openldap-bugs

openldap-bugs@openldap.org

1 participants
21151 discussions

Re: (ITS#8512) segfault for large entries
by ryan＠nardis.ca 24 Oct '16

24 Oct '16

This is probably a specific case of ITS#8435. There is a fix in git master already, commit id 23c5d6bb. Would you please test with that patch applied?

1 0

Re: (ITS#8522) Incoming
by ryan＠nardis.ca 24 Oct '16

24 Oct '16

On Mon, Oct 24, 2016 at 04:48:18PM +0000, rm(a)mh-freiburg.de wrote: >#0 0x00007f60dd7e0aa0 in ?? () >#1 0x00007f61650bca41 in slap=5Fwritewait=5Fplay (op=3D0x7f60c8002550)= > at ../../../../servers/slapd/result.c:294 >#2 send=5Fldap=5Fber (op=3D0x7f60c8002550, ber=3D0x7f60dd64f250) at ..= >/../../../servers/slapd/result.c:367 >#3 0x00007f61650bf651 in slap=5Fsend=5Fsearch=5Fentry (op=3D0x7f60c800= >2550, rs=3D0x7f60dd7e0aa0) at ../../../../servers/slapd/result.c:1430 >#4 0x00007f616003590b in mdb=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f6= >0dd7e0aa0) at ../../../../../servers/slapd/back-mdb/search.c:1086 >#5 0x00007f615f5f8cd6 in relay=5Fback=5Fop (op=3D0x7f60c8002550, rs=3D= >0x7f60dd7e0aa0, which=3D<optimized out>) > at ../../../../../servers/slapd/back-relay/op.c:210 I'm actually thinking this is a duplicate of ITS#8428, already fixed in RE24. Can you please try with commit 2e60bf5e applied?

1 0

(ITS#8522) Incoming
by rm＠mh-freiburg.de 24 Oct '16

24 Oct '16

I'm experiencing a suspiciously similar segfault on 2.4.44+dfsg-1 Here follows the backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f60dd7e1700 (LWP 32510)] 0x00007f60dd7e0aa0 in ?? () (gdb) bt #0 0x00007f60dd7e0aa0 in ?? () #1 0x00007f61650bca41 in slap=5Fwritewait=5Fplay (op=3D0x7f60c8002550)= at ../../../../servers/slapd/result.c:294 #2 send=5Fldap=5Fber (op=3D0x7f60c8002550, ber=3D0x7f60dd64f250) at ..= /../../../servers/slapd/result.c:367 #3 0x00007f61650bf651 in slap=5Fsend=5Fsearch=5Fentry (op=3D0x7f60c800= 2550, rs=3D0x7f60dd7e0aa0) at ../../../../servers/slapd/result.c:1430 #4 0x00007f616003590b in mdb=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f6= 0dd7e0aa0) at ../../../../../servers/slapd/back-mdb/search.c:1086 #5 0x00007f615f5f8cd6 in relay=5Fback=5Fop (op=3D0x7f60c8002550, rs=3D= 0x7f60dd7e0aa0, which=3D<optimized out>) at ../../../../../servers/slapd/back-relay/op.c:210 #6 0x00007f616511aeea in overlay=5Fop=5Fwalk (op=3Dop@entry=3D0x7f60c8= 002550, rs=3D0x7f60dd7e0aa0, which=3Dop=5Fsearch, oi=3D0x7f6165d2c020,= on=3D<optimized out>) at ../../../../servers/slapd/backover.c:677 #7 0x00007f616511b044 in over=5Fop=5Ffunc (op=3D0x7f60c8002550, rs=3D<= optimized out>, which=3D<optimized out>) at ../../../../servers/slapd/backover.c:730 #8 0x00007f61650af071 in fe=5Fop=5Fsearch (op=3D0x7f60c8002550, rs=3D0= x7f60dd7e0aa0) at ../../../../servers/slapd/search.c:402 #9 0x00007f61650ae9ee in do=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f60= dd7e0aa0) at ../../../../servers/slapd/search.c:247 #10 0x00007f61650ac57c in connection=5Foperation (ctx=3D0x7f60dd7e0c10,= arg=5Fv=3D0x7f60c8002550) at ../../../../servers/slapd/connection.c:1158 #11 0x00007f61650ac867 in connection=5Fread=5Fthread (ctx=3D0x7f60c8002= 550, argv=3D0x7f60dd7df710) at ../../../../servers/slapd/connection.c:1294 #12 0x00007f6164c0df22 in ldap=5Fint=5Fthread=5Fpool=5Fwrapper (xpool=3D= 0x7f6165c8ffa0) at ../../../../libraries/libldap=5Fr/tpool.c:696 #13 0x00007f61631f20a4 in start=5Fthread (arg=3D0x7f60dd7e1700) at pthr= ead=5Fcreate.c:309 #14 0x00007f6162f2762d in clone () at ../sysdeps/unix/sysv/linux/x86=5F= 64/clone.S:111 To reliably trigger the segfault I need to request jpegImage attributes= . A few more (possibly important) facts: the server houses two databases, the first is a sync-repl slave unsing = the mdb backend, the second a relay backend that provides read-only access to the first database rewriting the data= base suffix. So far I could only trigger the segfault in the relay database, not in = the mdb-backend one. HTH Ralf Mattes

1 0

Re: (ITS#8436) slapadd hang in bdb_tool_entry_close / ldap_pvt_thread_cond_wait
by michael＠stroeder.com 23 Oct '16

23 Oct '16

This is a cryptographically signed message in MIME format. --------------ms060809020701010302070106 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable lists(a)steffen-moser.de wrote: > Today, I encountered a similar hang of our OpenLDAP 2.4.30 server on a > Solaris 11.3(.11.6.0) host. Note that 2.4.30 release is more than 4.5 years old. There have been *man= y* fixes since then. [1] Using free software it's best practice first trying to reproduce the erro= rnous behaviour with a recent release. Otherwise you're wasting developers' spa= re time. Ciao, Michael. (not a OpenLDAP developer) [1] CHANGES from RE24 branch: http://www.openldap.org/devel/gitweb.cgi?p=3Dopenldap.git;a=3Dblob;f=3DCH= ANGES;h=3D4914db12b0ab2fe2e4f2a91ea46df224a4532cdc;hb=3Drefs/heads/OPENLD= AP_REL_ENG_2_4 --------------ms060809020701010302070106 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CucwggT9MIID5aADAgECAhBFRleVrRF8X5GwbV0tcLCgMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwOTE2MDcxNjUxWhcNMTkxMjE2MDcxNjUxWjBEMR0wGwYDVQQDDBRtaWNo YWVsQHN0cm9lZGVyLmNvbTEjMCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMBt5jtuLXsNQ5U7rBbZit8sknIwz hfaousT3d/fssQ6qZwe9l1yklILSXVMqI7/bxbiqcd3zrz+imdSlZPrFBHGfh04DZHCfss2F RwSswGejqP1qE3hPvZi96wFfOMqenpN+pSXqNJ1OPBCJ8a+8ZEioFKoEj3HkCCXjbmezAgms FuA7aFE9BfjJ2eQKw8B9G8X1FjvOTinYSZ2F+qHpKgywl4HTx0dMnYy+Pwu4DDIHkEaVH+uj K1/ed76WUEH51mX9m2Xu0onfQlSM3me6EvAAZiIDsCEbF9WttRuJbpfCFo0m2uW7BBugS7EG Jro1nRSQVnpJyTFgHb5EGMVVAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFh1801TSuxT Nltnv9rOjrZzUUgNMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJKLUnSG1oMG8GCCsGAQUF BwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsGAQUF BzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50MS5jcnQwOAYD VR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVudDEuY3Js MB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ryb2VkZXIuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tLzBHBgNVHSAEQDA+MDwGCysGAQQBgbU3AQIFMC0wKwYIKwYBBQUH AgEWH2h0dHBzOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggEB AKiJ9wpjJeHdEzHDZyqmhn4cHcRj9Ag7ZQK0meq1N3oQ9M1YeVge6vZe20LXojgXsNUQGLSt 1lW2s7fABkL9CF+/RtWznHxlp4YpWX/RgbHBo3uXKNA5JUOjbxQ2+1b1jaTp/FUrSIISAxgd RpeYAODJ0db1x8Q+l66DtIVjj7ktWISdJWE2Opn4QnaRwdj6n35Rul4S2ikUsmxtGrHLpjRR XJqbsGa0RZdJyUKlZ2ZRAoRz4jKHOogQcig937sR5Ut2pGOhrScEhgARY2c8Gs2olRTL3pue mE4vjY0g1Nwr9RzeFwMuasiFh4yD34i6jIRfoNzuLPgydjsJ0grw0akwggXiMIIDyqADAgEC AhBrp4p9CteI1lEK+Vnk57ThMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklMMRYwFAYD VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0 ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0xNTEyMTYwMTAwMDVaFw0zMDEyMTYwMTAwMDVaMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQK Ew1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC9fdr3w6J9g/Zbgv3bW1+uHht1wLUZr5gkrLtXedg17Ake fMyUGwrQdvwObhajcVmnKVxhrUwkZPXRAwZZosRHfEIi5FH7x6SV/8Sp5lZEuiMnvMFG2MzL A84J6Ws5T4NfXZ0qn4TPgnr3X2vPVS51M7Ua9nIJgn8jvTra4eyyQzxvuA/GZwKg7VQfDCmC S+kICslYYWgXOMt2xlsSslxLce0CGWRsT8EpMyt1iDflSjXZIsE7m1uTyHaKZspMLyIyz6my Su8j8BWWHpChNNeTrFuhVfrOAyDPFJVUvKZCLKBhibTLloyy+LatoWELrjdI4a8StZY8+dIR 9t4APXGzAgMBAAGjggFkMIIBYDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH AwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0 cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEF BQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRodHRwOi8vYWlh LnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFCSBbDlhvkkPj7cbRivJKLUn SG1oMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMD8GA1UdIAQ4MDYwNAYEVR0g ADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZI hvcNAQELBQADggIBAIvj94fsAYuErQ8BAluc4SMnIwS9NPBwAm5SH9uh2NCXTq7im61g7F1L IiNI/+wq37fUuaMbz4g7VarKQTgf8ubs0p7NZWcIe7Bvem2AWaXBsxsaRTYw5kG3DN8pd1hS EUuFoTa7DmNeFe8tiK1BrL3rbA/m48jp4AiFXgvxprJrW7izsyetOrRHPbkW4Y07v29MdhaP v3u1JELyszXqOzjIYo4sWlC8iDQXwgSW/ntvWy2n4LuiaozlCfXl149tKeqvwlvrla2Yklue /quWp9j9ou4T/OY0CXMuY+B8wNK0ohd2D4ShgFlMSjzAFRoHGKF81snTr2d1A7Ew02oF6UQy CkC2aNNsK5cWOojBar5c7HplX9aHYUCZouxIeU28SONJAxnATgR4cJ2jrpmYSz/kliUJ46S6 UpVDo/ebn9c6PaM/XtDYCCaM/7XX6wc3s++sbQ7CtCn1Ax7df6ufQbwyO0V+oFa9H0KAsjHM zcwk3EV2B2NLatidKE/m7G+rB9m+FlVgIiSp0mGlg43QO9Kh1+JqvTCIzv2bJJkmPMLQJNuK KwHNL8F4GGp6jbAV+WL+LDeGfVcq8DHS3LrD+xyYEXQBiqZEdiPVOMxLDSUCXsDO0uCWpaNQ 8j6y6S9p0xE/Ga0peVLadVHhqf9nXqKaxnr358VgfrxzUIrvOaOjMYIDzDCCA8gCAQEwgYkw dTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0 Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAx IENsaWVudCBDQQIQRUZXla0RfF+RsG1dLXCwoDANBglghkgBZQMEAgEFAKCCAhMwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMDIzMDgyMjExWjAvBgkq hkiG9w0BCQQxIgQgehc9Y4gx28kcYczpRvC2Q2ABbnfsrL/miwx27k5rFD0wbAYJKoZIhvcN AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3 DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBmgYJKwYB BAGCNxAEMYGMMIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkw JwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3Rh cnRDb20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwgZwGCyqGSIb3DQEJ EAILMYGMoIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYD VQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRD b20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwDQYJKoZIhvcNAQEBBQAE ggEAHk9bj7goMwb2QRpeBL4Fbz1dMxtUpmSEUXavT0n5WuPSmk0lJJQLBMe5ghXUz8bzVID1 RZf2XpEVXIebI7mdLn/uXK/seRu0AKpBjySLP+i4olu38RULsB1SU1qoEtCuZrFbvvPZxzhm tmy3eRI/rt/uT9PY2de0MAE4kjH4gyC3NBUCnnVbh9xfIKrK40IwYAPdJfjdq+EfANQJSJ+C GUryJn2y5gbt59pgZ8aq6qgEZHWTMHGi6a0oNWtd4peC5dtSILTCZQQVVHd0YY3hBPAMuqwA gYpcjrR0ePx/N0T0JBYZYdf9tUHjVSexTbn1LIcfSbsFK0UgfOpFkxXzAwAAAAAAAA== --------------ms060809020701010302070106--

1 0

Re: (ITS#8436) slapadd hang in bdb_tool_entry_close / ldap_pvt_thread_cond_wait
by lists＠steffen-moser.de 22 Oct '16

22 Oct '16

Dear Mark, On 05/25/16 2:38 PM, Mark Bannister wrote: > Can anyone shed light on why my slapadd process on Solaris 11 was > hanging (slapd 2.4.30)? I was piping ‘gunzip -c’ through to slapadd > (from an overnight cron job). This usually works fine. I’m guessing > perhaps the gunzip process encountered an error, maybe an EPIPE was > sent, but the stack trace many days later from slapadd doesn’t look > right. Only 2 threads, and both of them in > ldap_pvt_thread_cond_wait(), but no other threads so what are they > waiting for exactly? I've just come across your problem report which you posted to the "openldap-its" mailing list in this year's May: http://www.openldap.org/lists/openldap-technical/201605/threads.html#00079 Today, I encountered a similar hang of our OpenLDAP 2.4.30 server on a Solaris 11.3(.11.6.0) host. It is quite interesting that the function "bdb_tool_entry_close" doesn't seem to play a role in my case, but "ldap_pvt_thread_cond_wait" and "ldap_int_thread_pool_wrapper" do seem to. My questions to your address and to the mailing list are: Has the bug/problem been fully analyzed and has it been fixed in the meantime? Mark, did you have another hang of this kind or any similar problems with your OpenLDAP installation? Thank you very much in advance for any helpful hints! Kind regards, Steffen -- ------------------------------------------------------------------------ Dipl.-Inf. Steffen Moser School of Advanced Professional Studies Room: 45.3.110 Ulm University Tel: +49.731.50-32407 Albert-Einstein-Allee 45 Fax: +49.731.50-32409 89081 Ulm, Germany http://saps.uni-ulm.de/

1 0

Re: (ITS#8521) Cannot have replication working after setting up the replication config in slapd.d
by elecharny＠gmail.com 21 Oct '16

21 Oct '16

Is it just me, or the ITS WebUI is removing part of the message I typed ? Anyway, here is the complete descripton : Replication won't start if we set it up on running servers configured wit= h slapd.d. The scenario is the following : o We have 2 servers, one will become the provider, the other the consumer o They are initially empty%2ususing MDB (see the attached configurations, converted from slapd.conf to slapd.d) o We start the 2 servers o Step 1 : On the provider, we inject the following entry : dn: cn=3Dconfig changetype: modify add: olcServerId olcServerId: 1 - o Step 2 : On the provider, we inject the following entries : # Context entry dn: dc=3Dexample,dc=3Dcom changetype: add objectClass: domain objectClass: top dc: example # LDAPRoles, dc=3Dexample,dc=3Dcom dn: ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom objectClass: top objectClass: organizationalUnit ou: LDAPRoles dn: dc=3Dusers,dc=3Dexample,dc=3Dcom changetype: add dc: users objectClass: domain objectClass: top dn: cn=3DJohndoe,dc=3Dusers,dc=3Dexample,dc=3Dcom changetype: add objectClass: person objectClass: top sn: John Doe cn: Johndoe # replicator, LDAPRoles, dc=3Dexample, dc=3Dcom dn: cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom objectClass: top objectClass: simpleSecurityObject objectClass: organizationalRole userPassword: secret cn: replicator o Step 3 : On the consumer, we inject the following entry : # Context entry dn: dc=3Dexample,dc=3Dcom changetype: add objectClass: domain objectClass: top dc: example o Step 4 : On the provider, we inject the following entries : dn: cn=3Dmodule{0},cn=3Dconfig changetype: modify add: olcModuleLoad olcModuleLoad: syncprov - dn: olcOverlay=3Dsyncprov,olcDatabase=3D{1}mdb,cn=3Dconfig changetype: add objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top objectClass: olcSyncprovConfig olcOverlay: syncprov olcSpSessionLog: 10000 olcSpCheckpoint: 100 10 dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify add: olcLimits olcLimits: dn.exact=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dc= om" time.soft=3Dunlimited time.h ard=3Dunlimited size.soft=3Dunlimited size.hard=3Dunlimited - dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify replace: olcAccess olcAccess: {0}to dn.subtree=3D"dc=3Dexample,dc=3Dcom" by self write by = dn.exact=3D"cn=3D replicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" read by anonymous auth = by * read - o Step 5 : On the consumer, we inject the following entry : dn: olcDatabase=3D{1}mdb,cn=3Dconfig changetype: modify add: olcSyncrepl olcSyncrepl: rid=3D1 provider=3Dldap://10.61.155.18 bindmethod=3Dsimple b= i nddn=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" credential= s=3Dsecret type=3DrefreshAndPersis t searchbase=3D"dc=3Dexample,dc=3Dcom" filter=3D"(objectclass=3D*)" scop= e=3Dsub schemacheck ing=3Don retry=3D"5 10 60 +" sizeLimit=3Dunlimited timelimit=3Dunlimited - At this point, one would expect the replication to kick on, and having th= e entries flowing from the producer to the consumer, but nothing happens. Ignoring the first step (ServerID setting), and applying the other steps,= just work fine. It seems that setting the ServerID blocks everything (FT= R, it does not help either to setup the consumer's ServerID). This is problematic in a scenario where we would try to make 2 servers be= ing replicated in a MMR typology with MirrorMode set, as the ServerID wi= l be mandatory. Here is the provider configuratio (this is in slapd.conf format for conve= nience, it is being converted to slapd.d before the server is started) : #########################################################################= ######## ## Provider configuration #########################################################################= ######### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Schema files. Note that not all of these schemas co-exist peacefully. # Use only those you need and leave the rest commented out. include "/opt/symas/etc/openldap/schema/core.schema" include "/opt/symas/etc/openldap/schema/cosine.schema" include "/opt/symas/etc/openldap/schema/inetorgperson.schema" include "/opt/symas/etc/openldap/schema/misc.schema" # TLSCipherSuite <cipher-suite-spec> # Permits configuring what ciphers will be accepted and the # preference order. <cipher-suite-spec> should be a cipher # specification for the TLS library in use (OpenSSL, GnuTLS, or # Mozilla NSS). TLSCipherSuite HIGH:MEDIUM # Files in which to store the process id and startup arguments. # These files are needed by the init scripts, so only change # these if you are prepared to edit those scripts as well. pidfile "/var/symas/run/slapd.pid" argsfile "/var/symas/run/slapd.args" # Choose the directory for loadable modules. modulepath "/opt/symas/lib64/openldap" # Uncomment the moduleloads as needed to enable additional # functionalityi when configured. NOTE: We package many=20 # more modules options than those found below.=20 moduleload back_mdb.la moduleload back_monitor.la # Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn=3D"" by * read access to * by self write by users read by anonymous auth #----------------------------------------------------------------------- # LOGGING loglevel stats sync ####################################################################### # config database ####################################################################### database config rootdn "cn=3DDirectory Manager,cn=3Dconfig" rootpw secret access to * by * none ####################################################################### # Sample LMDB database definitions ####################################################################### database mdb suffix "dc=3Dexample,dc=3Dcom" rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details describing # the creation of encrypted passwords. rootpw secret # Indices to maintain # index default sets the basic type of indexing to perform if there isn't= any indexing specified for a given attribute index default eq index objectClass index cn # The database directory MUST exist prior to running slapd AND=20 # should only be accessible by the slapd/tools. Mode 700 recommended. # One directory will be needed for each backend, so you should # create a subdirectory beneath /var/symas/openldap-data for each # new backend. This is also where the DB_CONFIG file needs to be # placed. directory "/var/symas/openldap-data/example" # Here we specify the maximum on-disk size of the database. It is=20 # Recommended to set this near the expected free-space availability # for the machine. This paramiter is not pre-allocated and simply=20 # represents the upward limit to which the database will be allowed # to grow. Note: Specified in *bytes*. Here, we set it to 1gb. maxsize 10485760 ####################################################################### # Monitor database ####################################################################### database monitor access to dn.subtree=3D"cn=3Dmonitor" by * read And here is the consumer configuration : #########################################################################= ######## ## Consumer configuration #########################################################################= ######### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Schema files. Note that not all of these schemas co-exist peacefully. # Use only those you need and leave the rest commented out. include "/opt/symas/etc/openldap/schema/core.schema" include "/opt/symas/etc/openldap/schema/cosine.schema" include "/opt/symas/etc/openldap/schema/inetorgperson.schema" include "/opt/symas/etc/openldap/schema/misc.schema" # # TLSCipherSuite <cipher-suite-spec> # Permits configuring what ciphers will be accepted and the # preference order. <cipher-suite-spec> should be a cipher # specification for the TLS library in use (OpenSSL, GnuTLS, or # Mozilla NSS). TLSCipherSuite HIGH:MEDIUM # Files in which to store the process id and startup arguments. # These files are needed by the init scripts, so only change # these if you are prepared to edit those scripts as well. pidfile "/var/symas/run/slapd.pid" argsfile "/var/symas/run/slapd.args" # Choose the directory for loadable modules. modulepath "/opt/symas/lib64/openldap" # Uncomment the moduleloads as needed to enable additional # functionalityi when configured. NOTE: We package many # more modules options than those found below. moduleload back_mdb.la moduleload back_monitor.la # Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn=3D"" by * read access to * by self write by users read by anonymous auth #----------------------------------------------------------------------- # LOGGING loglevel stats sync ####################################################################### # config database ####################################################################### database config rootdn "cn=3DDirectory Manager,cn=3Dconfig" rootpw secret access to * by * none ####################################################################### # Sample LMDB database definitions ####################################################################### database mdb suffix "dc=3Dexample,dc=3Dcom" rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details describing # the creation of encrypted passwords. rootpw secret # Indices to maintain # index default sets the basic type of indexing to perform if there isn't= any indexing specified for a given attribute index default eq index objectClass index cn # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. # One directory will be needed for each backend, so you should # create a subdirectory beneath /var/symas/openldap-data for each # new backend. This is also where the DB_CONFIG file needs to be # placed. directory "/var/symas/openldap-data/example" # Here we specify the maximum on-disk size of the database. It is # Recommended to set this near the expected free-space availability # for the machine. This paramiter is not pre-allocated and simply # represents the upward limit to which the database will be allowed # to grow. Note: Specified in *bytes*. Here, we set it to 1gb. maxsize 10485760 ####################################################################### # Monitor database ####################################################################### database monitor access to dn.subtree=3D"cn=3Dmonitor" by * read Le 21/10/16 =C3=A0 23:45, openldap-its(a)OpenLDAP.org a =C3=A9crit : > *** THIS IS AN AUTOMATICALLY GENERATED REPLY *** > > Thanks for your report to the OpenLDAP Issue Tracking System. Your > report has been assigned the tracking number ITS#8521. > > One of our support engineers will look at your report in due course. > Note that this may take some time because our support engineers > are volunteers. They only work on OpenLDAP when they have spare > time. > > If you need to provide additional information in regards to your > issue report, you may do so by replying to this message. Note that > any mail sent to openldap-its(a)openldap.org with (ITS#8521) > in the subject will automatically be attached to the issue report. > > mailto:openldap-its@openldap.org?subject=3D(ITS#8521) > > You may follow the progress of this report by loading the following > URL in a web browser: > http://www.OpenLDAP.org/its/index.cgi?findid=3D8521 > > Please remember to retain your issue tracking number (ITS#8521) > on any further messages you send to us regarding this report. If > you don't then you'll just waste our time and yours because we > won't be able to properly track the report. > > Please note that the Issue Tracking System is not intended to > be used to seek help in the proper use of OpenLDAP Software. > Such requests will be closed. > > OpenLDAP Software is user supported. > http://www.OpenLDAP.org/support/ > > -------------- > Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved. > --=20 Emmanuel Lecharny Symas.com directory.apache.org

1 0

(ITS#8521) Cannot have replication working after setting up the replication config in slapd.d
by elecharny＠apache.org 21 Oct '16

21 Oct '16

Full_Name: Emmanuel L.charny Version: 2.4.45 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (90.92.161.247) Replication won't start if we set it up on running servers configured with slapd.d. The scenario is the following : o We have 2 servers, one will become the provider, the other the consumer o They are initially empty%2ususing MDB (see the attached configurations, converted from slapd.conf to slapd.d) o We start the 2 servers o Step 1 : On the provider, we inject the following entry : dn: cn=config changetype: modify add: olcServerId olcServerId: 1 -

1 0

Re: (ITS#8504) LDMB: Return EPIPE from mdb_env_copyfd2 instead abort on SIGPIPE
by lmb＠cloudflare.com 20 Oct '16

20 Oct '16

--001a114741aec1bad3053f481b06 Content-Type: text/plain; charset=UTF-8 On 20 October 2016 at 09:35, Hallvard Breien Furuseth < h.b.furuseth(a)usit.uio.no> wrote: > > Hmm. Nevermind, it's probably better to leave that to the user. > It gets ugly for a library to meddle with the current thread's > signals. I.e. it must check if SIGPIPE was already pending > before the call, and don't collect it on EPIPE in that case. > Yeah, I agree. Your changes LGTM. Interesting point re atomic int write, I wasn't entirely sure how mc_error could be accesses, so I decided to play it safe. -- Lorenz Bauer | Systems Engineer 25 Lavington St., London SE1 0NZ www.cloudflare.com --001a114741aec1bad3053f481b06 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">= On 20 October 2016 at 09:35, Hallvard Breien Furuseth <span dir=3D"ltr">&lt= ;<a href=3D"mailto:h.b.furuseth@usit.uio.no" target=3D"_blank">h.b.furuseth= @usit.uio.no</a>></span> wrote:<blockquote class=3D"gmail_quote" style= =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hmm.=C2=A0 Nevermind, it's probably better to leave that to the user.<b= r> It gets ugly for a library to meddle with the current thread's<br> signals.=C2=A0 I.e. it must check if SIGPIPE was already pending<br> before the call, and don't collect it on EPIPE in that case.<span class= =3D"HOEnZb"><font color=3D"#888888"><br></font></span></blockquote></div><d= iv><br></div><div>Yeah, I agree. Your changes LGTM.</div><div><br></div><di= v>Interesting point re atomic int write, I wasn't entirely sure how mc_= error could be accesses, so I decided to play it safe.</div><div><br></div>= -- <br><div class=3D"gmail_signature" data-smartmail=3D"gmail_signature">Lo= renz Bauer =C2=A0| =C2=A0Systems Engineer<br>25 Lavington St., London SE1 0= NZ<br><br><a href=3D"http://www.cloudflare.com" target=3D"_blank">www.cloud= flare.com</a></div> </div></div> --001a114741aec1bad3053f481b06--

1 0

Re: (ITS#8504) LDMB: Return EPIPE from mdb_env_copyfd2 instead abort on SIGPIPE
by h.b.furuseth＠usit.uio.no 20 Oct '16

20 Oct '16

I wrote: > And.. duh, we've forgotten mdb_copy without MDB_CP_COMPACT. > I'll do it later if nobody beats me to it. Hmm. Nevermind, it's probably better to leave that to the user. It gets ugly for a library to meddle with the current thread's signals. I.e. it must check if SIGPIPE was already pending before the call, and don't collect it on EPIPE in that case. -- Hallvard

1 0

Re: (ITS#8504) LDMB: Return EPIPE from mdb_env_copyfd2 instead abort on SIGPIPE
by h.b.furuseth＠usit.uio.no 20 Oct '16

20 Oct '16

On 27/09/16 22:14, lmb(a)cloudflare.com wrote: >On 26 September 2016 at 20:48, Hallvard Breien Furuseth <h.b.furuseth(a)usit.uio.no> wrote: >> I think we can skip sigwait() too since the thread will exit when done. >> (...) > > That's what my initial patch did. At least on OS X this leads to the > process receiving SIGPIPE and dying. OK. I've put a fixed version including that comment in branch "mdb/its8504-sigpipe" @ <git://git.uio.no/u/hbf/openldap.git>. We can squash the commits later: Never clear mc_error, we'd lose failure in the other thread. It's not mutex-protected, which is OK: If both threads set it, we'll get one of the errors. LMDB already expects atomic int. And.. duh, we've forgotten mdb_copy without MDB_CP_COMPACT. I'll do it later if nobody beats me to it. Test: Comment out SIGPIPE in mdb_copy.c, then run bash$ (sleep 1; ./mdb_copy testdb; echo exit $? >&2) | true exit 141 Exit values >= 128 are aborts from signals.

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs