openldap-devel June 2010

openldap-devel@openldap.org

12 participants
8 discussions

OpenLDAP git repo?
by Volker Lendecke 29 Mar '11

29 Mar '11

Hi! Out of several rumors I've heard that OpenLDAP converted it source repo to git. Is that true? www.openldap.org still speaks about cvs. If you changed to git, is the repo publically available? Thanks, Volker

5 12

"fixing" syncrepl with GSSAPI (MIT kerberos)
by Ralf Haferkamp 23 Jun '10

23 Jun '10

Hi, most of you probably know the issues with using syncrepl with SASL/gssapi when built against MIT Kerberos. Is cause of the problem is also well know. MIT's gssapi implementation will not encode packages for established connection anymore once the ticket is expired. Once this happened any connected syncrepl consumer will just hang forever. I know there have been a lot of discussion in the past on wether Heimdal's of MIT's approach is correct. And I don't want to start yet another one. (It seems even that MIT will switch to the Heimdal behavior with future releases: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6739 ) But to fixing the problem with current releases seems to be pretty easy. At least if I didn't overlook something. If we'd just close the syncrepl connection once the provider fails to send a message to the consumer, we consumer's retry mechanmis can try to reestablish the connection (this will succeed once the tickets have be refreshed by some external tool). The basic functionality is there already it seems. send_ldap_ber() calls connection_closing() when ber_flush fails (which happens when sasl_encode() fails because the ticket expired). The only thing that's missing seems to be to actually close the connection in the syncprov overlay after syncprov_sendresp() failed. For that to happened we'd need to export connection_close() to have it available in syncprov.c. Did I overlook something? Would anybody object if I'd commit the required changes? -- regards, Ralf

3 4

Re: commit: ldap/servers/slapd syncrepl.c
by Jonathan Clarke 21 Jun '10

21 Jun '10

On 19/06/2010 03:15, hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd > > Modified Files: > syncrepl.c 1.510 -> 1.511 > > Log Message: > Add suffixmassage processing I just gave this a try, configuring one slapd to replicate it's config database from another, using this syncrepl statement: > olcSyncrepl: {0}rid=001 provider=ldap://localhost:33389/ searchbase="cn=config,ou=configrepl,dc=my-domain,dc=com" suffixmassage="cn=config" It performs a search on the remote database OK, but then fails with: > syncrepl_message_to_entry: rid=001 mods check (creatorsName: value #0 invalid per syntax) > *** glibc detected *** /home/jclarke/COMMUNAUTES/OpenLDAP/openldap-RE24/servers/slapd/slapd: double free or corruption (fasttop): 0x0000000000d4af70 *** The "double free or corruption" comes from the call to slap_mods_free in do_syncrep2, around line 975. No time to investigate more right now, sorry... I did just apply your two patches to syncrepl.c to RE24 in order to test. Does this depend on something else I'm missing? Jonathan -- -------------------------------------------------------------- Jonathan Clarke - jonathan(a)phillipoux.net -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------

2 3

RE24 (2.4.23) testing call #2
by Quanah Gibson-Mount 21 Jun '10

21 Jun '10

This should be the final testing call prior to release. Only change is a fix to slapo-refint for ITS#6572. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

4 8

Re: commit: ldap/servers/slapd/back-bdb cache.c
by Quanah Gibson-Mount 21 Jun '10

21 Jun '10

--On Sunday, June 20, 2010 7:28 PM +0000 hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb > > Modified Files: > cache.c 1.216 -> 1.217 > > Log Message: > ITS#6577 potential fix, found using valgrind/drd. please test. Didn't fix it. :/ Running 1 of 2000 iterations slapd-bind PID=30472: ldap_sasl_bind_s: Invalid credentials (49) slapd-addel PID=29838: ldap_delete_ext_s: No such object (32) matched: ou=People,dc=example,dc=com PID=29838 - Add/Delete done (32). <<< dnPrettyNormal: <cn=James A Jones 4,ou=People,dc=example,dc=com>, <cn=james a jones 4,ou=people,dc=example,dc=com> conn=1003 op=96 DEL dn="cn=James A Jones 4,ou=People,dc=example,dc=com" bdb_dn2entry("cn=james a jones 4,ou=people,dc=example,dc=com") hdb_referrals: tag=74 target="cn=James A Jones 4,ou=People,dc=example,dc=com" matched="ou=People,dc=example,dc=com" ==> hdb_delete: cn=James A Jones 4,ou=People,dc=example,dc=com slap_queue_csn: queing 0x4663f1c 20100620225300.281710Z#000000#000#000000 bdb_dn2entry("cn=james a jones 4,ou=people,dc=example,dc=com") <=- hdb_delete: no such object cn=James A Jones 4,ou=People,dc=example,dc=com send_ldap_result: conn=1003 op=96 p=3 send_ldap_result: err=10 matched="ou=People,dc=example,dc=com" text="" send_ldap_response: msgid=97 tag=107 err=32 ber_flush2: 41 bytes to sd 18 conn=1003 op=96 RESULT tag=107 err=32 text= slap_graduate_commit_csn: removing 0x8910e38 20100620225300.281710Z#000000#000#000000 [root@build28 tests]# diff -u testrun/ldapsearch.flt testrun/ldif.flt --- testrun/ldapsearch.flt 2010-06-20 15:54:05.291229451 -0700 +++ testrun/ldif.flt 2010-06-20 15:54:05.375908287 -0700 @@ -308,25 +308,6 @@ facsimileTelephoneNumber: +1 313 555 8688 telephoneNumber: +1 313 555 7334 -dn: cn=James A Jones 4,ou=People,dc=example,dc=com -objectClass: OpenLDAPperson -cn: James A Jones 4 -cn: James Jones -cn: Jim Jones -sn: Jones -uid: jaj -postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 -seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com -userPassword:: OiBhbUZx -homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105 -homePhone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj(a)mail.alumni.example.com -facsimileTelephoneNumber: +1 313 555 4332 -telephoneNumber: +1 313 555 0895 - dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com objectClass: OpenLDAPperson cn: Jane Doe --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 1

RE24 testing call (2.4.23)
by Quanah Gibson-Mount 19 Jun '10

19 Jun '10

Please test RE24. Thanks! --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

6 10

syncrepl suffixmassage
by Howard Chu 18 Jun '10

18 Jun '10

We've talked about this before; it would be nice for the consumer to be able to pull updates from a different suffix on the provider than the one in use on the consumer. Just attaching the rwm overlay is not straightforward, since that expects to sit on a database and the consumer's queries are sent through direct LDAP calls. A potential kludge for this would be to rewrite all of the consumer client code in terms of backend calls through a back-ldap instance. That seems a little heavy-handed though. Another possibility may be to just expose some of the rwm overlay's entry points so the consumer can call them explicitly, faking enough of the context so we can call suffixmassage config. Suggestions? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 2

Re: RE24 testing call (2.4.23)
by Gavin Henry 12 Jun '10

12 Jun '10

----- "Quanah Gibson-Mount" <quanah(a)zimbra.com> wrote: > Please test RE24. Fine here on Fedora 12 i686 still on 4.7.25. Have you tried bdb 5.0.21 or is 4.8.30 recommended? I need to update the docs on all recommended versions plus what's outstanding in ITS: http://www.openldap.org/doc/admin24/appendix-recommended-versions.html Thanks. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie, Aberdeenshire, AB51 8GL. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

4 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel June 2010