openldap-technical December 2015

openldap-technical@openldap.org

53 participants
66 discussions

openldap 2.4.43 keeps crashing
by Jephte Clain 29 Dec '15

29 Dec '15

hello all, I upgraded to OpenLDAP 2.4.43 three weeks ago. It runs on debian squeeze 64bits lts it is built from sources with the fix from ITS#8330 Since the upgrade, it keeps crashing regularly (I would say once every 2 to 5 days) However, there isn't anything in the logs: no message, no error, no nothing slapd no longer runs, I restart it, and it runs ok until the next crash now I don't know how to debug that. I could downgrade to the previous version (2.4.41) which worked fine, but as our university is closed until 01/11, this is the perfect time to investigate. I still don't know if it's a bug in 2.4.43 or a misconfiguration for which previous versions was forgiving What are your advice to track down the cause for the crash? PS: here is a bit of context: one master with 2 mdb databases: one accesslog, one for the data two slaves (I mean complete replication, even cn=config) the master has crashed only once the slaves keep crashing regularly the slaves are complete replicas of the master, and I wonder if it could be a source of problems: I'll give details in another thread -- *Jephté CLAIN | Développeur, Intégrateur d'applications* Service Systèmes d'Information Direction des Systèmes d'Information <http://dsi.univ-reunion.fr> Tél: +262 262 93 86 31 <tel:+262262938631> || Gsm: +262 692 29 58 24 <tel:+262692295824> www.univ-reunion.fr <http://www.univ-reunion.fr> || Facebook <http://www.facebook.com/pages/Universit%C3%A9-de-La-R%C3%A9union-OFFICIEL/1…> || Twitter <http://twitter.com/univ_reunion>

4 6

RE: lmdb Handle Leak with VL32 on Windows
by Jeremiah Morrill 28 Dec '15

28 Dec '15

Submitted (seems like #8342). Apologies for not doing this before. I will go through ITS with reports in the future. -Jer From: Howard Chu<mailto:hyc@symas.com> Sent: Monday, December 28, 2015 12:12 AM To: Jeremiah Morrill<mailto:Jeremiah.Morrill@econnect.tv>; openldap-technical(a)openldap.org<mailto:openldap-technical@openldap.org> Subject: Re: lmdb Handle Leak with VL32 on Windows Jeremiah Morrill wrote: > I noticed what I believe may be a handle leak against the latest (commit > 7b9928c) on github, with the MDB_VL32 on Windows. After some poking around, > it seems to be the file mapping handle, env->me_fmh. I threw it to a > CloseHandle in the env_close0(…) and it seemed to resolve it. Please submit this to the ITS. > > Here’s a quick diff: > > diff --git a/src/lmdb.c b/src/mdb.c > > index a564d40..190c860 100644 > > --- a/src/mdb.c > > +++ b/src/mdb.c > > @@ -5350,6 +5350,7 @@ mdb_env_close0(MDB_env *env, int excl) > > } > > #ifdef MDB_VL32 > > #ifdef _WIN32 > > + if (env->me_fmh) CloseHandle(env->me_fmh); > > if (env->me_rpmutex) CloseHandle(env->me_rpmutex); > > #else > > pthread_mutex_destroy(&env->me_rpmutex); > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Can't open env with required mapsize on windows .
by Mohammed Muneer 28 Dec '15

28 Dec '15

I can env_set_mapsize(env, 1 GB) without any problems in linux. But on windows, it is a different story Machine 1) Windows 64 only opens with upto 10 MB (apporx) Machine 2 Windows 64 only opens with upto 500 MB (apporx) Machine 3) Virtual box Windows 64 running on linux works with 1 GB Q1) So why is this happening. Am I doing anything wrong. Q2) And setting env_set_mapsize before calling open is not enough. I need to set env_set_mapsize(env, 0) just before beginning a write transaction inorder to insert something or otherwise the application indefinitely hangs on the second insert transaction. Both the above questions concerns just Windows. Everything is fine with linux.

2 2

lmdb Handle Leak with VL32 on Windows
by Jeremiah Morrill 28 Dec '15

28 Dec '15

I noticed what I believe may be a handle leak against the latest (commit 7b9928c) on github, with the MDB_VL32 on Windows. After some poking around, it seems to be the file mapping handle, env->me_fmh. I threw it to a CloseHandle in the env_close0(…) and it seemed to resolve it. Here’s a quick diff: diff --git a/src/lmdb.c b/src/mdb.c index a564d40..190c860 100644 --- a/src/mdb.c +++ b/src/mdb.c @@ -5350,6 +5350,7 @@ mdb_env_close0(MDB_env *env, int excl) } #ifdef MDB_VL32 #ifdef _WIN32 + if (env->me_fmh) CloseHandle(env->me_fmh); if (env->me_rpmutex) CloseHandle(env->me_rpmutex); #else pthread_mutex_destroy(&env->me_rpmutex);

2 1

Authenticating clients
by bluethundr＠gmail.com 25 Dec '15

25 Dec '15

Hey guys, I've recently disabled anonymous binds and required TLS on my OpenLDAP sever in order to log in. Back when I was testing and anonymous binds were enabled and TLS was off I could get LDAP accounts to login to the servers. And using a simple tool like "authconfig-tui" under CentOS was all I needed to use to set that up. Where can I find the docs to configure a client server to allow LDAP account logins with anonymous binds disabled and TLS required on the OpenLDAP server? I need to do this for both Red Hat/CentOS machines and Ubuntu clients as well. I've been googling and haven't found anything helpful for both types. Thanks, Tim Sent from my iPhone

2 1

users don't get prompt to change password (pwdMustChange attribute)
by Rajagopal Rc 24 Dec '15

24 Dec '15

Hello, I am trying to force user to change their password at first logon and on password reset. OS RHEL7 Openldap version 2.4.39-7.el7_1.x86_64 I have tried the following 1) I have set the pwdMustChange attribute to TRUE in ppolicy, but when user logon to client at first time or after resetting password, it just allow suer to logon without prompting to change the password, 2) I have set the pwdReset attribute to TRUE in user attribute for particular user, this doesn't allow user to login at all and keep prompting for password without allowing to login. Also i red in blogs this is not correct way, but couldn't find more information on this. is there any way to force users to change their password at first logon and after resetting password by admin. ? Current ppolicy Thanks & Regards Raj =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

1 0

Issue while changing user password by self
by Rajagopal Rc 24 Dec '15

24 Dec '15

Hello, I am trying to allow users to change their own passwords OS RHEL7 Openldap version 2.4.39-7.el7_1.x86_64 ACL in slapd.conf disallow bind_anon access to attrs=userPassword by self write by dn.base="cn=mirrormode,dc=rnd,dc=com" read by dn.base="cn=binduser,dc=rnd,dc=com" read by * auth access to * by dn.base="cn=mirrormode,dc=rnd,dc=com" read by dn.base="cn=binduser,dc=rnd,dc=com" read by * break access to * by dn="cn=Manager,dc=rnd,dc=com" by users read by self write by * auth from client machine 'user5' is trying to change own password and getting following error $ ldappasswd -H ldaps://ldapdev.rnd.com:636 -x -D "cn=user 5,ou=people,dc=rnd,dc=com" -W -A -S Old password: Re-enter old password: New password: Re-enter new password: Enter LDAP Password: Result: Insufficient access (50) Additional info: User alteration of password is not allowed This error looks like issue with permissions, yet i have already allowed access to attrs=userPassword by self write in slapd.conf, please let me know if there is any thing wrong in above ACL and why i am getting this error Thanks & Regards Raj =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

4 6

Segmentation fault (core dumped) on ldapmodify
by Tim Dunphy 24 Dec '15

24 Dec '15

Hey guys, I have these options set for SSL in my cn=config setup: [root@ldap1:~] #ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config|grep ssl SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 olcTLSCACertificateFile: /etc/ssl/certs/ldap-ca-cert.pem olcTLSCertificateFile: /etc/ssl/certs/ldap-server.crt olcTLSCertificateKeyFile: /etc/ssl/certs/ldap-server.key And I want to change the settings to the contents of this ldif file: [root@ldap1:~] #cat addcerts.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/pki/CA/certs/ca.crt - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap1.example.com.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap1.example.com.key But when I try to do that I get an error: [root@ldap1:~] #ldapmodify -H ldapi:// -Y EXTERNAL -f addcerts.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 Segmentation fault (core dumped) I wonder if I could be running low on memory: [root@ldap1:~] #free -m total used free shared buffers cached Mem: 992 815 177 10 140 445 -/+ buffers/cache: 229 762 Swap: 0 0 0 Could this be causing the error? How can I make this change without encountering the segmentation fault? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

3 4

pwdChangedTime Undefined Attribute
by Borresen, John - 0444 - MITLL 24 Dec '15

24 Dec '15

All, The "ppolicy" overlay has been loaded to my bdb. The cn=default,ou=pwpolicies,dc=group,dc=ldap has been defined. The pwdPolicySubentry operational attribute was added to uid=jdoe,ou=Users,dc=group,dc=ldap, as well. Now, trying to add the pwdChangedTime attribute to the jdoe UID. Ran "ldapadd" from the command-line: # ldapmodify -d 4 -x -W -H ldap://ldapsrvr.group.ldap -D cn=ldapadmin,dc=group,dc=ldap Enter LDAP Password: ############ dn: uid=jdoe,ou=Users,dc=group,dc=ldap changetype: add add: pwdChangedTime pwdChangedTime: 201512231458Z adding new entry "uid=jdoe,ou=Users,dc=group,dc=ldap" ldap_add: Undefined attribute type (17) additional info: add: attribute type undefined >From my reading, this should be an Operational Attribute that isn't constrained or defined by an ObjectClass. Thanks for the help in advance. Btw, I am running OpenLDAP 2.4.40. John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Humanitarian Assistance and Disaster Relief (HADR) Systems 244 Wood St Lexington, MA 02420 Email: <mailto:john.borresen@ll.mit.edu> john.borresen(a)ll.mit.edu

2 4

LMDB many dup fixed size elements
by Simon Majou 23 Dec '15

23 Dec '15

Hello, I want to allow users to create tables with dup fixed size. A solution would be to create named databases, but that would make potentially a lot of tables (for instance millions), and doesn't seem ok cf the comment on function mdb_env_set_maxdbs. Another solution would be to create one DB for each fixed size and insert the users and their tables inside. Would it be better ? -- Best regards, Simon

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2015