30 1.4.G.E. ,csn=200 | | | +---------------------CSN,RID (cookie) | | +----------------------------sync cookie (len 0x2c) | +----------------------------------SYNC_ID_SET (len 0x45) +----------------------------------------req value (len 0x47) 0070 37 30 34 30 32 32 30 34 38 32 33 5a 23 30 30 30 70402204 823Z#000 0080 30 30 30 23 30 30 23 30 30 30 30 30 30 2c 72 69 000#00#0 00000,ri 0090 64 3d 30 30 37 01 01 ff 31 12 04 10 48 4a 1b 88 d=007... 1...HJ.. | | | +------------UUID (remainder of packet) | | +------------------octetstring (len 0x10) | +------------------------lber set (len 0x12) +----------------------------------refreshdeletes(bool:FF) 00a0 75 a6 10 2b 8c 79 83 6d 14 6d 34 77 Backend: bdb 4.4.20

1 0

Re: (ITS#4881) ldapsearch, SSL and segmentation fault
by hyc＠symas.com 02 Apr '07

02 Apr '07

andrej.groups(a)gmail.com wrote: > Full_Name: Andrej Ricnik > Version: ldapsearch 2.3.21 > OS: Slackware 11 > URL: > Submission from: (NULL) (138.235.105.2) > > > I'm trying to use ldapsearch against Novell eDir 8.7.3.9 (on Solaris) which > works fine when used w/o encryption. If I use the self-signed Cert created on > the eDir server ldapsearch segfaults. > > This works fine (returns the expected 46 DNs): > ldapsearch -D cn=wpsbind,ou=wcm,ou=systemusers,ou=users,o=myorg -W -h > dev4.kdc.myorg.org -x -s sub -LLL '(cn=*)' > > This one segfaults after the 45th DN: > ldapsearch -ZZ -D cn=wpsbind,ou=wcm,ou=systemusers,ou=users,o=myorg -W -h > dev4.kdc.myorg.org -x -s sub -LLL '(cn=*)' > > It looks similar to ITN# 889 ... Not likely, since that involved SASL and this does not. There's not enough info here. Please provide a stack trace of the crash in the client. Also see the FAQ http://www.openldap.org/faq/index.cgi?file=59 -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: slapd+pcache keeps crashing on FreeBSD 6.2 (ITS#4841)
by hyc＠symas.com 02 Apr '07

02 Apr '07

imriz(a)co.zahav.net.il wrote: > Sure. New core dumps and binary file is at > http://mariska.inter.net.il/~imriz/slapd-core.tar.gz The slapd in this snapshot was stripped so no debug symbols are present. Please be sure to use an unstripped binary. Also, since you're also loading libldap_r, liblber, back-ldap, back-bdb, back-meta, and back-ldbm dynamically, you'll need to include those modules in the tarball. (Also with debug and unstripped.) Although at this point I'm wondering why you're using back-ldbm, which has been deprecated for quite a long time. > Please notice that the previous dump was from FreeBSD ports (OpenLDAP > version 2.3.33). > > This one was fetched from the CVS (OPENLDAP_REL_ENG_2_3), with the > following configure options: > > ./configure --with-threads=posix --with-tls=openssl --enable-dynamic > --without-cyrus-sasl --enable-modules --localstatedir=/var/ > db --enable-ldbm=mod --enable-crypt --enable-lmpasswd --enable-ldap=mod > --enable-meta=mod --enable-rewrite --enable-null=mod --enabl > e-monitor=mod --enable-proxycache --disable-syncprov --enable-bdb=mod > --enable-hdb=mod --enable-dbm-api=berkeley --disable-slurpd -- > prefix=/usr/local --enable-debug > > > -----Original Message----- > From: Howard Chu [mailto:openldap-its@OpenLDAP.org] > Sent: Tuesday, February 13, 2007 1:14 AM > To: Imri Zvik > Subject: Re: slapd+pcache keeps crashing on FreeBSD 6.2 (ITS#4841) > > It looks like this core is from a binary without debug symbols present, > can you > recompile with debugging enabled and get a new stack trace and core > file? > > > . > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 7:44 PM +0000 quanah(a)stanford.edu wrote: > > > --On Monday, April 02, 2007 9:42 PM +0200 Pierangelo Masarati > <ando(a)sys-net.it> wrote: > >> quanah(a)stanford.edu wrote: >> >>> database hdb >>> suffix "dc=stanford,dc=edu" >>> rootdn "cn=manager,dc=stanford,dc=edu" >>> >>> overlay valsort >>> valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted >>> valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted >>> >>> overlay dynlist >>> dynlist-attrset groupOfURLS memberURL member >>> >>> limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" >>> time.soft=unlimited time.hard=unlimited size.soft=unlimited >>> size.hard=unlimited >> >> There it is: "limits" is a database specific directive appearing >> __after__ overlay instantiation. Try moving all database-specific >> directives __before__ any overlay instantiation. > > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. In any case, reordering the slapd.conf files so the overlay stuff all appears last has definitely fixed it. Yeah, and thanks. :) There's a lot I'm looking forward to in 2.4. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 12:42 PM -0700 Quanah Gibson-Mount <quanah(a)stanford.edu> wrote: > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. That doesn't seem to be it either. For example, on my master, I have: database hdb suffix "dc=stanford,dc=edu" rootdn "cn=manager,dc=stanford,dc=edu" # Syncrepl Provider overlay syncprov syncprov-checkpoint 1000 60 # Dynamic Group Overlay overlay dyngroup # Uniqueness Overlay overlay unique unique_base cn=people,dc=stanford,dc=edu unique_attributes suunivid suproxycardnumber sucardnumber suuniqueidentifier # Valsort Overlay overlay valsort valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted #valsort-attr ou cn=people,dc=stanford,dc=edu weighted #valsort-attr suAffiliation cn=people,dc=stanford,dc=edu weighted #valsort-attr suDisplayAffiliation cn=people,dc=stanford,dc=edu weighted overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 07+00:00 01+00:00 # Let ldapadmin have limitless searches limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited limits group="cn=ldapreplica,cn=applications,dc=stanford,dc=edu" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # Save the time that the entry gets modified lastmod on # Set the location of where the database storage files go. directory /var/lib/ldap dbconfig set_cachesize 3 536870912 1 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_lg_dir /var/log/bdb dbconfig set_lk_max_locks 3000 # # Automatically remove log files that are no longer needed. dbconfig set_flags DB_LOG_AUTOREMOVE # # Setting set_tas_spins reduces resource contention from multiple clients on systems with multiple CPU's. dbconfig set_tas_spins 1 # Checkpoint the database to prevent transaction loss in unclean shutdowns, and speed up slapd shutdowns. checkpoint 1024 5 # Indices to maintain index default eq index cn index dc index entryCSN index entryUUID index objectClass index krb5PrincipalName index suCardNumber index suGeneralID index suProxyCardNumber index suRegID index suUniqueIdentifier index suUnivID index uid ####################################################################### # back-monitor database definitions ####################################################################### database monitor As you can see, *multiple* overlay statements and directives, prior to the "limits" command. It does not exhibit the problems I see on my replica. The issue only arises once dynlist is enabled. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by ando＠sys-net.it 02 Apr '07

02 Apr '07

Quanah Gibson-Mount wrote: > Ah, I see... So its not just global/db. > > So all overlay bits should be listed last? And I assume this only > happens when you have more than one overlay in use? Because it only > happens once both valsort and dynlist are enabled. Well, the issue is subtle. You risk inconsistency whenever an overlay supports back-config __and__ the out-of-order directive uses some special back-config feature, like the possibility to directly write a value to the database/overlay structure. The way back-config statement/data structure resolution is designed in re23, the out-of-order directive will use the wrong data structure, thus resulting at least in breaking the configuration but, in some cases, in breaking the consistency of the process, by randomly writing, for example, on the stack or on the heap. This should be now fixed in HEAD, but the fix was not so easy to backport because back-config significantly changed in the meanwhile. So, since usually there is no need to write out-of-order statements (back-meta could be an exception, but fortunately enough it doesn't support back-config yet :), there is no pressure for fixing this issue in re23. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 9:42 PM +0200 Pierangelo Masarati <ando(a)sys-net.it> wrote: > quanah(a)stanford.edu wrote: > >> database hdb >> suffix "dc=stanford,dc=edu" >> rootdn "cn=manager,dc=stanford,dc=edu" >> >> overlay valsort >> valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted >> valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted >> >> overlay dynlist >> dynlist-attrset groupOfURLS memberURL member >> >> limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" >> time.soft=unlimited time.hard=unlimited size.soft=unlimited >> size.hard=unlimited > > There it is: "limits" is a database specific directive appearing > __after__ overlay instantiation. Try moving all database-specific > directives __before__ any overlay instantiation. Ah, I see... So its not just global/db. So all overlay bits should be listed last? And I assume this only happens when you have more than one overlay in use? Because it only happens once both valsort and dynlist are enabled. --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Re: (ITS#4903) dynlist issues with memory allocation
by ando＠sys-net.it 02 Apr '07

02 Apr '07

quanah(a)stanford.edu wrote: > database hdb > suffix "dc=stanford,dc=edu" > rootdn "cn=manager,dc=stanford,dc=edu" > > overlay valsort > valsort-attr suOrgContactStanford cn=orgs,dc=stanford,dc=edu weighted > valsort-attr suOrgContactWorld cn=orgs,dc=stanford,dc=edu weighted > > overlay dynlist > dynlist-attrset groupOfURLS memberURL member > > limits group="cn=ldapadmin,cn=applications,dc=stanford,dc=edu" > time.soft=unlimited time.hard=unlimited size.soft=unlimited > size.hard=unlimited There it is: "limits" is a database specific directive appearing __after__ overlay instantiation. Try moving all database-specific directives __before__ any overlay instantiation. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4902) ManPage in 2.3.19 RPM is completely screwed up
by ando＠sys-net.it 02 Apr '07

02 Apr '07

Please keep replies on the ITS: the "T" stands for "tracking". Wei Weng wrote: > I just installed 2.3.34 version that was found to be the latest > "Release" from openLDAP. Not only there isn't any mention of > LDAP_DEPRECATED, in OpenLDAP 2.3 source tree: bash-3.00$ grep LDAP_DEPRECATED -rI include/ include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED include/ldap.h:#if LDAP_DEPRECATED > but there isn't manpage for the new ldap_initialize > function either. You're right, it's only been released starting with 2.4. > I am just very surprised that a quite mature openLDAP open source > projects can be this careless about the documentation. I already explained the reason in my previous posting. It's not lack of care, it's optimization of resources. The code works fine also without documentation, which eventually will converge (and it __is__ converging, in OpenLDAP 2.4). > There is (only > place) mention of ldap_initialize function in ldap.3: "A session handle > is created using ldap_initialize(3)". Naturally you want to do a man > ldap_initialize but there is nothing. ITS#3947 addresses this issue. > I was reporting this bug so that the "newbies" (new to openLDAP APIs) > won't be stuck like I was for a few hours. Then you probably should have entitled your posting "some C API man pages seem to be missing from OpenLDAP 2.3 code", or even better "this is a duplicate of ITS#2240". > Isn't the "Documentation" > supposed to help you to understand the APIs? This is not a bug. This is missing documentation, which is different. It is a known issue (ITS#2240), so your post is only adding noise. A non-noisy posting would have been accompanied by a patch fixing the issue, which is however already fixed in re24 (that's why ITS#2240 is now closed). > By the way, if you guys ask me to supply patch for the ldap_initialize, > sorry, I was just maintaining the old code to try to compile it on a > Fedora 5 box. The details about ldap APIs is above my ability. > > PS: ldap_initialize is just an example, there are also a bunch of other > functions that seemed to have been deprecated. Please check OpenLDAP 2.4. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4902) ManPage in 2.3.19 RPM is completely screwed up
by quanah＠stanford.edu 02 Apr '07

02 Apr '07

--On Monday, April 02, 2007 10:59 AM -0700 Quanah Gibson-Mount <quanah(a)stanford.edu> wrote: > > I.e., ldap_init is a deprecated function, and ldap_initialize should be > used instead. However, there are many programs out there that still use > the old API, so the old functions are maintained for backwards > compatibility purposes. Hence the man page. I will also note that ldap_initialize has a man page in the 2.4 release: <http://www.openldap.org/software/man.cgi?query=ldap_initialize&apropos=0&se…> --Quanah -- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs