openldap-bugs

openldap-bugs@openldap.org

1 participants
20960 discussions

(ITS#7813) lmdb multi threaded env creation on Win32 can fail
by clayton.stangeland＠gmail.com 05 Mar '14

05 Mar '14

Full_Name: Clayton Stangeland Version: gitorious mdb last commit Feb 19, 2014 e2bdd44624a525d4847c22d7ebf1ea4d154ed734 OS: Windows 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (192.94.73.31) There is a bug in lightning mdb in mdb.c when running Windows. When creating an environment to the same file in multiple threads, an error can occur on the OpenMutex call and some of the creations will fail. In mdb_env_setup_locks, mdb_env_excl_lock is called. If it acquires an exclusive lock CreateMutex is called. env->me_rmutex = CreateMutex(&mdb_all_sa, FALSE, env->me_txns->mti_rmname); If not OpenMutex is called. env->me_rmutex = OpenMutex(SYNCHRONIZE, FALSE, env->me_txns->mti_rmname); The OpenMutex call can fail if there is a thread context switch between the time the exclusive lock is acquired and the time CreateMutex is called, because the mutex to open has not actually been created yet. To be clear OpenMutex in another thread gets run before CreateMutex in the first thread. The solution is to replace the OpenMutex calls with CreateMutex. It will either open the mutex if it exists or create it if it does not. Setting the bInitialOwner flag to FALSE as is already done is the recommended way to use CreateMutex in this situation.

1 0

Re: (ITS#7812) Applictaion going down due to Ldap Break down and Restart is required
by quanah＠zimbra.com 05 Mar '14

05 Mar '14

--On March 5, 2014 at 9:17:52 AM +0000 m.noorishah.burhan(a)accenture.com wrote: > Full_Name: Mohammed Noorishah > Version: 2.3.43-12.el5 > OS: Linux version 2.6.18-194.el5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (170.248.47.80) > > > Dear All, > > we are getting application down almost like every 2/3 day > and Required LDAP Restart as a fix, can any one advice what could be the > problem .. > > Required to know, > what all data get cleared in ldap or refreshed during openLdap restart. > so that application will work fine. We have no idea who wrote your application or what it involves. You are running an unsupported release of OpenLDAP provided by RedHat. If you have issue with the OpenLDAP build provided by RedHat, then you must contact them for support. The openldap ITS system is not the correct place to be pursuing the issues you have with your RedHat build of an ancient unsupported version of OpenLDAP. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#7812) Applictaion going down due to Ldap Break down and Restart is required
by m.noorishah.burhan＠accenture.com 05 Mar '14

05 Mar '14

Full_Name: Mohammed Noorishah Version: 2.3.43-12.el5 OS: Linux version 2.6.18-194.el5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (170.248.47.80) Dear All, we are getting application down almost like every 2/3 day and Required LDAP Restart as a fix, can any one advice what could be the problem .. Required to know, what all data get cleared in ldap or refreshed during openLdap restart. so that application will work fine.

1 0

RE: (ITS#7811) Applictaion going down due to Ldap Break down and Restart is required
by m.noorishah.burhan＠accenture.com 04 Mar '14

04 Mar '14

Hi Howard, Sorry for the confusion - we have marked in property file as version = 3 Kindly advice on the same . Your help would be really grateful. Thanks and Regards Noorishah. 09663398005 -----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, March 04, 2014 9:49 PM To: Noorishah Burhan, M.; openldap-its(a)openldap.org Subject: Re: (ITS#7811) Applictaion going down due to Ldap Break down and Restart is required m.noorishah.burhan(a)accenture.com wrote: > Full_Name: Mohammed Noorishah > Version: 3.3 > OS: Unix > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (170.248.47.80) > There is no OpenLDAP v3.3. It seems you're not using OpenLDAP software and you've contacted us in error. This ITS will be closed. > related to 7810, Wrongly given my email id ..corrected now > (m.noorishah.burhan(a)accenture.com) > > Kindly do the needful > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com

1 0

Re: (ITS#7811) Applictaion going down due to Ldap Break down and Restart is required
by hyc＠symas.com 04 Mar '14

04 Mar '14

m.noorishah.burhan(a)accenture.com wrote: > Full_Name: Mohammed Noorishah > Version: 3.3 > OS: Unix > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (170.248.47.80) > There is no OpenLDAP v3.3. It seems you're not using OpenLDAP software and you've contacted us in error. This ITS will be closed. > related to 7810, Wrongly given my email id ..corrected now > (m.noorishah.burhan(a)accenture.com) > > Kindly do the needful > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7811) Applictaion going down due to Ldap Break down and Restart is required
by m.noorishah.burhan＠accenture.com 04 Mar '14

04 Mar '14

Full_Name: Mohammed Noorishah Version: 3.3 OS: Unix URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (170.248.47.80) related to 7810, Wrongly given my email id ..corrected now (m.noorishah.burhan(a)accenture.com) Kindly do the needful

1 0

(ITS#7810) Applictaion going down due to Ldap Break down and Restart is required
by m.noorishah.burhan＠accneture.com 04 Mar '14

04 Mar '14

Full_Name: Mohammed Noorishah Version: v3.3 OS: Unix URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (170.248.47.80) Hi Team, we are getting application down almost like every 3 day and Required LDAP Restart as a fix can any one advice what could be the problem .. Required to know, what all data get cleared in ldap or refreshed during Ldap restart. so that application is working fine.

1 0

(ITS#7809) cross-compiling and openldap-thread-check.m4
by stenn＠ntp.org 03 Mar '14

03 Mar '14

Full_Name: Harlan Stenn Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (63.155.158.122) openldap-thread-check.m4 seems to hand-code an equivalent of AC_ARG_WITH() processing for the with_yielding_select stuff. This code has at least one typo and at least one bug; it does not work in the case where one is cross-compiling. Before I go and submit a patch that would convert this macro to using AC_ARG_WITH, I figured I should ask to see why things were done the way they were.

1 0

RE: (ITS#7807) rebind-as-user in slapd-meta not running
by theedgeu2＠live.com 01 Mar '14

01 Mar '14

--_b67832eb-f95f-44fc-96d8-4e1d626f474b_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable First of all thank you for your quick answer. =20 Before I posted the question I've read the man pages several times trying t= o understand how slapd-meta runs. I don't speak english very well (as you c= an see) so it's probably that i've don't understand it completly. =20 As I've tried to explain in my question=2C I used idassert-bind before and = it runs ok=2C but I don't understand why I've to use an administrative acco= unt to connect the proxy with the targets if I only want to passthrough the= credentials of the user that was authenticated on the proxy. So I tried to= use rebind-as-user thinking it was the solution but as you say this is for= another use. =20 Only for confirm what I'm doing. Is this the correct directive for what I'm= trying to do? idassert-bind mode=3Dself bindmethod=3Dsimple binddn=3D"cn=3Dadminuser=2Cou= =3Dusers=2Cdc=3Dtest=2Cdc=3Dcom" credentials=3D"password of admin user" =20 Regards =20 > Date: Fri=2C 28 Feb 2014 21:23:52 +0100 > From: pierangelo.masarati(a)polimi.it > To: theedgeu2(a)live.com > CC: openldap-its(a)openldap.org > Subject: Re: (ITS#7807) rebind-as-user in slapd-meta not running >=20 > On 02/28/2014 11:00 AM=2C theedgeu2(a)live.com wrote: > > Full_Name: Angel Martinez > > Version: 2.4.39 > > OS: Red Hat Linux 6.4 > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (217.71.18.36) > > > > > > I'm trying to configure a LDAP proxy with slapd-meta. > > > > I have several suffixs over several instances that shares the same user > > accounts. It's posible that one user had access to several targets. > > > > The targets are: > > > > * Users: ou=3Dusers=2C dc=3Dtest=2C dc=3Dcom (here resides all accounts= ) > > > > * Target1: ou=3Dtarget1=2C dc=3Dtest=2C dc=3Dcom > > > > * Target2: ou=3Dtarget2=2C dc=3Dtest=2C dc=3Dcom > > > > These 3 suffix are on 3 differents instances. > > > > The instances where target1 and target2 are also have another suffix: o= u=3Dusers=2C > > dc=3Dtest=2C dc=3Dcom. This suffix is replicated from the first instanc= e (Users) > > > > Normally=2C the users connect throught the proxy=2C but sometimes will = connect > > directly to the others instances. > > > > Basically this is the slapd.conf of the proxy: > > > > database meta > > chase-referrals yes > > rebind-as-user yes > > > > suffix "ou=3Dusers=2Cdc=3Dtest=2Cdc=3Dcom" > > uri "ldap://192.168.1.34:3891/ou=3Dusers=2Cdc=3Dtest=2Cdc=3Dcom" > > > > suffix "ou=3Dtarget1=2Cdc=3Dtest=2Cdc=3Dcom" > > uri "ldap://192.168.1.34:3892/ou=3Dtarget1=2Cdc=3Dtest=2Cdc=3Dcom" > > > > suffix "ou=3Dtarget2=2Cdc=3Dtest=2Cdc=3Dcom" > > uri "ldap://192.168.1.34:3893/ou=3Dtarget2=2Cdc=3Dtest=2Cdc=3Dcom" > > > > When a user connects to the proxy with cn=3Duser1=2Cou=3Dusers=2Cdc=3Dt= est=2Cdc=3Dcom=2C the > > user is validated against the first target (ou=3Dusers) and can search = over this > > suffix=2C but if this user try to search something over other target (f= or example > > ou=3Dtarget1) the proxy does not use the credentials of the user and do= an > > anonymous bind to target1=2C so the search doesn't run. > > > > I thought that rebind-as-user resolve this but doesn't run. > > > > I've tried using idassert-bind mode=3Dself bindmethod=3Dsimple > > binddn=3D"cn=3Dadminuser=2Cou=3Dusers=2Cdc=3Dtest=2Cdc=3Dcom" credentia= ls=3D"password" and runs > > ok=2C but I prefer not to use an administrative account to connect the = proxy with > > the targets. > > > > Is there something I'm missing? >=20 > Yes=2C you did not read slapd-meta(5) man page. rebind-as-user is used i= n=20 > a totally different context. What you need is idassert-bind. >=20 >=20 > Please direct further conversation to <openldap-technical(a)openldap.org>.= =20 > This ITS will be closed. >=20 > p. >=20 >=20 > --=20 > Pierangelo Masarati > Associate Professor > Dipartimento di Scienze e Tecnologie Aerospaziali > Politecnico di Milano = --_b67832eb-f95f-44fc-96d8-4e1d626f474b_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html> <head> <style></style></head> <body class=3D'hmmessage'><div dir=3D'ltr'> First of all thank you for y= our quick answer. &nbsp=3B Before I posted the question I've read the= man pages several times trying to understand how slapd-meta runs. I don't = speak english very well (as you can see) so it's probably that i've don't u= nderstand it completly. &nbsp=3B As I've tried to&nbsp=3Bexplain in m= y question=2C I used idassert-bind before and it runs ok=2C but I don't und= erstand why I've to use an administrative account to connect the proxy with= the targets if I only want to passthrough the credentials of the user that= was authenticated on the proxy. So I tried to use rebind-as-user thinking = it was the solution but as you say this is for another use. &nbsp=3B = Only for confirm what I'm doing. Is this the correct directive for what I'm= trying to do? idassert-bind mode=3Dself bindmethod=3Dsimple binddn=3D"c= n=3Dadminuser=2Cou=3Dusers=2Cdc=3Dtest=2Cdc=3Dcom" credentials=3D"password = of admin user" &nbsp=3B Regards &nbsp=3B <div>&gt=3B Date: Fri= =2C 28 Feb 2014 21:23:52 +0100 &gt=3B From: pierangelo.masarati(a)polimi.i= t &gt=3B To: theedgeu2(a)live.com &gt=3B CC: openldap-its(a)openldap.org<= br>&gt=3B Subject: Re: (ITS#7807) rebind-as-user in slapd-meta not running<= br>&gt=3B &gt=3B On 02/28/2014 11:00 AM=2C theedgeu2(a)live.com wrote:<br= >&gt=3B &gt=3B Full_Name: Angel Martinez &gt=3B &gt=3B Version: 2.4.39<b= r>&gt=3B &gt=3B OS: Red Hat Linux 6.4 &gt=3B &gt=3B URL: ftp://ftp.openl= dap.org/incoming/ &gt=3B &gt=3B Submission from: (NULL) (217.71.18.36)<b= r>&gt=3B &gt=3B &gt=3B &gt=3B &gt=3B &gt=3B I'm trying to configure a= LDAP proxy with slapd-meta. &gt=3B &gt=3B &gt=3B &gt=3B I have sever= al suffixs over several instances that shares the same user &gt=3B &gt= =3B accounts. It's posible that one user had access to several targets. = &gt=3B &gt=3B &gt=3B &gt=3B The targets are: &gt=3B &gt=3B &gt=3B = &gt=3B * Users: ou=3Dusers=2C dc=3Dtest=2C dc=3Dcom (here resides all accou= nts) &gt=3B &gt=3B &gt=3B &gt=3B * Target1: ou=3Dtarget1=2C dc=3Dtest= =2C dc=3Dcom &gt=3B &gt=3B &gt=3B &gt=3B * Target2: ou=3Dtarget2=2C d= c=3Dtest=2C dc=3Dcom &gt=3B &gt=3B &gt=3B &gt=3B These 3 suffix are o= n 3 differents instances. &gt=3B &gt=3B &gt=3B &gt=3B The instances w= here target1 and target2 are also have another suffix: ou=3Dusers=2C &gt= =3B &gt=3B dc=3Dtest=2C dc=3Dcom. This suffix is replicated from the first = instance (Users) &gt=3B &gt=3B &gt=3B &gt=3B Normally=2C the users co= nnect throught the proxy=2C but sometimes will connect &gt=3B &gt=3B dir= ectly to the others instances. &gt=3B &gt=3B &gt=3B &gt=3B Basically = this is the slapd.conf of the proxy: &gt=3B &gt=3B &gt=3B &gt=3B data= base meta &gt=3B &gt=3B chase-referrals yes &gt=3B &gt=3B rebind-as-u= ser yes &gt=3B &gt=3B &gt=3B &gt=3B suffix "ou=3Dusers=2Cdc=3Dtest= =2Cdc=3Dcom" &gt=3B &gt=3B uri "ldap://192.168.1.34:3891/ou=3Dusers= =2Cdc=3Dtest=2Cdc=3Dcom" &gt=3B &gt=3B &gt=3B &gt=3B suffix "ou=3Dt= arget1=2Cdc=3Dtest=2Cdc=3Dcom" &gt=3B &gt=3B uri "ldap://192.168.1.= 34:3892/ou=3Dtarget1=2Cdc=3Dtest=2Cdc=3Dcom" &gt=3B &gt=3B &gt=3B &gt= =3B suffix "ou=3Dtarget2=2Cdc=3Dtest=2Cdc=3Dcom" &gt=3B &gt=3B uri = "ldap://192.168.1.34:3893/ou=3Dtarget2=2Cdc=3Dtest=2Cdc=3Dcom" &gt=3B = &gt=3B &gt=3B &gt=3B When a user connects to the proxy with cn=3Duser1= =2Cou=3Dusers=2Cdc=3Dtest=2Cdc=3Dcom=2C the &gt=3B &gt=3B user is valida= ted against the first target (ou=3Dusers) and can search over this &gt= =3B &gt=3B suffix=2C but if this user try to search something over other ta= rget (for example &gt=3B &gt=3B ou=3Dtarget1) the proxy does not use the= credentials of the user and do an &gt=3B &gt=3B anonymous bind to targe= t1=2C so the search doesn't run. &gt=3B &gt=3B &gt=3B &gt=3B I though= t that rebind-as-user resolve this but doesn't run. &gt=3B &gt=3B &gt= =3B &gt=3B I've tried using idassert-bind mode=3Dself bindmethod=3Dsimple<b= r>&gt=3B &gt=3B binddn=3D"cn=3Dadminuser=2Cou=3Dusers=2Cdc=3Dtest=2Cdc=3Dco= m" credentials=3D"password" and runs &gt=3B &gt=3B ok=2C but I prefer no= t to use an administrative account to connect the proxy with &gt=3B &gt= =3B the targets. &gt=3B &gt=3B &gt=3B &gt=3B Is there something I'm m= issing? &gt=3B &gt=3B Yes=2C you did not read slapd-meta(5) man page= . rebind-as-user is used in &gt=3B a totally different context. What = you need is idassert-bind. &gt=3B &gt=3B &gt=3B Please direct fu= rther conversation to &lt=3Bopenldap-technical(a)openldap.org&gt=3Bt=3B. &gt= =3B This ITS will be closed. &gt=3B &gt=3B p. &gt=3B &gt=3B= &gt=3B -- &gt=3B Pierangelo Masarati &gt=3B Associate Professor= &gt=3B Dipartimento di Scienze e Tecnologie Aerospaziali &gt=3B Poli= tecnico di Milano </div> </div></body> </html>= --_b67832eb-f95f-44fc-96d8-4e1d626f474b_--

1 0

ITS#7788
by michael＠stroeder.com 01 Mar '14

01 Mar '14

I do not consider this to be a bug. I'd vote for closing it as "won't fix".

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs