--On Friday, February 03, 2017 1:53 PM +0100 Dieter Klünter
<dieter(a)dkluenter.de> wrote:
> Am Wed, 01 Feb 2017 13:14:56 -0800
> schrieb Quanah Gibson-Mount <quanah(a)symas.com>:
>
>> For some reason, test061 routinely fails for back-mdb in HEAD. I've
>> not had luck reproducing the issue with other backends or in RE24.
>>
>> To eliminate it being a replication delay, I increased the for loop
>> to give 55 seconds time (1 through 10 seconds) chance to replicate.
>> Most of the time the test fails in fewer than 50 iterations (most
>> often fewer than 20), however one time it took as long as 85
>> iterations before failing.
> [...]
>
> I now have intensively tested this issue and found occurrences in all
> branches. Just some examples:
>
> ERROR: Entry 21 not replicated to ldap://localhost:9012/! (32)!
> Error found after 1 of 1 iterations
> Failed after 15 of 50 iterations
> [dieter@pink tests (OPENLDAP_REL_ENG_2_4=)]$
>
> ERROR: Entry 21 not replicated to ldap://localhost:9012/! (32)!
> Error found after 1 of 1 iterations
> Failed after 6 of 50 iterations
> [dieter@pink tests (OPENLDAP_REL_ENG_2_5=)]$
>
> I did about 100 test runs looping 50 times. In average every 7th
> testrun failed.
Interesting... I've had > 1000 passes and 0 failures in RE24.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--On Tuesday, January 31, 2017 5:07 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
> Hmm, up to now I thought setting LDAP_TLS_CACERT and friends overrides
> whatever is set in ldap.conf or .ldaprc.
Variables do override, however, I have no clue as to *what* things may be
set somewhere. If I were to unset LDAPNOINIT, any test is subject to
anything I don't specifically override that the user, system admin, etc,
may have set.
> And I also thought LDAPNOINIT disables all defaults from config files.
It disables everything (config files, environment variables, etc).
Thus the following files and variables are read, in order:
variable $LDAPNOINIT, and if that is not set:
system file /usr/local/etc/openldap/ldap.conf,
user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc,
system file $LDAPCONF,
user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
variables $LDAP<uppercase option name>.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--On Tuesday, January 31, 2017 4:24 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
> Quanah Gibson-Mount wrote:
>> In working on creating a TLS testsuite for OpenLDAP, a glaring omission
>> in the abilities of the command line tools quickly became apparent.
>> Specifically, the inability to set any TLS related options.
>
> Just out of curiosity:
> Wasn't using the env vars not enough in the test suite's shell scripts?
No. I have no way of knowing what option(s)/conf files may exist in the
environment of the user building OpenLDAP. We set LDAPNOINIT in the test
suite to avoid this problem for the non-TLS portion, but there's no ability
to do anything TLS related at that point w/o such a patch.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
In working on creating a TLS testsuite for OpenLDAP, a glaring omission in
the abilities of the command line tools quickly became apparent.
Specifically, the inability to set any TLS related options. I've written
up a patch to allow setting various options via "-o", and tested it in my
environment, where it is behaving as desired.
Specifically, any option passed in via -o /overrides/ any LDAP* environment
variable, any ~/.ldaprc, any system ldap.conf, etc. It also allows the
ldap* utilities to work with TLS when LDAPNOINIT is set in the utility
environment.
Attached is the patch for general review. There are likely more options
that would be useful to add, but this gives a basic framework for what I
need initially in the TLS test suite.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
For this testing call, we particularly need folks to test OpenLDAP with
startTLS/LDAPS when compiled against OpenSSL (both pre 1.1 series and with
the 1.1 series). There is currenly nothing in the test suite that covers
encrypted connections (Although it's on my todo list). To build against
OpenSSL 1.1 may also require cyrus-sasl HEAD out of the cyrus-sasl GIT
repository, depending on your build options as the current cyrus-sasl
release does not support the OpenSSL 1.1 series. It can be found at
<https://github.com/cyrusimap/cyrus-sasl>. If you build with GSSAPI and
use Heimdal, you will also need the Heimdal 7.1.0 or later release (as that
is where OpenSSL 1.1 support was added). It can be obtained from
<http://h5l.org/>.
Also new with this release is the ability to run "make its" in the tests/
directory. This will run a specific set of tests around past bugs to
ensure there are no regressions. While I've tested this with modular
openldap builds, it has not been tested with the modules and backends built
into slapd, so there could be some issues in that scenario.
OpenLDAP 2.4.45 Engineering
Added slapd support for OpenSSL 1.1.0 series (ITS#8353, ITS#8533)
Fixed libldap handling of Diffie-Hellman parameters (ITS#7506)
Fixed libldap GnuTLS use after free (ITS#8385)
Fixed slapd sasl SEGV rebind in same session (ITS#8568)
Fixed slapd syncrepl filter handling (ITS#8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR
(ITS#8432)
Fixed slapd callback struct so older modules without writewait
should function.
Custom modules may need to be updated for sc_writewait
callback (ITS#8435)
Fixed slapd-mdb so it passes ITS6794 regression test (ITS#6794)
Fixed slapd-meta uninitialized diagnostic message (ITS#8442)
Fixed slapo-accesslog to honor pauses during purge for cn=config
update (ITS#8423)
Fixed slapo-relay to correctly initialize sc_writewait (ITS#8428)
Build Environment
Added test065 for proxyauthz (ITS#8571)
Fix test008 to be portable (ITS#8414)
Fix its4336 regression test (ITS#8534)
Fix its4337 regression test (ITS#8535)
Fix regression tests to execute on all backends (ITS#8539)
Contrib
Added slapo-autogroup(5) man page (ITS#8569)
Added passwd missing conversion scripts for apr1 (ITS#6826)
Fixed contrib modules where the writewait callback was not
correctly initialized (ITS#8435)
Fixed smbk5pwd to build with newer OpenSSL releases
(ITS#8525)
Documentation
admin24 fixed tls_cipher_suite bindconf option (ITS#8099)
admin24 fixed typo cn=config to be slapd.d (ITS#8449)
Fixed slapd-config(5), slapd.conf(5) clarification on
interval keyword for refreshAndPersist (ITS#8538)
Fixed slapo-ppolicy(5) to clearly note rootdn requirement
(ITS#8565)
Fixed various minor grammar issues in the man pages
(ITS#8544)
LMDB 0.9.20 Release Engineering
Fix mdb_load with escaped plaintext (ITS#8558)
Fix mdb_cursor_last / mdb_put interaction (ITS#8557)
LMDB 0.9.19 Release (2016/12/28)
Fix mdb_env_cwalk cursor init (ITS#8424)
Fix robust mutexes on Solaris 10/11 (ITS#8339)
Tweak Win32 error message buffer
Fix MDB_GET_BOTH on non-dup record (ITS#8393)
Optimize mdb_drop
Fix xcursors after mdb_cursor_del (ITS#8406)
Fix MDB_NEXT_DUP after mdb_cursor_del (ITS#8412)
Fix mdb_cursor_put resetting C_EOF (ITS#8489)
Fix mdb_env_copyfd2 to return EPIPE on SIGPIPE (ITS#8504)
Fix mdb_env_copy with empty DB (ITS#8209)
Fix behaviors with fork (ITS#8505)
Fix mdb_dbi_open with mainDB cursors (ITS#8542)
Fix robust mutexes on kFreeBSD (ITS#8554)
Fix utf8_to_utf16 error checks (ITS#7992)
Fix F_NOCACHE on MacOS, error is non-fatal (ITS#7682)
Build
Make shared lib suffix overridable (ITS#8481)
Documentation
Cleanup doxygen nits
Note reserved vs actual mem/disk usage
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--On Friday, January 20, 2017 6:51 PM +0100 Dieter Klünter
<dieter(a)dkluenter.de> wrote:
> $ make its
> Testing (available) ITS regressions
> make[1]: Verzeichnis „/home/dieter/build/openldap/tests" wird betreten
> run configure with --enable-bdb to run BDB tests
> make[1]: Verzeichnis „/home/dieter/build/openldap/tests" wird
> verlassen make[1]: Verzeichnis „/home/dieter/build/openldap/tests"
> wird betreten run configure with --enable-hdb to run BDB tests
> make[1]: Verzeichnis „/home/dieter/build/openldap/tests" wird
> verlassen make[1]: Verzeichnis „/home/dieter/build/openldap/tests"
> wird betreten run configure with --enable-mdb to run BDB tests
> make[1]: Verzeichnis „/home/dieter/build/openldap/tests" wird
> verlassen
Thanks, fixed. :)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Datum: Thu, 19 Jan 2017 21:33:18 +0100
Von: Dieter Klünter <dieter(a)dkluenter.de>
An: openldap-devel(a)openldap.org
Betreff: Re: RE24 testing call #1 (2.4.44) LMDB RE0.9 testing call #1
(0.9.20)
Am Wed, 18 Jan 2017 18:05:21 -0800
schrieb Quanah Gibson-Mount <quanah(a)symas.com>:
> For this testing call, we particularly need folks to test OpenLDAP
> with startTLS/LDAPS when compiled against OpenSSL (both pre 1.1
> series and with the 1.1 series). There is currenly nothing in the
> test suite that covers encrypted connections (Although it's on my
> todo list). To build against OpenSSL 1.1 may also require cyrus-sasl
> HEAD out of the cyrus-sasl GIT repository, depending on your build
> options as the current cyrus-sasl release does not support the
> OpenSSL 1.1 series. It can be found at
> <https://github.com/cyrusimap/cyrus-sasl>. If you build with GSSAPI
> and use Heimdal, you will also need the Heimdal 7.1.0 or later
> release (as that is where OpenSSL 1.1 support was added). It can be
> obtained from <http://h5l.org/>.
>
> Also new with this release is the ability to run "make its" in the
> tests/ directory. This will run a specific set of tests around past
> bugs to ensure there are no regressions. While I've tested this with
> modular openldap builds, it has not been tested with the modules and
> backends built into slapd, so there could be some issues in that
> scenario.
my configure:
--enable-bdb=no \
--enable-hdb=no \
--enable-mdb=yes \
these are the issues:
$ make its
Testing (available) ITS regressions
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird betreten
run configure with --enable-bdb to run BDB tests
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird verlassen
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird betreten
run configure with --enable-hdb to run BDB tests
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird verlassen
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird betreten
run configure with --enable-mdb to run BDB tests
make[1]: Verzeichnis „/home/dieter/build/openldap/tests“ wird verlassen
-Dieter
--
Dieter Klünter | Systemberatung
https://sys4.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
--On Friday, October 21, 2016 8:24 PM +0300 Karatas Ozgur
<mueddib(a)openldap.org> wrote:
> This style a very primitive coding method, I know, sorry.
> I'm waiting for help on how to Git.
Hi Ozgur,
That is a tag for the "what" command. It will not be removed. See
<https://en.wikipedia.org/wiki/Source_Code_Control_System> for more
information.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Hello all,
How are you? We have installed to OpenLDAP server a few days ago and referred server logs to logserver.
But couldn't not read to OpenLDAP log on the logserver.
Logserver record all log to database and send e-mailing.
Example:
Oct 21 10:54:23 ldapserver slapd[1595]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 21 2016 10:49:33) $#012#011mueddib@ldapserver:/home/mueddib/openldap-2.4.44/servers/slapd
Oct 21 10:54:23 ldapserver slapd[1596]: mdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Oct 21 10:54:23 ldapserver slapd[1596]: slapd starting
For example unnecessary rows: "@(#)" " $#012#011"
I fixed it but I couldn't commit to git :)
# git status
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
(use "git reset HEAD <file>..." to unstage)
modified: build/mkvers.bat
modified: build/mkversion
# git push origin master
fatal: remote error: access denied or repository not exported: /openldap.git
# git push origin origin
fatal: remote error: access denied or repository not exported: /openldap.git
I don't know why don't have access to OpenLDAP Git Server (I would like your help).
Please can you fix the below code?
File: /build/mkvers.bat
from:
(echo "@(#) $" OPENLDAP_PACKAGE ": %3 " OPENLDAP_VERSION) >> %2
(echo " (" __DATE__ " " __TIME__ ") $\n") >> %2
(echo "\t%USERNAME%@%COMPUTERNAME% %CD:\=/%\n";) >> %2
to (please):
(echo OPENLDAP_PACKAGE ": %3 " OPENLDAP_VERSION) >> %2
(echo " (" __DATE__ " " __TIME__ ") \n") >> %2
(echo "%USERNAME%@%COMPUTERNAME% %CD:\=/%\n";) >> %2
File: /build/mkversion
from:
$static $const char $SYMBOL[] =
"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
"\t$WHOWHERE\n";
to (please):
$static $const char $SYMBOL[] =
"$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \n"
"$WHOWHERE\n";
This style a very primitive coding method, I know, sorry.
I'm waiting for help on how to Git.
Regards,
--
Ozgur Karatas
E: mueddib(a)openldap.org
T: https://twitter.com/openldaporg
F: http://facebook.com/openldap
D: https://hub.docker.com/r/openldap/
G: https://github.com/openldap/