openldap-software June 2009

openldap-software@openldap.org

22 participants
27 discussions

PPOlicy Keeps On Throwing Segfault
by Carlo Camerino 11 Jun '09

11 Jun '09

Hi, I keep on getting segfault when I try to configure ppolicy for ubuntu 8.10. I don't know what's wrong but it just keeps on crashing everytime i try to login to openldap. the configuration i set are as follows. moduleload ppolicy.la overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=nodomain" i keep on getting this error. can anyone help me? thanks Jun 9 15:58:27 sxi-ubuntu2 slapd[5733]: hdb_db_open: database "dc=nodomain": unclean shutdown detected; attempting recovery. Jun 9 15:58:27 sxi-ubuntu2 slapd[5733]: slapd starting Jun 9 16:00:34 sxi-ubuntu2 kernel: [3718103.656090] slapd[5735]: segfault at b6935ef0 ip b7eec017 sp b6935ec0 error 6 in slapd[b7e45000+127000] Jun 9 16:01:40 sxi-ubuntu2 slapd[5799]: @(#) $OpenLDAP: slapd 2.4.11 (Nov 8 2008 09:42:18) $ ^Ibuildd@palmer :/build/buildd/openldap-2.4.11/debian/build/servers/slapd Jun 9 16:01:40 sxi-ubuntu2 slapd[5801]: slapd starting Jun 9 16:01:49 sxi-ubuntu2 kernel: [3718178.424949] slapd[5803]: segfault at b6a50ef0 ip b8007017 sp b6a50ec0 error 6 in slapd[b7f60000+127000] Jun 9 16:03:56 sxi-ubuntu2 slapd[5856]: @(#) $OpenLDAP: slapd 2.4.11 (Nov 8 2008 09:42:18) $ ^Ibuildd@palmer :/build/buildd/openldap-2.4.11/debian/build/servers/slapd Jun 9 16:03:56 sxi-ubuntu2 slapd[5857]: slapd starting Jun 9 16:04:04 sxi-ubuntu2 kernel: [3718314.043966] slapd[5859]: segfault at b68d5ef0 ip b7e8c017 sp b68d5ec0 error 6 in slapd[b7de5000+127000]

2 1

Re: PPOlicy Keeps On Throwing Segfault
by Greek Ordono 11 Jun '09

11 Jun '09

Try to rebuild the deb package and use openssl instead of gnutls. -- Greek Ordono myppa: launchpad.net/~grexk/+archive/ppa --- On Tue, 6/9/09, Carlo Camerino <cmcamerino(a)gmail.com> wrote: From: Carlo Camerino <cmcamerino(a)gmail.com> Subject: PPOlicy Keeps On Throwing Segfault To: openldap-software(a)openldap.org Date: Tuesday, June 9, 2009, 2:31 PM Hi, I keep on getting segfault when I try to configure ppolicy for ubuntu 8.10. I don't know what's wrong but it just keeps on crashing everytime i try to login to openldap. the configuration i set are as follows. moduleload ppolicy.la overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=nodomain" i keep on getting this error. can anyone help me? thanks Jun 9 15:58:27 sxi-ubuntu2 slapd[5733]: hdb_db_open: database "dc=nodomain": unclean shutdown detected; attempting recovery. Jun 9 15:58:27 sxi-ubuntu2 slapd[5733]: slapd starting Jun 9 16:00:34 sxi-ubuntu2 kernel: [3718103.656090] slapd[5735]: segfault at b6935ef0 ip b7eec017 sp b6935ec0 error 6 in slapd[b7e45000+127000] Jun 9 16:01:40 sxi-ubuntu2 slapd[5799]: @(#) $OpenLDAP: slapd 2.4.11 (Nov 8 2008 09:42:18) $ ^Ibuildd@palmer:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Jun 9 16:01:40 sxi-ubuntu2 slapd[5801]: slapd starting Jun 9 16:01:49 sxi-ubuntu2 kernel: [3718178.424949] slapd[5803]: segfault at b6a50ef0 ip b8007017 sp b6a50ec0 error 6 in slapd[b7f60000+127000] Jun 9 16:03:56 sxi-ubuntu2 slapd[5856]: @(#) $OpenLDAP: slapd 2.4.11 (Nov 8 2008 09:42:18) $ ^Ibuildd@palmer:/build/buildd/openldap-2.4.11/debian/build/servers/slapd Jun 9 16:03:56 sxi-ubuntu2 slapd[5857]: slapd starting Jun 9 16:04:04 sxi-ubuntu2 kernel: [3718314.043966] slapd[5859]: segfault at b68d5ef0 ip b7e8c017 sp b68d5ec0 error 6 in slapd[b7de5000+127000]

2 1

proxy hangs irreversible if the first mirror in the uri list is down
by Christian Fischer 09 Jun '09

09 Jun '09

Hi all, I'm running openldap-2.4.16 on gentoo amd64. I've configured two server in mirror mode and one running as proxy. Everything runs fine if both mirrors are online or offline. The proxy hangs if the first mirror in the uri list is offline. In this case the proxy can't be shutdowned, i must kill him with signal 9. Starting mirror one has no effect, the proxy hanges on connection 2, no reconnect, no timeout. What do you suggest to figure out what's going wrong? Attached the proxy config and some log snippets. Best regards Christian ### config proxy ### # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openssh-lpk.schema include /etc/openldap/schema/radius.schema include /etc/openldap/schema/egr.schema include /etc/openldap/schema/mozillaabpersonalpha.schema include /etc/openldap/schema/dhcp.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Load dynamic backend modules: # modulepath /usr/lib64/openldap/openldap # moduleload back_sock.so # moduleload back_shell.so # moduleload back_relay.so # moduleload back_perl.so # moduleload back_passwd.so # moduleload back_null.so # moduleload back_monitor.so #moduleload back_meta.so moduleload back_ldap.so # moduleload back_dnssrv.so loglevel -1 database ldap suffix "dc=easterngraphics,dc=com" uri "ldap://isc01.easterngraphics.com ldap://isc02.easterngraphics.com" tls start tls_reqcert=never acl-bind bindmethod=simple binddn="cn=manager,dc=easterngraphics,dc=com" credentials=seret ### end config ### ### log snippet with both mirrors offline ### Jun 4 15:43:50 gatekeeper slapd[2447]: backend_startup_one: starting "dc=easterngraphics,dc=com" Jun 4 15:43:50 gatekeeper slapd[2447]: ldap_back_db_open: URI=ldap://isc01.easterngraphics.com ldap://isc02.easterngraphics.com Jun 4 15:43:50 gatekeeper slapd[2447]: slapd starting Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: added 4r listener=(nil) Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: added 7r listener=0x7da180 Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:43:50 gatekeeper slapd[2447]: Jun 4 15:43:50 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL ### start request ### Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: slap_listener_activate(7): Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 busy Jun 4 15:44:26 gatekeeper slapd[2447]: >>> slap_listener(ldap://192.168.9.254) Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: listen=7, new connection on 9 Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: 9r Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: read active on 9 Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: added 9r (active) listener=(nil) Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 fd=9 ACCEPT from IP=192.168.9.225:48622 (IP=192.168.9.254:389) Jun 4 15:44:26 gatekeeper slapd[2447]: connection_get(9) Jun 4 15:44:26 gatekeeper slapd[2447]: connection_get(9): got connid=0 Jun 4 15:44:26 gatekeeper slapd[2447]: connection_read(9): checking for input on id=0 Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 op=0 do_bind Jun 4 15:44:26 gatekeeper slapd[2447]: >>> dnPrettyNormal: <cn=manager,dc=easterngraphics,dc=com> Jun 4 15:44:26 gatekeeper slapd[2447]: <<< dnPrettyNormal: <cn=manager,dc=easterngraphics,dc=com>, <cn=manager,dc=easterngraphics,dc=com> Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 op=0 BIND dn="cn=manager,dc=easterngraphics,dc=com" method=128 Jun 4 15:44:26 gatekeeper slapd[2447]: do_bind: version=3 dn="cn=manager,dc=easterngraphics,dc=com" method=128 Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:44:26 gatekeeper slapd[2447]: send_ldap_result: conn=0 op=0 p=3 Jun 4 15:44:26 gatekeeper slapd[2447]: send_ldap_result: err=52 matched="" text="Start TLS failed" Jun 4 15:44:26 gatekeeper slapd[2447]: send_ldap_response: msgid=1 tag=97 err=52 Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 op=0 RESULT tag=97 err=52 text=Start TLS failed Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: 9r Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: read active on 9 Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:44:26 gatekeeper slapd[2447]: connection_get(9) Jun 4 15:44:26 gatekeeper slapd[2447]: connection_get(9): got connid=0 Jun 4 15:44:26 gatekeeper slapd[2447]: connection_read(9): checking for input on id=0 Jun 4 15:44:26 gatekeeper slapd[2447]: ber_get_next on fd 9 failed errno=0 (Success) Jun 4 15:44:26 gatekeeper slapd[2447]: connection_read(9): input error=-2 id=0, closing. Jun 4 15:44:26 gatekeeper slapd[2447]: connection_closing: readying conn=0 sd=9 for close Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:44:26 gatekeeper slapd[2447]: Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:44:26 gatekeeper slapd[2447]: connection_close: deferring conn=0 sd=9 Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 op=1 do_unbind Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 op=1 UNBIND Jun 4 15:44:26 gatekeeper slapd[2447]: connection_resched: attempting closing conn=0 sd=9 Jun 4 15:44:26 gatekeeper slapd[2447]: connection_close: conn=0 sd=9 Jun 4 15:44:26 gatekeeper slapd[2447]: =>ldap_back_conn_destroy: fetching conn 0 Jun 4 15:44:26 gatekeeper slapd[2447]: daemon: removing 9 Jun 4 15:44:26 gatekeeper slapd[2447]: conn=0 fd=9 closed ### start mirror two, let mirror one offline, new request ### Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:45:37 gatekeeper slapd[2447]: Jun 4 15:45:37 gatekeeper slapd[2447]: slap_listener_activate(7): Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: epoll: listen=7 busy Jun 4 15:45:37 gatekeeper slapd[2447]: >>> slap_listener(ldap://192.168.9.254) Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: listen=7, new connection on 9 Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: added 9r (active) listener=(nil) Jun 4 15:45:37 gatekeeper slapd[2447]: conn=1 fd=9 ACCEPT from IP=192.168.9.225:53900 (IP=192.168.9.254:389) Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on 2 descriptors Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:45:37 gatekeeper slapd[2447]: 9r Jun 4 15:45:37 gatekeeper slapd[2447]: Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: read active on 9 Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Jun 4 15:45:37 gatekeeper slapd[2447]: connection_get(9) Jun 4 15:45:37 gatekeeper slapd[2447]: connection_get(9): got connid=1 Jun 4 15:45:37 gatekeeper slapd[2447]: connection_read(9): checking for input on id=1 Jun 4 15:45:37 gatekeeper slapd[2447]: conn=1 op=0 do_bind Jun 4 15:45:37 gatekeeper slapd[2447]: >>> dnPrettyNormal: <cn=manager,dc=easterngraphics,dc=com> Jun 4 15:45:37 gatekeeper slapd[2447]: <<< dnPrettyNormal: <cn=manager,dc=easterngraphics,dc=com>, <cn=manager,dc=easterngraphics,dc=com> Jun 4 15:45:37 gatekeeper slapd[2447]: conn=1 op=0 BIND dn="cn=manager,dc=easterngraphics,dc=com" method=128 Jun 4 15:45:37 gatekeeper slapd[2447]: do_bind: version=3 dn="cn=manager,dc=easterngraphics,dc=com" method=128 Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on 1 descriptor Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: activity on: Jun 4 15:45:37 gatekeeper slapd[2447]: Jun 4 15:45:37 gatekeeper slapd[2447]: daemon: epoll: listen=7 active_threads=0 tvp=NULL ### mirror hangs now, try to shutdown ### Jun 4 15:47:02 gatekeeper slapd[2447]: daemon: shutdown requested and initiated. Jun 4 15:47:02 gatekeeper slapd[2447]: daemon: closing 7 Jun 4 15:47:02 gatekeeper slapd[2447]: connection_closing: readying conn=1 sd=9 for close Jun 4 15:47:02 gatekeeper slapd[2447]: connection_close: deferring conn=1 sd=9 Jun 4 15:47:02 gatekeeper slapd[2447]: slapd shutdown: waiting for 1 operations/tasks to finish -- "Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid." --- Frank Vincent Zappa

2 3

Re: proxy hangs irreversible if the first mirror in the uri list is down
by masarati＠aero.polimi.it 09 Jun '09

09 Jun '09

> Well, found the problem. > > Maybe it's stated somewhere, however, use of uri lists is broken with TLS > but > works with SSL. > > If TLS is used the call of ldap_pvt_thread_mutex_lock() in > back-ldap/bind.c:1584 comes never back and the server hangs. OK, I see the problem. Please file an ITS for this issue: <http://www.openldap.org/its/>. p.

1 0

slapadd -q fails to close BDB on Windows
by Kyle Blaney 08 Jun '09

08 Jun '09

I am experiencing intermittent failures to close the Berkeley database when running slapadd using quick mode on Windows. I have reproduced the problem using OpenLDAP 2.4.16, 2.4.15, and 2.3.42. I am using BDB 4.4.20 with all applicable patches. The problem only occurs when quick mode is used. I have not seen the problem on Linux systems. Here are the steps that (sometimes) reproduce the problem: 1. Start slapd to create initial database files: slapd -f slapd.conf -d -1 2. Stop slapd using CTRL-C. 3. Add initial data: slapadd -f slapd.conf -l initialData.ldif -q When the problem occurs, slapadd displays the following error message: C:\openldap>slapadd -f slapd.conf -l initialData.ldif -q Closing DB... bdb_db_close: database "dc=Nortel,dc=com": alock_close failed Here is the weird part - the problem is difficult to reproduce, unless you set your system clock to certain times on May 25, 2009. For example, I can reproduce the problem 100% of the time when I set my system clock to May 25, 2009 at 2:00 PM. When my system clock has other dates, the problem is very difficult to reproduce. In fact, if I switch my system clock back and forth between May 25, 2009 at 2:00 PM and May 26, 2009 at 2:00 PM while repeatedly running slapadd with quick mode (-q) and continue-on-error (-c), the problem always occurs on May 25 but never on May 26. My slapd.conf and initialData.ldif are minimal: C:\openldap>more slapd.conf ucdata-path data include core.schema include cosine.schema backend bdb database bdb suffix "dc=Nortel,dc=com" directory data C:\openldap>more initialData.ldif dn: dc=Nortel,dc=com objectclass: top objectClass: organizationalUnit objectclass: dcObject ou: Nortel dc: Nortel Any help is appreciated. Kyle Blaney

2 1

Re: Changing password with replicat and referal do nothing
by paulpierre.brun＠free.fr 02 Jun '09

02 Jun '09

Hello, I can load module overlay chain. I don't no if it's compile. For compiling I do that : ./configure —prefix= —enable-overlays —enable-ppolicy —enable-rwm —enable-bdb To test overlay chain I do ./run -b ldif test032 Cleaning up test run directory leftover from previous run. Running ./scripts/test032-chain... running defines.sh LDAP backend not available, test skipped I don't no how I can load module in slapd.conf, I put those ligne modulepath /usr/sbin/openldap moduleload back_ldap.la and when i do service ldap start , i have overlay "chain" not found. I can found file back_ldap.la, how i can compile module to use overlay chain ??? Thanks for help. ----- Mail Original ----- De: "Quanah Gibson-Mount" <quanah(a)zimbra.com> À: "paulpierre brun" <paulpierre.brun(a)free.fr> Cc: openldap-software(a)openldap.org Envoyé: Jeudi 28 Mai 2009 18h18:32 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Changing password with replicat and referal do nothing --On Thursday, May 28, 2009 2:27 PM +0200 paulpierre.brun(a)free.fr wrote: > Thanks for answers : > I try with (c) at service ldap start i have : > :overlay "chain" not found > > How I can load module overlay ??? > > configure parameters are : > > ./configure —prefix= —enable-overlays —enable-ppolicy —enable-rwm > —enable-bdb Hi Paul, Please keep replies on the list. Did you use the moduleload statement to load the chain module? I suggest you look at the test suite, particularly test032. You can run that test, and see the configs that are generated when it completes. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 2

nssov support for group with spaces?
by Greek Ordono 01 Jun '09

01 Jun '09

is this is a known bug? ERROR: @(#) $OpenLDAP: slapd 2.4.11 (Mar 26 2009 08:14:38) $ daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) slapd starting nssov: group entry cn=Domain Admins,ou=Groups,dc=domain,dc=com contains invalid group name: "Domain Admins" -- grexk

4 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software June 2009