March 2009 - openldap-devel

Extend slapd -c option to accept only sid=XXX?

by Rein Tollevik

There are (at least as far as I know) no other way than slapcat/slapadd to get rid of any incorrect contextCSN values, at least on servers where syncprov is enabled. I have been down that road some times already, each time being equally annoyed by the fact that there are no easier way to fix it.. Removing a contextCSN value is required in order to remove a server from a multi-master configuration, or to get rid of the values with SID=0 that is far to easy to slip in if slapd or slapadd is started without the proper serverID setting. The slapd -c option requires a rid=XXX to be specified, but also allows sid=XXX (which I haven't quite understood the usefulness of..). I suggest that the -c option is extended to also allow only sid=XXX without any rid. With only sid=XXX,csn=XXX specified both syncrepl and syncprov should replace the contextCSN value with that sid (as read from the database upon startup) with the specified csn. Obviously, only a single csn value can be accepted, and an absent or zero csn value should mean to delete the contextCSN value with that sid. Well, deleting a contextCSN value is really all I need, so I would be I more than happy to leave the replace possibility out... Adding an easy way to get rid of invalid contextCSN values should make a transition to enforcing serverID 0 for single-master only configs much more acceptable for those that have used serverID 0 in multi-master setups. Comments? Rein

14 years

2
4
0 / 0

Re: commit: ldap/libraries/librewrite rewrite-int.h

by Hallvard B Furuseth

hyc(a)OpenLDAP.org wrote: > rewrite-int.h 1.24 -> 1.25 > ITS#6005 librewrite must use the same mem allocators as slapd If you are killing C free/mallocs, here are some others from 'nm *.o' to look at. I don't have time at the moment. Hopefully most are malloced/freed by the same code, not passed to/from ber memory. clients/tools/common.o: free malloc clients/tools/ldapcompare.o: free malloc clients/tools/ldappasswd.o: free clients/tools/ldapsearch.o: free malloc realloc clients/tools/ldapurl.o: free realloc libraries/liblber/memory.o: free malloc calloc realloc libraries/libldap/test.o: free malloc calloc realloc libraries/libldap_r/test.o: free malloc calloc realloc libraries/liblunicode/ure.o: free malloc calloc realloc libraries/liblutil/meter.o: free calloc libraries/liblutil/passwd.o: free libraries/liblutil/sha1.o: malloc libraries/librewrite/rewrite.o: free servers/slapd/alock.o: free calloc servers/slapd/sl_malloc.o: realloc tests/progs/slapd-addel.o: malloc calloc realloc tests/progs/slapd-bind.o: free realloc tests/progs/slapd-read.o: free malloc tests/progs/slapd-search.o: realloc tests/progs/slapd-tester.o: malloc calloc -- Hallvard

14 years

2
2
0 / 0

multiple free in ldapsearch

by manu＠netbsd.org

Hello NetBSD's libc reports a multiple free each time I run 2.4.15's ldapsearch using x509 certificate authentication (That is, SASL EXTERNAL): Running with export MALLOC_OPTIONS=A, it is kind enough to abort, so I have a backtrace: (gdb) bt #0 0xbb94223f in kill () from /usr/lib/libc.so.12 #1 0xbb9dea64 in abort () from /usr/lib/libc.so.12 #2 0xbb9dd300 in tcgetattr () from /usr/lib/libc.so.12 #3 0xbb9dd331 in tcgetattr () from /usr/lib/libc.so.12 #4 0xbb9de661 in free () from /usr/lib/libc.so.12 #5 0xbbaff5c7 in CRYPTO_free () from /usr/lib/libcrypto.so.3 #6 0xbbad0871 in X509_asn1_meth () from /usr/lib/libcrypto.so.3 #7 0xbbaec6d7 in ASN1_primitive_free () from /usr/lib/libcrypto.so.3 #8 0xbbaec8f3 in ASN1_item_free () from /usr/lib/libcrypto.so.3 #9 0xbbad09dd in X509_free () from /usr/lib/libcrypto.so.3 #10 0xbbb6fe31 in ssl_cert_free () from /usr/lib/libssl.so.4 #11 0xbbb6d981 in SSL_CTX_free () from /usr/lib/libssl.so.4 #12 0xbbbe008f in tlso_ctx_free () from /usr/pkg/lib/libldap-2.4.so.2 #13 0xbbbdce5b in ldap_pvt_tls_ctx_free () from /usr/pkg/lib/libldap-2.4.so.2 #14 0xbbbdcf78 in ldap_int_tls_destroy () from /usr/pkg/lib/libldap-2.4.so.2 #15 0xbbbdd06e in ldap_pvt_tls_destroy () from /usr/pkg/lib/libldap-2.4.so.2 #16 0x08050e88 in ?? () #17 0x00000000 in ?? () I will investigate further if I find time, but I post this just in case it rings a bell for someone. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu(a)netbsd.org

14 years

2
1
0 / 0

Re: commit: ldap/servers/slapd/back-bdb operational.c

by Howard Chu

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb > > Modified Files: > operational.c 1.32 -> 1.33 > > Log Message: > Must use txns everywhere, otherwise it will deadlock This one should have happened back on 2008-08-26 along with all the other updates for read-only txn's and BDB 4.7 support (ITS#5523). The change to test050 also turned up this deadlock. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

14 years

1
0
0 / 0

Re: commit: ldap/servers/slapd syncrepl.c

by Howard Chu

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd > > Modified Files: > syncrepl.c 1.449 -> 1.450 > > Log Message: > Once more, mutex_lock -> trylock... See ITS#5454 and the commit logs for this history behind this one, it's gone back and forth several times. The recent change to add a 4th server to test050 caused a config/pause deadlock to occur again. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

14 years

1
0
0 / 0

N-Way docs

by Gavin Henry

Hi All, I know they suck, they were just meant to have something there. What we would we like to see using the slapd-config format? A simple example that can just be used with ldapadd/slapadd in one go? Thanks. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

14 years

1
0
0 / 0

Re: commit: openldap-guide/admin n-way-multi-master.png

by Gavin Henry

> Log Message: > Need to check if I've got the topology correct and network paths > right. More later. > > CVS Web URLs: > > http://www.openldap.org/devel/cvsweb.cgi/admin/?cvsroot=OpenLDAP-guide > > http://www.openldap.org/devel/cvsweb.cgi/admin/n-way-multi-master.png?cvs... Hi all, I just wanted to commit this before I left. It's not right or finished. Can someone check if I'm on the right path though? I know each master must be pointed to itself and the other masters, but I didn't want to make it really cluttered. What's the standard and best way to represent what we can do with our N-Way? Star topology first? This is going in my presentation, so I though it would be a good time to do it for our docs too: http://www.ukuug.org/events/spring2009/programme/openldap-replication.shtml Thanks. P.S. If you'd like a copy for the "Other Publications": http://www.openldap.org/pub/ I would be happy to provide any format, but not sure if only core team members are allowed to list their presentations there. Gavin. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

14 years

1
0
0 / 0

slapadd: which database to open (was: Can not modify cn=conf - openldap 2.4.15)

by Hallvard B Furuseth

Quanah Gibson-Mount wrote in openldap-technical: > You need to specify that you want to use the config db (-n 0) with your > slapadd command. If neither -n nor -b is given, maybe slapadd should decide which database to open from the DN of the first input entry? -- Hallvard

14 years

5
12
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel March 2009