OpenLDAP git repo?
by Volker Lendecke
Hi!
Out of several rumors I've heard that OpenLDAP converted it
source repo to git. Is that true? www.openldap.org still
speaks about cvs. If you changed to git, is the repo
publically available?
Thanks,
Volker
12 years, 6 months
"fixing" syncrepl with GSSAPI (MIT kerberos)
by Ralf Haferkamp
Hi,
most of you probably know the issues with using syncrepl with SASL/gssapi
when built against MIT Kerberos. Is cause of the problem is also well
know. MIT's gssapi implementation will not encode packages for
established connection anymore once the ticket is expired. Once this
happened any connected syncrepl consumer will just hang forever.
I know there have been a lot of discussion in the past on wether
Heimdal's of MIT's approach is correct. And I don't want to start yet
another one. (It seems even that MIT will switch to the Heimdal behavior
with future releases:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6739 )
But to fixing the problem with current releases seems to be pretty easy.
At least if I didn't overlook something. If we'd just close the syncrepl
connection once the provider fails to send a message to the consumer, we
consumer's retry mechanmis can try to reestablish the connection (this
will succeed once the tickets have be refreshed by some external tool).
The basic functionality is there already it seems. send_ldap_ber() calls
connection_closing() when ber_flush fails (which happens when
sasl_encode() fails because the ticket expired).
The only thing that's missing seems to be to actually close the
connection in the syncprov overlay after syncprov_sendresp() failed. For
that to happened we'd need to export connection_close() to have it
available in syncprov.c.
Did I overlook something? Would anybody object if I'd commit the required
changes?
--
regards,
Ralf
13 years, 3 months
Re: commit: ldap/servers/slapd syncrepl.c
by Jonathan Clarke
On 19/06/2010 03:15, hyc(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/servers/slapd
>
> Modified Files:
> syncrepl.c 1.510 -> 1.511
>
> Log Message:
> Add suffixmassage processing
I just gave this a try, configuring one slapd to replicate it's config
database from another, using this syncrepl statement:
> olcSyncrepl: {0}rid=001 provider=ldap://localhost:33389/ searchbase="cn=config,ou=configrepl,dc=my-domain,dc=com" suffixmassage="cn=config"
It performs a search on the remote database OK, but then fails with:
> syncrepl_message_to_entry: rid=001 mods check (creatorsName: value #0 invalid per syntax)
> *** glibc detected *** /home/jclarke/COMMUNAUTES/OpenLDAP/openldap-RE24/servers/slapd/slapd: double free or corruption (fasttop): 0x0000000000d4af70 ***
The "double free or corruption" comes from the call to slap_mods_free in
do_syncrep2, around line 975. No time to investigate more right now,
sorry...
I did just apply your two patches to syncrepl.c to RE24 in order to
test. Does this depend on something else I'm missing?
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan(a)phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
13 years, 3 months
RE24 (2.4.23) testing call #2
by Quanah Gibson-Mount
This should be the final testing call prior to release. Only change is a
fix to slapo-refint for ITS#6572.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
13 years, 3 months
Re: commit: ldap/servers/slapd/back-bdb cache.c
by Quanah Gibson-Mount
--On Sunday, June 20, 2010 7:28 PM +0000 hyc(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb
>
> Modified Files:
> cache.c 1.216 -> 1.217
>
> Log Message:
> ITS#6577 potential fix, found using valgrind/drd. please test.
Didn't fix it. :/
Running 1 of 2000 iterations
slapd-bind PID=30472: ldap_sasl_bind_s: Invalid credentials (49)
slapd-addel PID=29838: ldap_delete_ext_s: No such object (32)
matched: ou=People,dc=example,dc=com
PID=29838 - Add/Delete done (32).
<<< dnPrettyNormal: <cn=James A Jones 4,ou=People,dc=example,dc=com>,
<cn=james a jones 4,ou=people,dc=example,dc=com>
conn=1003 op=96 DEL dn="cn=James A Jones 4,ou=People,dc=example,dc=com"
bdb_dn2entry("cn=james a jones 4,ou=people,dc=example,dc=com")
hdb_referrals: tag=74 target="cn=James A Jones
4,ou=People,dc=example,dc=com" matched="ou=People,dc=example,dc=com"
==> hdb_delete: cn=James A Jones 4,ou=People,dc=example,dc=com
slap_queue_csn: queing 0x4663f1c 20100620225300.281710Z#000000#000#000000
bdb_dn2entry("cn=james a jones 4,ou=people,dc=example,dc=com")
<=- hdb_delete: no such object cn=James A Jones
4,ou=People,dc=example,dc=com
send_ldap_result: conn=1003 op=96 p=3
send_ldap_result: err=10 matched="ou=People,dc=example,dc=com" text=""
send_ldap_response: msgid=97 tag=107 err=32
ber_flush2: 41 bytes to sd 18
conn=1003 op=96 RESULT tag=107 err=32 text=
slap_graduate_commit_csn: removing 0x8910e38
20100620225300.281710Z#000000#000#000000
[root@build28 tests]# diff -u testrun/ldapsearch.flt testrun/ldif.flt
--- testrun/ldapsearch.flt 2010-06-20 15:54:05.291229451 -0700
+++ testrun/ldif.flt 2010-06-20 15:54:05.375908287 -0700
@@ -308,25 +308,6 @@
facsimileTelephoneNumber: +1 313 555 8688
telephoneNumber: +1 313 555 7334
-dn: cn=James A Jones 4,ou=People,dc=example,dc=com
-objectClass: OpenLDAPperson
-cn: James A Jones 4
-cn: James Jones
-cn: Jim Jones
-sn: Jones
-uid: jaj
-postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
-seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
-userPassword:: OiBhbUZx
-homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
-homePhone: +1 313 555 4772
-description: Outstanding
-title: Mad Cow Researcher, UM Alumni Association
-pager: +1 313 555 3923
-mail: jaj(a)mail.alumni.example.com
-facsimileTelephoneNumber: +1 313 555 4332
-telephoneNumber: +1 313 555 0895
-
dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
objectClass: OpenLDAPperson
cn: Jane Doe
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
13 years, 3 months
RE24 testing call (2.4.23)
by Quanah Gibson-Mount
Please test RE24.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
13 years, 3 months
syncrepl suffixmassage
by Howard Chu
We've talked about this before; it would be nice for the consumer to be able
to pull updates from a different suffix on the provider than the one in use on
the consumer. Just attaching the rwm overlay is not straightforward, since
that expects to sit on a database and the consumer's queries are sent through
direct LDAP calls. A potential kludge for this would be to rewrite all of the
consumer client code in terms of backend calls through a back-ldap instance.
That seems a little heavy-handed though.
Another possibility may be to just expose some of the rwm overlay's entry
points so the consumer can call them explicitly, faking enough of the context
so we can call suffixmassage config. Suggestions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
13 years, 3 months