openldap-bugs

openldap-bugs@openldap.org

1 participants
20993 discussions

Re: (ITS#4886) slapd stopping with no error message
by hyc＠symas.com 22 Mar '07

22 Mar '07

Also show the output for print *ber at the crash location Seems like something is bad in your build environment if you can get it to crash after only one search. Have you run the test suite successfully? douglas(a)gpc.edu wrote: > Full_Name: Douglas Jones > Version: 2.3.34 > OS: RHEL4 (linux) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (168.28.202.22) > > > Without efence, after the server has been runing between 3 and 15 days, > it varies, the sever just stops. Even using ulimit on core size, I did > not have luck getting a core file. Per recomendation of the newgroups, > I used efence and it crashed on the first lookup. I got the following under > gdb: > > (previous -d 1 output cut) > It did return the names to my client, which was good, but just crashed after > (during) that. Please let me know if I can do anythin else. Thanks! -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4888) Enhance back-sql with paged results
by hyc＠symas.com 22 Mar '07

22 Mar '07

adamson(a)cmu.edu wrote: > Full_Name: Mark Adamson > Version: HEAD > OS: Solaris 2.8 > URL: http://null.andrew.cmu.edu/openldap/sql_paged_results.patch > Submission from: (NULL) (128.2.234.24) > > > Here at Carnegie Mellon we had a need to use the LDAP_CONTROL_PAGEDRESULTS > control with the SQL backend. The patch to add this is not hard, and was mostly > copied from the back-bdb/search.c file. > > http://null.andrew.cmu.edu/openldap/sql_paged_results.patch > > The only challenge was the contents of the cookie that is used to maintain > state. The slap.h file defines the PagedResultsCookie type to be an unsigned > long, so I wanted to fit everything into that. The design idea was to keep the > ldap_entries.id value of the last returned entry in the cookie so that > subsequent searches could add a "AND ldap_entries.id > COOKIEVALUE" clause to > the SQL query. However, the gathering of candidate entries is done across all > objectClasses with avl_apply(), so if one OC returns an entry with a high > ldap_entries.id, objectClasses that come later in the AVL could miss entries. > For this reason, I add the oc_map_id of the last returned entry to the cookie, > and I adjusted the avl_apply() call to run through the objectClasses in numeric > order. In this way, when subsequent pages of entries are requested, all of the > objectClasses that were completed by previous pages can be skipped for the new > page. When we get to the objectClass where the previous page left off, we take > the ldap_entries.id from the cookie and apply the above mentioned SQL clause. A more appropriate change would probably be to change the cookie type to a berval so that arbitrary data may be used as needed by each backend. Then you can set both the oc_map_id and the ldap_entries.id. Ultimately this sort of thing should be handled almost entirely by the frontend, with just a single call in the backend to fill a cookie struct for the current search state. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#4888) Enhance back-sql with paged results
by adamson＠cmu.edu 21 Mar '07

21 Mar '07

Full_Name: Mark Adamson Version: HEAD OS: Solaris 2.8 URL: http://null.andrew.cmu.edu/openldap/sql_paged_results.patch Submission from: (NULL) (128.2.234.24) Here at Carnegie Mellon we had a need to use the LDAP_CONTROL_PAGEDRESULTS control with the SQL backend. The patch to add this is not hard, and was mostly copied from the back-bdb/search.c file. http://null.andrew.cmu.edu/openldap/sql_paged_results.patch The only challenge was the contents of the cookie that is used to maintain state. The slap.h file defines the PagedResultsCookie type to be an unsigned long, so I wanted to fit everything into that. The design idea was to keep the ldap_entries.id value of the last returned entry in the cookie so that subsequent searches could add a "AND ldap_entries.id > COOKIEVALUE" clause to the SQL query. However, the gathering of candidate entries is done across all objectClasses with avl_apply(), so if one OC returns an entry with a high ldap_entries.id, objectClasses that come later in the AVL could miss entries. For this reason, I add the oc_map_id of the last returned entry to the cookie, and I adjusted the avl_apply() call to run through the objectClasses in numeric order. In this way, when subsequent pages of entries are requested, all of the objectClasses that were completed by previous pages can be skipped for the new page. When we get to the objectClass where the previous page left off, we take the ldap_entries.id from the cookie and apply the above mentioned SQL clause. To fit both the oc_map_id and ldap_entries.id into a 32bit cookie, I had to make a sacrifice. I took 6 bits and used them for oc_map_id and the remaining 26 bits for ldap_entries.id. This means max(oc_map_id) needs to be < 64 and max(ldap_entries.id) needs to be < 134,217,728. If the PagedResultsCookie type is ever expanded to be a berval, we can store both oc_map_id and ldap_entries.id in their full glory. Anyway, try it out. It's a quick patch. -Mark Adamson Carnegie Mellon University

1 0

(ITS#4887) JLDAP - com.novell.sasl.client.DigestMD5SaslClient and RFC2831
by giovannix＠gmail.com 21 Mar '07

21 Mar '07

Full_Name: Giovanni Almeida Santos Version: 2.3.34 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.199.204.60) According to RFC2831 (Using Digest Authentication as a SASL Mechanism), the rules for a "digest-response" is defined as follows: digest-response = 1#( username | realm | nonce | cnonce | nonce-count | qop | digest-uri | response | maxbuf | charset | cipher | authzid | auth-param ) username = "username" "=" <"> username-value <"> username-value = qdstr-val ... authzid = "authzid" "=" <"> authzid-value <"> authzid-value = qdstr-val com.novell.sasl.client.DigestMD5SaslClient class does not implement that RFC at all because it does not use authzid as described above. To correct this, it is necessary modify two methods on DigestMD5SaslClient: DigestCalcHA1 and createDigestResponse. In the DigestCalcHA1 method it is necessary include the code delimited by // -->> as follows: char[] DigestCalcHA1( String algorithm, String userName, String realm, String password, String nonce, String clientNonce) throws SaslException { ... if ("md5-sess".equals(algorithm)) { md.update(hash); md.update(":".getBytes("UTF-8")); md.update(nonce.getBytes("UTF-8")); md.update(":".getBytes("UTF-8")); md.update(clientNonce.getBytes("UTF-8")); // -->> It is necessary to allow Proxy Authorization if(m_authorizationId != null && !"".equals(m_authorizationId)) { md.update(":".getBytes("UTF-8")); md.update(m_authorizationId.getBytes("UTF-8")); } // -->> End hash = md.digest(); } ... } In the createDigestResponse method it is necessary remove <code>digestResponse.append(m_authorizationId)<code> (commented below) and insert the code delimited by // -->> private String createDigestResponse( byte[] challenge) throws SaslException { ... digestResponse.append("username=\""); //digestResponse.append(m_authorizationId); // -->> It is necessary to allow Proxy Authorization digestResponse.append(m_name); if(m_authorizationId != null && !"".equals(m_authorizationId)) { digestResponse.append("\",authzid=\""); digestResponse.append(m_authorizationId); } // -->> End ... } Without these modifications, proxy authorization is not possible.

1 0

(ITS#4886) slapd stopping with no error message
by douglas＠gpc.edu 21 Mar '07

21 Mar '07

Full_Name: Douglas Jones Version: 2.3.34 OS: RHEL4 (linux) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (168.28.202.22) Without efence, after the server has been runing between 3 and 15 days, it varies, the sever just stops. Even using ulimit on core size, I did not have luck getting a core file. Per recomendation of the newgroups, I used efence and it crashed on the first lookup. I got the following under gdb: (previous -d 1 output cut) >>> dnPrettyNormal: <cn=Write,cn=Waiters,cn=Monitor> <<< dnPrettyNormal: <cn=Write,cn=Waiters,cn=Monitor>, <cn=write,cn=waiters,cn=monitor> >>> dnNormalize: <> <<< dnNormalize: <> >>> dnNormalize: <> <<< dnNormalize: <> <= str2entry(cn=Write,cn=Waiters,cn=Monitor) -> 0x260d9fd8 backend_startup_one: starting "o=gpc,c=us" slapd starting [New Thread 635861936 (LWP 10061)] [New Thread 631663536 (LWP 10062)] [New Thread 627465136 (LWP 10063)] [New Thread 623266736 (LWP 10064)] [New Thread 619068336 (LWP 10065)] >>> slap_listener(ldap://:389/) connection_get(33): got connid=0 connection_read(33): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 16 contents: ber_get_next do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=30 tag=97 err=0 ber_flush: 14 bytes to sd 33 connection_get(33): got connid=0 connection_read(33): checking for input on id=0 ber_get_next Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 635861936 (LWP 10061)] ber_get_next (sb=0x25f2ffe8, len=0x25e6427c, ber=0x25f65fd4) at io.c:551 551 if (*ber->ber_ptr & 0x80) { /* multi-byte */ (gdb) bt full #0 ber_get_next (sb=0x25f2ffe8, len=0x25e6427c, ber=0x25f65fd4) at io.c:551 l = Variable "l" is not available. (gdb) thread apply all bt Thread 6 (Thread 619068336 (LWP 10065)): #0 0x0028e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x004e7b26 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/libpthread.so.0 #2 0x0812d25b in ldap_int_thread_pool_wrapper (xpool=0xb725df58) at tpool.c:490 #3 0x004e5371 in start_thread () from /lib/tls/libpthread.so.0 #4 0x0036effe in clone () from /lib/tls/libc.so.6 Thread 5 (Thread 623266736 (LWP 10064)): #0 0x0028e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x004e7b26 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/libpthread.so.0 #2 0x0812d25b in ldap_int_thread_pool_wrapper (xpool=0xb725df58) at tpool.c:490 #3 0x004e5371 in start_thread () from /lib/tls/libpthread.so.0 #4 0x0036effe in clone () from /lib/tls/libc.so.6 Thread 4 (Thread 627465136 (LWP 10063)): #0 0x0028e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x004e7b26 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/libpthread.so.0 ---Type <return> to continue, or q <return> to quit--- #2 0x0812d25b in ldap_int_thread_pool_wrapper (xpool=0xb725df58) at tpool.c:490 #3 0x004e5371 in start_thread () from /lib/tls/libpthread.so.0 #4 0x0036effe in clone () from /lib/tls/libc.so.6 Thread 3 (Thread 631663536 (LWP 10062)): #0 0x0028e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x0036ba19 in mprotect () from /lib/tls/libc.so.6 #2 0x0814fb3f in Page_AllowAccess (address=0x25fa8000, size=475136) at page.c:149 #3 0x0814f6be in free (address=0xb7ea4ff0) at efence.c:694 #4 0x003232b5 in tzset_internal () from /lib/tls/libc.so.6 #5 0x00323d0e in tzset () from /lib/tls/libc.so.6 #6 0x003288ae in strftime_l () from /lib/tls/libc.so.6 #7 0x0036af6b in vsyslog () from /lib/tls/libc.so.6 #8 0x0036b4df in syslog () from /lib/tls/libc.so.6 #9 0x0806ab08 in slap_send_ldap_result (op=0x25f61e58, rs=0x25a66230) at result.c:585 #10 0x08075952 in fe_op_bind (op=0x25f61e58, rs=0x25a66230) at bind.c:327 #11 0x0807523d in do_bind (op=0x25f61e58, rs=0x25a66230) at bind.c:200 #12 0x0805eac4 in connection_operation (ctx=0x25a662b0, arg_v=0x25f61e58) at connection.c:1133 #13 0x0812d1df in ldap_int_thread_pool_wrapper (xpool=0xb725df58) ---Type <return> to continue, or q <return> to quit--- at tpool.c:478 #14 0x004e5371 in start_thread () from /lib/tls/libpthread.so.0 #15 0x0036effe in clone () from /lib/tls/libc.so.6 Thread 2 (Thread 635861936 (LWP 10061)): #0 ber_get_next (sb=0x25f2ffe8, len=0x25e6427c, ber=0x25f65fd4) at io.c:551 #1 0x0805eed0 in connection_read (s=33) at connection.c:1528 #2 0x0805baa2 in slapd_daemon_task (ptr=0x0) at daemon.c:2461 #3 0x004e5371 in start_thread () from /lib/tls/libpthread.so.0 #4 0x0036effe in clone () from /lib/tls/libc.so.6 Thread 1 (Thread -1208731424 (LWP 10058)): #0 0x0028e7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x004e60fd in pthread_join () from /lib/tls/libpthread.so.0 #2 0x0805c621 in slapd_daemon () at daemon.c:2572 #3 0x0804dc9f in main (argc=13, argv=0xbff6ac14) at main.c:860 ------------------------------------------------------------------------------------ It did return the names to my client, which was good, but just crashed after (during) that. Please let me know if I can do anythin else. Thanks!

1 0

Re: (ITS#4883) test000 fails
by ando＠sys-net.it 21 Mar '07

21 Mar '07

Ralf Haferkamp wrote: > unintended or incomplete. Both. Fixed, thanks. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

(ITS#4883) test000 fails
by rhafer＠suse.de 21 Mar '07

21 Mar '07

It seems that the last change in back-monitor.h was either unintended or incomplete. Reverting that change make the test suite working again. Ando, as that was your change, could you please take a deeper look? -- thanks, Ralf

1 0

(ITS#4885) incorrect response macro in ldap_result(3)
by ando＠sys-net.it 21 Mar '07

21 Mar '07

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (87.28.220.33) Submitted by: ando In ldap_result(3) there is mention of LDAP_RES_EXTENDED_PARTIAL, which apparently was replaced by LDAP_RES_INTERMEDIATE since 2.2 or so. p.

1 0

Re: (ITS#4884) Back-config inheritance issue
by ando＠sys-net.it 21 Mar '07

21 Mar '07

I've committed to HEAD a fix that exploits inheritance. The rationale is: - lookup the structural objectClass; starting from it, check it and subordinates for a function that successfully adds the entry - using all objectClass values, collect all, including ancestors, that may be of use in checking configuration. Passes all tests (049->051), and allows to add an overlay using only the overlay's objectClass, provided it's derived from olcOverlayConfig. Please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4853) A debug message is printed, from the released version
by ando＠sys-net.it 20 Mar '07

20 Mar '07

Fixed, thanks. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs