openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

Re: (ITS#8825) slapo-memberof: memberof-memberof-ad doesn't work correctly
by quanah＠symas.com 27 Mar '18

27 Mar '18

--On Wednesday, March 28, 2018 1:14 AM +0100 Howard Chu <hyc(a)symas.com> wrote: > That's because memberOf is an operational attribute, so objectclass > requirements don't apply. If you want to use some other attribute, make > sure the schema allows it in the relevant entries, or use an operational > attribute. > > Not a bug. Closing this ITS. For historical purposes, it is a bit more complex than this. It is not possible to include an operational attribute via the normal schema methods. This depends on the "dsaschema" contrib overlay. That contrib overlay requires development to support cn=config. The alternative to using an operational attribute is to have a custom objectClass where the custom attribute desired is defined as an optional ("MAY") attribute. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8825) slapo-memberof: memberof-memberof-ad doesn't work correctly
by hyc＠symas.com 27 Mar '18

27 Mar '18

quanah(a)openldap.org wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.4.45 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (47.208.148.239) > > > Per the slapo-memberof man page, you can define a different attribute than > "memberOf" to hold the group membership information for an entry. > > However, this fails due to the fact that when a different attribute is used, > slapd applies objectClass rule requirements to the entry. slapd does *not* do > this when the default value of "memberOf" is used. That's because memberOf is an operational attribute, so objectclass requirements don't apply. If you want to use some other attribute, make sure the schema allows it in the relevant entries, or use an operational attribute. Not a bug. Closing this ITS. > > Example config: > > overlay memberof > memberof-group-oc groupofuniquenames > memberof-member-ad uniquemember > memberof-memberof-ad ismemberof > > Example schema: > > attributetype ( 2.15.930.3.234225.3.1 > NAME 'isMemberOf' > DESC 'Sun defined attribute type' > EQUALITY distinguishedNameMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 > X-ORIGIN 'Sun Directory Server' ) > > Create a group: > > dn: cn=mygroup,dc=example,dc=com > objectClass: top > objectClass: groupOfUniqueNames > cn: mygroup > uniqueMember: cn=La Valko,ou=Peons,dc=example,dc=com > > Group creates OK, but: > > slapd[5149]: Entry (cn=La Valko,ou=Peons,dc=example,dc=com), attribute > 'isMemberOf' not allowed > slapd[5149]: entry failed schema check: attribute 'isMemberOf' not allowed > slapd[5149]: conn=1000 op=19: memberof_value_modify DN="cn=la > valko,ou=peons,dc=example,dc=com" add isMemberOf="cn=mygroup,dc=example,dc=com" > failed err=65 > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8825) slapo-memberof: memberof-memberof-ad doesn't work correctly
by quanah＠openldap.org 27 Mar '18

27 Mar '18

Full_Name: Quanah Gibson-Mount Version: 2.4.45 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) Per the slapo-memberof man page, you can define a different attribute than "memberOf" to hold the group membership information for an entry. However, this fails due to the fact that when a different attribute is used, slapd applies objectClass rule requirements to the entry. slapd does *not* do this when the default value of "memberOf" is used. Example config: overlay memberof memberof-group-oc groupofuniquenames memberof-member-ad uniquemember memberof-memberof-ad ismemberof Example schema: attributetype ( 2.15.930.3.234225.3.1 NAME 'isMemberOf' DESC 'Sun defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Sun Directory Server' ) Create a group: dn: cn=mygroup,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: mygroup uniqueMember: cn=La Valko,ou=Peons,dc=example,dc=com Group creates OK, but: slapd[5149]: Entry (cn=La Valko,ou=Peons,dc=example,dc=com), attribute 'isMemberOf' not allowed slapd[5149]: entry failed schema check: attribute 'isMemberOf' not allowed slapd[5149]: conn=1000 op=19: memberof_value_modify DN="cn=la valko,ou=peons,dc=example,dc=com" add isMemberOf="cn=mygroup,dc=example,dc=com" failed err=65

1 0

(ITS#8824) openldap-2.4.46/libraries/liblmdb/mdb_dump.c:136]: (style) Suspicious condition
by dcb314＠hotmail.com 26 Mar '18

26 Mar '18

Full_Name: David Binderman Version: 2.4.46 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (79.65.172.203) openldap-2.4.46/libraries/liblmdb/mdb_dump.c:136]: (style) Suspicious condition (assignment + comparison); Clarify expression with parentheses. Source code is while ((rc = mdb_cursor_get(mc, &key, &data, MDB_NEXT) == MDB_SUCCESS)) { maybe better code while ((rc = mdb_cursor_get(mc, &key, &data, MDB_NEXT)) == MDB_SUCCESS) {

1 0

Re: (ITS#8823) LMDB on ramdisk
by hyc＠symas.com 21 Mar '18

21 Mar '18

luca.foppiano(a)inria.fr wrote: > Full_Name: Luca Foppiano > Version: 2.4 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (37.169.254.52) > > > Dear OpenLDAP team, > I'm using one of your component (LMDB) via a java JNDI bindings > implementation (https://github.com/deephacks/lmdbjni) and I'm having an issue > when I deploy my LMDB file on a tempfs filesystem in RAM. The ITS is for bug reports, not for help requests. Use the -technical mailing list. Closing this ITS. > > The issue do not occur when the LMDB files are stored on a "normal" filesystem. > When the data is in the tempfs ramdisk all the allocated memory ends up being in > the Dirty area (it has not been written back to the Filesytem). > > Here an example using the ramdisk: > > 7ce320000000-7cfc20000000 r--s 00000000 00:26 2459 > /ramfs/nerd/data/db/db-en/entityEmbeddings/data.mdb > Size: 104857600 kB > Rss: 1255680 kB > Pss: 1255680 kB > Shared_Clean: 0 kB > Shared_Dirty: 0 kB > Private_Clean: 0 kB > Private_Dirty: 1255680 kB <--- > Referenced: 1255680 kB > Anonymous: 0 kB > AnonHugePages: 0 kB > Shared_Hugetlb: 0 kB > Private_Hugetlb: 0 kB > Swap: 0 kB > SwapPss: 0 kB > KernelPageSize: 4 kB > MMUPageSize: 4 kB > Locked: 0 kB > VmFlags: rd sh mr mw me ms sd > > and here an example without: > > 7ca4fc000000-7cbdfc000000 r--s 00000000 fd:00 11154951 > /data/workspace/shared/nerd-data/db/db-en/entityEmbeddings/data.mdb > Size: 104857600 kB > Rss: 838124 kB > Pss: 838124 kB > Shared_Clean: 0 kB > Shared_Dirty: 0 kB > Private_Clean: 838124 kB <---- > Private_Dirty: 0 kB > Referenced: 764872 kB > Anonymous: 0 kB > AnonHugePages: 0 kB > ShmemPmdMapped: 0 kB > Shared_Hugetlb: 0 kB > Private_Hugetlb: 0 kB > Swap: 0 kB > SwapPss: 0 kB > KernelPageSize: 4 kB > MMUPageSize: 4 kB > Locked: 0 kB > VmFlags: rd sh mr mw me ms sd > > > According to my understanding the memory is dirty when 1)there are open > transactions, 2) the data has not been written back to the filesystem > > What I don't understand is why there is a difference between filesystem and > ramdisk? > Is there any reason? The application (listed above) is not writing on the lmdb, > but just reading (using reading transaction). > > Thank you > Luca > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8823) LMDB on ramdisk
by luca.foppiano＠inria.fr 21 Mar '18

21 Mar '18

Full_Name: Luca Foppiano Version: 2.4 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (37.169.254.52) Dear OpenLDAP team, I'm using one of your component (LMDB) via a java JNDI bindings implementation (https://github.com/deephacks/lmdbjni) and I'm having an issue when I deploy my LMDB file on a tempfs filesystem in RAM. The issue do not occur when the LMDB files are stored on a "normal" filesystem. When the data is in the tempfs ramdisk all the allocated memory ends up being in the Dirty area (it has not been written back to the Filesytem). Here an example using the ramdisk: 7ce320000000-7cfc20000000 r--s 00000000 00:26 2459 /ramfs/nerd/data/db/db-en/entityEmbeddings/data.mdb Size: 104857600 kB Rss: 1255680 kB Pss: 1255680 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 1255680 kB <--- Referenced: 1255680 kB Anonymous: 0 kB AnonHugePages: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd sh mr mw me ms sd and here an example without: 7ca4fc000000-7cbdfc000000 r--s 00000000 fd:00 11154951 /data/workspace/shared/nerd-data/db/db-en/entityEmbeddings/data.mdb Size: 104857600 kB Rss: 838124 kB Pss: 838124 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 838124 kB <---- Private_Dirty: 0 kB Referenced: 764872 kB Anonymous: 0 kB AnonHugePages: 0 kB ShmemPmdMapped: 0 kB Shared_Hugetlb: 0 kB Private_Hugetlb: 0 kB Swap: 0 kB SwapPss: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd sh mr mw me ms sd According to my understanding the memory is dirty when 1)there are open transactions, 2) the data has not been written back to the filesystem What I don't understand is why there is a difference between filesystem and ramdisk? Is there any reason? The application (listed above) is not writing on the lmdb, but just reading (using reading transaction). Thank you Luca

1 0

Re: (ITS#8822) Conan package
by hyc＠symas.com 21 Mar '18

21 Mar '18

zamazan4ik(a)tut.by wrote: > Full_Name: Alexander Zaitsev > Version: None > OS: Linux > URL: > Submission from: (NULL) (128.140.241.11) > > > Hello, > Do you know about Conan(https://github.com/conan-io/conan)? > Conan is modern dependency manager for C++. And will be great if your library > will be available via package manager for other developers. > > On https://github.com/bincrafters/conan-templates) you can find example, how you > can create package for the library. > > If you have any questions, just ask :-) > > The OpenLDAP Project provides source code, not packages. Feel free to create whatever packages you want. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8822) Conan package
by zamazan4ik＠tut.by 21 Mar '18

21 Mar '18

Full_Name: Alexander Zaitsev Version: None OS: Linux URL: Submission from: (NULL) (128.140.241.11) Hello, Do you know about Conan(https://github.com/conan-io/conan)? Conan is modern dependency manager for C++. And will be great if your library will be available via package manager for other developers. On https://github.com/bincrafters/conan-templates) you can find example, how you can create package for the library. If you have any questions, just ask :-)

1 0

Re: (ITS#8821) memory leak during slap_send_ldap_result()
by hyc＠symas.com 20 Mar '18

20 Mar '18

valdemar.pavesi(a)nokia.com wrote: > Full_Name: VALDEMAR PAVESI > Version: 2.4.40 > OS: 3.10.0-514.26.2.el7.x86_64 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (131.228.48.70) > > > hello, > > during add an delete there is a memory leak. This could be ITS#8031 or ITS#8690. 2.4.40 is nearly 4 years old. Please use a newer release and report back if you're still seeing the problem. > got 1000 times memory leaked: > > > 0x00007fc8000f8f70 libc-2.17.so __malloc()+0 > 0x00007fc8017cf2b5 liblber-2.4.so ber_memalloc_x()+53 > 0x00007fc8017cf5de liblber-2.4.so ber_dupbv_x()+62 > 0x00007fc801ea1c23 slapd > 0x00007fc801ea2172 slapd attrs_dup()+66 > 0x00007fc801ea551b slapd entry_dup2()+75 > 0x00007fc7fc6f1403 syncprov-2.4.so > 0x00007fc7fc6f20c2 syncprov-2.4.so > 0x00007fc801ea91f3 slapd > 0x00007fc801ea97b0 slapd > 0x00007fc801eaa342 slapd slap_send_ldap_result()+114 > 0x00007fc801f1807d slapd bdb_modify()+1325 > 0x00007fc801f07926 slapd overlay_op_walk()+134 > 0x00007fc801f07a94 slapd > 0x00007fc801efe7bf slapd > 0x00007fc801f008eb slapd > 0x00007fc801e999a1 slapd > 0x00007fc8019e9fba libldap_r-2.4.so > 0x00007fc800caddc5 libpthread-2.17.so start_thread()+197 > 0x00007fc80017076d libc-2.17.so __clone()+109 > > +++++++++++++++++++++++++++++++++ -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8821) memory leak during slap_send_ldap_result()
by valdemar.pavesi＠nokia.com 20 Mar '18

20 Mar '18

Full_Name: VALDEMAR PAVESI Version: 2.4.40 OS: 3.10.0-514.26.2.el7.x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (131.228.48.70) hello, during add an delete there is a memory leak. fsuseradd CESNAT4 -G _nokfsuipmgroot -p Gok9zt0Fy4FZYWhW/fGHLseWjPj/Dgv1 fsuserdel -r remove CESNAT4 there is a success for both commands. +++++++++++++++++++++++++++++++++++++++ memory keep increasing... Every 5.0s: ps -p 29064 o vsz,rss Wed Mar 21 02:34:22 2018 VSZ RSS 831368 83980 +++++++++++++++++++++++++++++++++ Every 5.0s: ps -p 29064 o vsz,rss Wed Mar 21 02:36:12 2018 VSZ RSS 831368 83984 +++++++++++++++++++++++++++++++++ got 1000 times memory leaked: 0x00007fc8000f8f70 libc-2.17.so __malloc()+0 0x00007fc8017cf2b5 liblber-2.4.so ber_memalloc_x()+53 0x00007fc8017cf5de liblber-2.4.so ber_dupbv_x()+62 0x00007fc801ea1c23 slapd 0x00007fc801ea2172 slapd attrs_dup()+66 0x00007fc801ea551b slapd entry_dup2()+75 0x00007fc7fc6f1403 syncprov-2.4.so 0x00007fc7fc6f20c2 syncprov-2.4.so 0x00007fc801ea91f3 slapd 0x00007fc801ea97b0 slapd 0x00007fc801eaa342 slapd slap_send_ldap_result()+114 0x00007fc801f1807d slapd bdb_modify()+1325 0x00007fc801f07926 slapd overlay_op_walk()+134 0x00007fc801f07a94 slapd 0x00007fc801efe7bf slapd 0x00007fc801f008eb slapd 0x00007fc801e999a1 slapd 0x00007fc8019e9fba libldap_r-2.4.so 0x00007fc800caddc5 libpthread-2.17.so start_thread()+197 0x00007fc80017076d libc-2.17.so __clone()+109 +++++++++++++++++++++++++++++++++ if keep running both commands, there is one time that we will get this error: # fsuseradd CESNAT -G _nokfsuipmgroot -p Gok9zt0Fy4FZYWhW/fGHLseWjPj/Dgv1 invalid parameter: CESNAT already exists. use -g option to assign user to CESNAT # fsuserdel -r remove CESNAT Username CESNAT does not exist in LDAP. # fsuseradd CESNAT -G _nokfsuipmgroot -p Gok9zt0Fy4FZYWhW/fGHLseWjPj/Dgv1 invalid parameter: CESNAT already exists. use -g option to assign user to CESNAT # fsuserdel -r remove CESNAT Username CESNAT does not exist in LDAP. # fsuserdel -r remove CESNAT Username CESNAT does not exist in LDAP. # fsuseradd CESNAT -G _nokfsuipmgroot -p Gok9zt0Fy4FZYWhW/fGHLseWjPj/Dgv1 invalid parameter: CESNAT already exists. use -g option to assign user to CESNAT +++++++++++++++++++++++++++++++++++++++++ [root@santos-santoscmm-necc0 ~]# more /opt/aaa/ldap/conf/ldap.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /opt/aaa/ldap/schema/fsAll.schema #schemacheck off # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/slapd.pid #argsfile /var/run/openldap/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Define global ACLs to disable default read access. include /opt/aaa/ldap/conf/security.conf allows bind_v2 # Log level here doesn't really have any effect since the service is started with -d option loglevel 256 logfile /var/log/ldap/ldap.log # Set the max size of primary thread pool threads 20 ####################################################################### # ldbm database definitions ####################################################################### sizelimit unlimited # main database ####################################################### database bdb suffix "" rootdn "fsClusterId=ClusterRoot" rootpw {CRYPT}$6$cKyVbTD/bEiX$DOOeUCXHkmOTdlbRq0n.hGzgv7rhD2MG4.hAt8s.8Gqr73gUKw7swD2xR7zvidcfpvbkVjOkruY4BM9UprSFH/ password-hash {CRYPT} password-crypt-salt-format "$6$%.12s" checkpoint 1024 60 directory /var/lib/ldap/aaa index objectClass,entryCSN,entryUUID eq index uid,uidNumber,gidNumber,fssecAssignedGroupRoleRef,memberUid eq moduleload /usr/lib64/openldap/ppolicy.la overlay ppolicy ppolicy_default "fsFragmentId=Policy,fsFragmentId=Configurations,fsFragmentId=Security,fsClusterId=ClusterRoot" #overlay glue #cachesize 30000 TLSCertificateFile local.local security ssf=128 TLSCipherSuite HIGH:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA:-SSLv2:-SSLv3 TLSCACertificatePath /etc/openldap/internal_certs TLSVerifyClient never include /opt/nokia/aaa/ldap/conf/sync.conf # +++++++++++++++++++++++++++++++++++++++++ regards! Valdemar

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs