openldap-bugs

openldap-bugs@openldap.org

1 participants
20955 discussions

RE: (ITS#4849) LDAP URL not recognized with bind9
by cyril＠coupel.net 24 Feb '07

24 Feb '07

Il s'agit d'un message ` parties multiples au format MIME. ------=_NextPart_000_0163_01C75810.9E49DBB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FYI =20 -----Message d'origine----- De : Pierangelo Masarati [mailto:ando@sys-net.it]=20 Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02 =C0 : cyril(a)coupel.net Cc : openldap-its(a)openldap.org Objet : Re: (ITS#4849) LDAP URL not recognized with bind9 =20 cyril(a)coupel.net wrote: > Tanks for your answer. > I tested by removing the %xxxx% from the URL and the tests are passed; = but > there is an error saying that there is no %xxx% token. > I already open a case to the BIND team, but they reply this is not a = bind > problem. > However, I will transmit this information to the BIND/DLZ team. =20 I have few more comments; see below. =20 =20 > Cyril COUPEL wrote: >> I agree with this information. >> The fact is the ldapURL is not used as it, the key %zone% (or = %client%) is >> replaced with the ns domain (the client name). >>=20 >> It was working well since I upgrade to 2.3.30-r2. =20 There is no OpenLDAP 2.3.30-r2; the current version is 2.3.34. This is a Gentoo relase based on 2.3.30 (the latest relase available is 2.3.33) =20 Also, you mentioned an error message "failed to parse ldap URL"; there's no such message in bind 9.3.4 code, nor in 9.4.0rc2. Also, there's no explicit ldap_url_parse() call, so the problem could only arise when performing an operation with that broken DN. However, I don't see how the error message could be raised by bind, since the URL is parsed by bind itself, without using the OpenLDAP API function, and the DN is only used as base for other operations, so OpenLDAP API cannot have any notion of that DN being part of an URL. Finally, bind itself, while parsing the URL, checks for badly encoded portions of the URL, and the corresponding error message is "LDAP sdb zone '%s': URL: bad hex = values". =20 The message is located in =20 isc_result_t dlz_ldap_checkURL(char *URL, int attrCnt, const char *msg) located in file bin/named/dlz_ldap_driver.c provided by ctrix_dlz_9.3.3.patch =20 Could you point us to the __real__ version of OpenLDAP __and__ bind you pretend to be broken? =20 =20 p. =20 =20 =20 Ing. Pierangelo Masarati OpenLDAP Core Team =20 SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------ =20 ------=_NextPart_000_0163_01C75810.9E49DBB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <style>  </style>  </head> <body lang=3DFR link=3Dblue vlink=3Dpurple> <div class=3DSection1> FYI<o:p></o:p> <o:p> </o:p> -----Message d'origine----- De : Pierangelo Masarati [mailto:ando@sys-net.it] Envoy=E9 : vendredi 23 f=E9vrier 2007 22:02 =C0 : cyril(a)coupel.net Cc : openldap-its(a)openldap.org Objet : Re: (ITS#4849) LDAP URL not recognized with = bind9<o:p></o:p> <o:p> </o:p> cyril(a)coupel.net wrote:<o:p></o:p> > Tanks for your answer.<o:p></o:p> > I tested by removing the %xxxx% from the = URL and the tests are passed; but<o:p></o:p> > there is an error saying that there is no = %xxx% token.<o:p></o:p> > I already open a case to the BIND team, but = they reply this is not a bind<o:p></o:p> > problem.<o:p></o:p> > However, I will transmit this information = to the BIND/DLZ team.<o:p></o:p> <o:p> </o:p> I have few more comments; see = below.<o:p></o:p> <o:p> </o:p> <o:p> </o:p> > Cyril COUPEL wrote:<o:p></o:p> >> I agree with this = information.<o:p></o:p> >> The fact is the ldapURL is not used as = it, the key %zone% (or %client%) is<o:p></o:p> >> replaced with the ns domain (the client = name).<o:p></o:p> >><o:p> </o:p> >> It was working well since I upgrade to 2.3.30-r2.<o:p></o:p> <o:p> </o:p> There is no = OpenLDAP 2.3.30-r2; the current version is 2.3.34.<o:p></o:p> This = is a Gentoo relase based on 2.3.30 (the latest relase available is = 2.3.33)<o:p></o:p> <o:p> </o:p> Also, you mentioned an error message = "failed to parse ldap URL"; there's<o:p></o:p> no such message in bind 9.3.4 code, nor in = 9.4.0rc2.=A0 Also, there's no<o:p></o:p> explicit ldap_url_parse() call, so the problem = could only arise when<o:p></o:p> performing an operation with that broken DN.=A0 = However, I don't see how<o:p></o:p> the error message could be raised by bind, since = the URL is parsed by<o:p></o:p> bind itself, without using the OpenLDAP API = function, and the DN is only<o:p></o:p> used as base for other operations, so OpenLDAP = API cannot have any<o:p></o:p> notion of that DN being part of an URL.=A0 = Finally, bind itself, while<o:p></o:p> parsing the URL, checks for badly encoded = portions of the URL, and the<o:p></o:p> corresponding error message is "LDAP sdb = zone '%s': URL: bad hex values".<o:p></o:p> <o:p> </o:p> The = message is located in =A0=A0=A0 <o:p></o:p> isc_result_t dlz_ldap_checkURL(char *URL, int attrCnt, const char *msg)<o:p></o:p> located in file bin/named/dlz_ldap_driver.c provided by ctrix_dlz_9.3.3.patch<o:p></o:p> <o:p> </o:p> Could you point us to the __real__ version of = OpenLDAP __and__ bind you<o:p></o:p> pretend to be broken?<o:p></o:p> <o:p> </o:p> <o:p> </o:p> p.<o:p></o:p> <o:p> </o:p> <o:p> </o:p> <o:p> </o:p> Ing. Pierangelo Masarati<o:p></o:p> OpenLDAP Core Team<o:p></o:p> <o:p> </o:p> SysNet s.n.c.<o:p></o:p> Via Dossi, 8 - 27100 Pavia - = ITALIA<o:p></o:p> http://www.sys-net.it<o:p></o:p> ------------------------------------------<o:p></o:p= > Office:=A0=A0 +39.02.23998309<o:p></o:p> Mobile:=A0=A0 +39.333.4963172<o:p></o:p> Email:=A0=A0=A0 = pierangelo.masarati(a)sys-net.it<o:p></o:p> ------------------------------------------<o:p></o:p= > <o:p> </o:p> </div> </body> </html> ------=_NextPart_000_0163_01C75810.9E49DBB0--

1 0

Re: (ITS#4848) Another slapd startup segfault
by ando＠sys-net.it 24 Feb '07

24 Feb '07

ando(a)sys-net.it wrote: >> # No limits for CNO-LDC >> limits dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" size=unlimited >> time=unlimited > > Is this "time=unlimited" starting in the first column a wrap of the > mailer or is it really there? Something absurd is happening: that limit > option starting in the first column is a syntax error, but 2.3 ignores > it. What's odd is that with this syntax error I exactly get your crash, > while without it I don't get any crash. The above had nothing to do with your problem. Your problem is related to the fact that you intermixed overlay and database configuration statements, so the idletimeout statement after the accesslog overlay instantiation was causing invalid memory write (beyond the private data of the accesslog overlay instead of in the private data of the bdb database) resulting in heap corruption. Maybe it hasn't been stressed enough, but the order of directives is: - global [- global overlay [- global overlay [...] ]] [- database [- overlay [- overlay [...] ]] [- database [- overlay [- overlay [...] ]]]] and each overlay's directives have to appear before any other overlay's. I'll see if sanity checks may be added to avoid your issue. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4848) Another slapd startup segfault
by ando＠sys-net.it 24 Feb '07

24 Feb '07

michael.heep(a)o2.com wrote: > Full_Name: Michael Heep > Version: 2.3.34 > OS: RHES30 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.113.101.1) Just one quick question: > # No limits for CNO-LDC > limits dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" size=unlimited > time=unlimited Is this "time=unlimited" starting in the first column a wrap of the mailer or is it really there? Something absurd is happening: that limit option starting in the first column is a syntax error, but 2.3 ignores it. What's odd is that with this syntax error I exactly get your crash, while without it I don't get any crash. >From valgrind, there appears to be some invalid write and an invalid free. I keep investigating... p. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4848) Another slapd startup segfault
by ando＠sys-net.it 24 Feb '07

24 Feb '07

michael.heep(a)o2.com wrote: > Full_Name: Michael Heep > Version: 2.3.34 > OS: RHES30 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (82.113.101.1) Few preliminary comments: 1) could easily reproduce 2) doesn't core with HEAD/2.4 code 3) you probably don't need the unique overlay on the consumer, since it's supposed to trust consistency of data coming from the producer The direct cause of the crash is that the LDAPDN structure that's being used to rebuild a normalized string representation of the unique_base is corrupted. I'm investigating how it got corrupted. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4849) LDAP URL not recognized with bind9
by ando＠sys-net.it 23 Feb '07

23 Feb '07

cyril(a)coupel.net wrote: > Tanks for your answer. > I tested by removing the %xxxx% from the URL and the tests are passed; but > there is an error saying that there is no %xxx% token. > I already open a case to the BIND team, but they reply this is not a bind > problem. > However, I will transmit this information to the BIND/DLZ team. I have few more comments; see below. > Cyril COUPEL wrote: >> I agree with this information. >> The fact is the ldapURL is not used as it, the key %zone% (or %client%) is >> replaced with the ns domain (the client name). >> >> It was working well since I upgrade to 2.3.30-r2. There is no OpenLDAP 2.3.30-r2; the current version is 2.3.34. Also, you mentioned an error message "failed to parse ldap URL"; there's no such message in bind 9.3.4 code, nor in 9.4.0rc2. Also, there's no explicit ldap_url_parse() call, so the problem could only arise when performing an operation with that broken DN. However, I don't see how the error message could be raised by bind, since the URL is parsed by bind itself, without using the OpenLDAP API function, and the DN is only used as base for other operations, so OpenLDAP API cannot have any notion of that DN being part of an URL. Finally, bind itself, while parsing the URL, checks for badly encoded portions of the URL, and the corresponding error message is "LDAP sdb zone '%s': URL: bad hex values". Could you point us to the __real__ version of OpenLDAP __and__ bind you pretend to be broken? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4850) back-meta stops returning data
by ando＠sys-net.it 23 Feb '07

23 Feb '07

hyc(a)symas.com wrote: >> I am experiencing problems with back_meta. It does return search results for >> some time, but at some point starts returning empty search results, with SEARCH >> RESULT err=32 in the logfile. This often (but not always) happens after 5 - 30 >> minutes. > > Significant changes were made to back-meta between 2.3.32 and 2.3.33. The > current version is 2.3.34. Please upgrade and see if the issue is still present. I believe the reported behavior does no longer occur with 2.3.34. What you report seems to be related to broken behavior when the remote server closes the connection as a consequence of an idletimeout. 2.3.33 saw a lot of improvements on this side, resulting from significant development efforts and stress testing in a harsh environment, where resilience to odd target behavior was a key requirement. 2.3.34 fixed minor issues after that upgrade, and more minor fixes already are in re23 for next 2.3 release, if any. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: ITS#3812
by hyc＠symas.com 23 Feb '07

23 Feb '07

quanah(a)stanford.edu wrote: > --On Friday, February 23, 2007 7:27 PM +0000 hyc(a)symas.com wrote: > >> It might be nice to set up an automated script to pull the updated >> manpages from CVS onto the web site. > >>From CVS for the current primary release. I.e., I think it would be bad if > the manpages for 2.4 showed up right now on the website. You'll note that the web site has a selector for the release you want to view. In some respects I like the old pages being on there because their dates establish a ballpark for when a feature first appeared (well, was first documented). But I think we should always have a "Current" selection as well, that always corresponds to the latest general-use release. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: ITS#3812
by quanah＠stanford.edu 23 Feb '07

23 Feb '07

--On Friday, February 23, 2007 7:27 PM +0000 hyc(a)symas.com wrote: > It might be nice to set up an automated script to pull the updated > manpages from CVS onto the web site. >From CVS for the current primary release. I.e., I think it would be bad if the manpages for 2.4 showed up right now on the website. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

1 0

ITS#3812
by hyc＠symas.com 23 Feb '07

23 Feb '07

It might be nice to set up an automated script to pull the updated manpages from CVS onto the web site. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4844) Missing 2.4 man pages and things marked as "Experimental"
by ghenry＠suretecsystems.com 23 Feb '07

23 Feb '07

<quote who="Howard Chu"> > ghenry(a)suretecsystems.com wrote: >> <quote who="ando(a)sys-net.it"> >>> ghenry(a)suretecsystems.com wrote: >>> >>>> Just a quick to note that there are some overlays missing from >>>> slapd.overlays.5 >>>> in 2.4.4alpha and actual man pages. >>> Please enumerate them; some are intentionally not present because they >>> are not intended for real use. >> >> * dyngroup has no man page, but is listed slapd.overlays.5 >> * slapo-valsort.5 isn't in slapd.overlays.5 >> * slapo-dds.5 isn't listed in slapd.overlays.5 >> * constraint.c has no docs or listed in slapd.overlays.5 > > slapo-constraint.5 was added to CVS April 29 2006. Ok, it wasn't in the 2.4.4alpha though. > >> * seqmod.c has no docs or listed in slapd.overlays.5 > > This is a demo overlay, not intended for actual use. Ah, ok. > > -- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc > Chief Architect, OpenLDAP http://www.openldap.org/project/ >

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs