openldap-bugs

openldap-bugs@openldap.org

1 participants
20959 discussions

Re: (ITS#7919) slapd would not start with back-ldap database
by hyc＠symas.com 14 Aug '14

14 Aug '14

quanah(a)zimbra.com wrote: > --On Wednesday, August 13, 2014 8:27 AM +0000 dieter(a)dkluenter.de wrote: > >> Sorry, it is back-ldap with pcache and it seems to be a pcache >> problem. When disabling pcache, slapd runs fine. > > a) Confirm you still see this issue with current RE24 if you want it fixed > in the 2.4 series, as in general we're planning on 2.4.40 to be the final > release for 2.4 > > b) If you are able to reproduce this with current RE24, please provide an > example configuration that causes the issue. test020 passes w/o issue. The example config is invalid. ### include schema/core.schema include schema/cosine.schema include schema/inetorgperson.schema # modulepath ../servers/slapd/overlays moduleload pcache.la database ldap uri ldap://example.com suffix dc=example,dc=com rootdn dc=example,dc=com rootpw xxx overlay pcache directory /tmp/testr/db.1.a pcache mdb 50000 2 500 3600 pcacheAttrset 0 mail uid pcacheAttrset 1 cn telephoneNumber pcachePersist TRUE pcacheTemplate (mail=) 0 10800 7200 pcacheTemplate (uid=) 1 10800 7200 index objectclass pres index mail,uid,telephoneNumber pres,eq database monitor ### "directory" is not a valid config keyword for the pcache overlay. It is a valid keyword for back-mdb, but here it was given before the "pcache mdb..." line so slapd doesn't yet know that back-mdb will be used. The slapo-pcache(5) manpage clearly states what directives are valid. Personally I'd be fine with leaving this to SEGV as it does. Catching user errors doesn't help much in the long run; either way slapd will fail to start so there's no difference either way. But in this case, the SEGV is now prevented in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7919) slapd would not start with back-ldap database
by quanah＠zimbra.com 13 Aug '14

13 Aug '14

--On Wednesday, August 13, 2014 8:27 AM +0000 dieter(a)dkluenter.de wrote: > Sorry, it is back-ldap with pcache and it seems to be a pcache > problem. When disabling pcache, slapd runs fine. a) Confirm you still see this issue with current RE24 if you want it fixed in the 2.4 series, as in general we're planning on 2.4.40 to be the final release for 2.4 b) If you are able to reproduce this with current RE24, please provide an example configuration that causes the issue. test020 passes w/o issue. Thanks --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#7919) slapd would not start with back-ldap database
by dieter＠dkluenter.de 13 Aug '14

13 Aug '14

Am Tue, 12 Aug 2014 23:24:09 -0700 schrieb Howard Chu <hyc(a)symas.com>: > dieter(a)dkluenter.de wrote: > > Full_Name: Dieter > > Version: 2.4.39 > > OS: openSuse-13.1 > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (62.226.250.246) > > > > > > When slapd configured with database ldap only, an error occurs, > > > > gdb) bt > > #0 0x00007ffff7bb8038 in get_token (sp=3Dsp@entry=3D0x7fffffff9590, > > token_val=3Dtoken_val@entry=3D0x7fffffff9598) > > at schema.c:1018 > > #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=3Ds@entry=3D0x7 > > <Address 0x7 out of bounds>, > > code=3Dcode@entry=3D0x7fffffff95f4, errp=3Derrp@entry=3D0x7fffffff= 95f8, > > flags=3Dflags@entry=3D63) at schema.c:2461 > > #2 0x00005555555e7c1c in register_oc (def=3D0x7 <Address 0x7 out of > > bounds>, soc=3D0x7ffff30a59d0 <pcocs+112>, > > dupok=3Ddupok@entry=3D1) at oc.c:917 > > #3 0x00005555555935ee in init_config_ocs > > (ocs=3Docs@entry=3D0x7ffff30a5960 <pcocs>) at config.c:556 > > #4 0x000055555558bf18 in config_register_schema (ct=3D0x7ffff30a54c0 > > <pccfg>, ocs=3D0x7ffff30a5960 <pcocs>) > > > > > The trace indicates something initializing the proxycache overlay, > which contradicts your statement that only back-ldap was configured. Sorry, it is back-ldap with pcache and it seems to be a pcache problem. When disabling pcache, slapd runs fine. -Dieter=20 --=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E

1 0

Re: (ITS#7918) error building back-ldap
by hyc＠symas.com 13 Aug '14

13 Aug '14

dieter(a)dkluenter.de wrote: > Full_Name: Dieter Klünter > Version: openldap-OPENLDAP_REL_ENG_2_4-b046124 > OS: openSuse-13.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (93.220.56.191) > > > cd back-ldap; make -w all > make[3]: Entering directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' > rm -f version.c > ../../../build/mkversion -v "2.4.X" back_ldap > version.c > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c Don't define LDAP_DEVEL unless you know what you're doing. Closing this ITS. > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > init.c -o init.o > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > config.c -o config.o > /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > search.c -o search.o > /bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 > -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c > cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c > bind.c -o bind.o > bind.c: In function 'ldapack_k_proxy_authz_bind': > bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this > function) > if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) { > ^ > bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each > function it appears in > bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in > this function) > ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST; > ^ > bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in > this function) > ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, > ^ > bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this > function) > } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) { > ^ > bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this > function) > if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) && > ^ > make[3]: *** [bind.lo] Fehler 1 > make[3]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' > make[2]: *** [.backend] Fehler 1 > make[2]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd' > make[1]: *** [all-common] Fehler 1 > make[1]: Leaving directory > `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers' > make: *** [all-common] Fehler 1 > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7919) slapd would not start with back-ldap database
by hyc＠symas.com 13 Aug '14

13 Aug '14

dieter(a)dkluenter.de wrote: > Full_Name: Dieter > Version: 2.4.39 > OS: openSuse-13.1 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (62.226.250.246) > > > When slapd configured with database ldap only, an error occurs, > > gdb) bt > #0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590, > token_val=token_val@entry=0x7fffffff9598) > at schema.c:1018 > #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out > of bounds>, > code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8, > flags=flags@entry=63) at schema.c:2461 > #2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>, > soc=0x7ffff30a59d0 <pcocs+112>, > dupok=dupok@entry=1) at oc.c:917 > #3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>) > at config.c:556 > #4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>, > ocs=0x7ffff30a5960 <pcocs>) > > The trace indicates something initializing the proxycache overlay, which contradicts your statement that only back-ldap was configured. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7919) slapd would not start with back-ldap database
by dieter＠dkluenter.de 13 Aug '14

13 Aug '14

Full_Name: Dieter Version: 2.4.39 OS: openSuse-13.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.226.250.246) When slapd configured with database ldap only, an error occurs, gdb) bt #0 0x00007ffff7bb8038 in get_token (sp=sp@entry=0x7fffffff9590, token_val=token_val@entry=0x7fffffff9598) at schema.c:1018 #1 0x00007ffff7bbc6f2 in ldap_str2objectclass (s=s@entry=0x7 <Address 0x7 out of bounds>, code=code@entry=0x7fffffff95f4, errp=errp@entry=0x7fffffff95f8, flags=flags@entry=63) at schema.c:2461 #2 0x00005555555e7c1c in register_oc (def=0x7 <Address 0x7 out of bounds>, soc=0x7ffff30a59d0 <pcocs+112>, dupok=dupok@entry=1) at oc.c:917 #3 0x00005555555935ee in init_config_ocs (ocs=ocs@entry=0x7ffff30a5960 <pcocs>) at config.c:556 #4 0x000055555558bf18 in config_register_schema (ct=0x7ffff30a54c0 <pccfg>, ocs=0x7ffff30a5960 <pcocs>)

1 0

(ITS#7918) error building back-ldap
by dieter＠dkluenter.de 12 Aug '14

12 Aug '14

Full_Name: Dieter Klünter Version: openldap-OPENLDAP_REL_ENG_2_4-b046124 OS: openSuse-13.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (93.220.56.191) cd back-ldap; make -w all make[3]: Entering directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' rm -f version.c ../../../build/mkversion -v "2.4.X" back_ldap > version.c /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c init.c -o init.o /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c config.c -o config.o /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c search.c -o search.o /bin/sh %2/../../libtool --tag=disable-shared --mode=compile cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c cc -DLDAP_DEVEL -g3 -m64 -I../../../include -I../../../include -I.. -I./.. -c bind.c -o bind.o bind.c: In function 'ldapack_k_proxy_authz_bind': bind.c:2325:32: error: 'LDAP_BACK_AUTH_DN_AUTHZID' undeclared (first use in this function) if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_AUTHZID ) { ^ bind.c:2325:32: note: each undeclared identifier is reportednlnly once for each function it appears in bind.c:2328:21: error: 'LDAP_CONTROL_AUTHZID_REQUEST' undeclared (first use in this function) ctrl.ldctl_oid = LDAP_CONTROL_AUTHZID_REQUEST; ^ bind.c:2371:32: error: 'LDAP_CONTROL_AUTHZID_RESPONSE' undeclared (first use in this function) ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, ^ bind.c:2389:40: error: 'LDAP_BACK_AUTH_DN_WHOAMI' undeclared (first use in this function) } else if ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_WHOAMI ) { ^ bind.c:2407:35: error: 'LDAP_BACK_AUTH_DN_MASK' undeclared (first use in this function) if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_DN_MASK ) && ^ make[3]: *** [bind.lo] Fehler 1 make[3]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd/back-ldap' make[2]: *** [.backend] Fehler 1 make[2]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers/slapd' make[1]: *** [all-common] Fehler 1 make[1]: Leaving directory `/home/dieter/build/openldap-OPENLDAP_REL_ENG_2_4-b046124/servers' make: *** [all-common] Fehler 1

1 0

(ITS#7917) LMDB: bug in mdb_dbi_open creating subDB
by hyc＠openldap.org 11 Aug '14

11 Aug '14

Full_Name: Howard Chu Version: 2.4 OS: Solaris/Sparc URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.233.73) Submitted by: hyc mdb_dbi_open may use "dummy" after it has gone out of scope, when creating a new named subDB. This never caused any problem under gcc, but breaks using the Sun C compiler when debugging is enabled and optimization is disabled. A fix is coming shortly.

1 0

Re: (ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by quanah＠zimbra.com 06 Aug '14

06 Aug '14

--On Wednesday, August 06, 2014 11:26 AM +0000 anshman.osc(a)gmail.com wrote: > Full_Name: Anshuman > Version: 2.4.23 2.4.23 is 4+ years old. In addition, the ITS system is for filing bugs, not for asking usage questions. You need to (a) upgrade to a current release or (b) contact the vendor of your massively out of date packages. For (a), I suggest packages from either Symas or the LTB project if you are not able to build OpenLDAP yourself. This ITS will be closed. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7916) ppolicy doesn't set pwdAccountLockedTime
by anshman.osc＠gmail.com 06 Aug '14

06 Aug '14

Full_Name: Anshuman Version: 2.4.23 OS: RHEL 6.4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (198.241.211.15) Hello, I am trying to get the ppolicy to lock account after N unsuccessful attempts. To accomplish this, I defined the overlay policy in slapd.conf, and also attached the pwdPolicySubentry to the user object. It is able to detect the password policy, because the number of times "pwdFailureTime" appears is always 1 less than the value I set for "pwdMaxFailure" in the password policy. So, if I set pwdMaxFailure=4, the count pwdFailureTime stops growing after 3. However, the pwdAccountLockedTime is never set. Up until release 2.3.x adding a rootdn entry to the slapd.conf solved this issue. But today we are trying to upgrade to 2.4.23, and this "fix" no longer works. Could someone please let me know what needs to be done to make this work? -- slapd.conf--- # Load dynamic backend modules: modulepath /usr/lib64/openldap moduleload ppolicy.la moduleload auditlog.la overlay ppolicy ppolicy_default "cn=Standard,ou=Policies,dc=mycompany,dc=com" ppolicy_use_lockout

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs