Bug#742788: npcdmod problem with largs perfdata (8192)
Package: pnp4nagios-bin Version: 0.6.16-2 Severity: normal Tags: patch Hello, i use debian stable (7.4) as my nagios server and have some checks with large perfdata. I use the npcdmod.o to write this perfdata to file (broker_module). If the perfdata is to long, the string will not terminted by newline and the next line append to this line. See Attached file: perfdata.dump.gz zgrep .DATATYPE perfdata.dump.gz #will help to find the line/problem this is one line DATATYPE::SERVICEPERFDATA TIMET::1395924718 HOSTNAME::xx2.rz.uni-jena.deSERVICEDESC::multi_nrpe_stat-fc3 SERVICEPERFDATA::check_multi::check_multi::plugins=19 time=1.530292 stat_dev_sdi::stat_dev::sdi_readB=1578376192c; sdbx_readB=189207294976c; sdbx_writeB=11083DATATYPE::SERVICEPERFDATA TIMET::1395924718 HOSTNAME::mailout1.rz.uni-jena.de SERVICEDESC::multi_nrpe_stat SERVICEPERFDATA::check_multi::check_multi::plugins=4 time=0.125382 stat_net::stat_net::eth0_in=895375029c; eth0_out=470741808c; eth0_in_err=0c; eth0_in_drop=0c; eth0_out_err=0c; eth0_out_drop=0c; lo_in=14205c; lo_out=14205c; lo_in_err=0c; lo_in_drop=0c; lo_out_err=0c; lo_out_drop=0c; stat_dev::stat_dev::sda_readB=567335936c; sda_writeB=5723353088c; sda_read_time=62052c; sda_write_time=899829c; sda_read=23177c; sda_write=412738c; sda_read_merged=4104c; sda_write_merged=1000449c; sda_io_wait=0; sda_io_time=340722c; sda_io_weighted=961474c; SERVICECHECKCOMMAND::my_check_multi!nrpe_stat.cmd!-t 35 -T 60 SERVICESTATE::0 SERVICESTATETYPE::1 So this perfdata will be assigned to an other host/service ... I converted this code (npcdmod.c) from snprintf with fput to fprintf only, see patch attached. So the length of perfdata is not relevant. In my environment i tested this patch successfully. best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 perfdata.dump.gz Description: application/gzip --- pnp4nagios-0.6.16/src/npcdmod.c-orig 2014-03-27 14:23:11.560204139 +0100 +++ pnp4nagios-0.6.16/src/npcdmod.c 2014-03-27 14:39:52.508100371 +0100 @@ -187,7 +187,7 @@ service *service=NULL; // char temp_buffer[1024]; - char perfdatafile_template[9216]; +// char perfdatafile_template[9216]; /* what type of event/data do we have? */ switch (event_type) { @@ -213,8 +213,9 @@ if (hostchkdata-type == NEBTYPE_HOSTCHECK_PROCESSED hostchkdata-perf_data != NULL) { -snprintf(perfdatafile_template, sizeof(perfdatafile_template) - - 1, DATATYPE::HOSTPERFDATA\t +//snprintf(perfdatafile_template, sizeof(perfdatafile_template) - 1, +fprintf(fp, +DATATYPE::HOSTPERFDATA\t TIMET::%d\t HOSTNAME::%s\t HOSTPERFDATA::%s\t @@ -224,9 +225,9 @@ hostchkdata-host_name, hostchkdata-perf_data, hostchkdata-command_name, hostchkdata-command_args, hostchkdata-state, hostchkdata-state_type); -perfdatafile_template[sizeof(perfdatafile_template) - 1] - = '\x0'; -fputs(perfdatafile_template, fp); +//perfdatafile_template[sizeof(perfdatafile_template) - 1] +// = '\x0'; +//fputs(perfdatafile_template, fp); } } break; @@ -254,8 +255,9 @@ write_to_all_logs(temp_buffer, NSLOG_INFO_MESSAGE); */ -snprintf(perfdatafile_template, sizeof(perfdatafile_template) - - 1, DATATYPE::SERVICEPERFDATA\t +//snprintf(perfdatafile_template, sizeof(perfdatafile_template) - 1, +fprintf(fp, + DATATYPE::SERVICEPERFDATA\t TIMET::%d\t HOSTNAME::%s\t SERVICEDESC::%s\t @@ -266,9 +268,9 @@ srvchkdata-host_name, srvchkdata-service_description, srvchkdata-perf_data, service-service_check_command, srvchkdata-state, srvchkdata-state_type); -perfdatafile_template[sizeof(perfdatafile_template) - 1] - = '\x0'; -fputs(perfdatafile_template, fp); +//perfdatafile_template[sizeof(perfdatafile_template) - 1] +// = '\x0'; +//fputs(perfdatafile_template, fp); } } break; smime.p7s Description: S/MIME Cryptographic Signature
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan, Am 18.10.2013 07:54, schrieb Ryan Tandy: ... Quanah is correct that several fixes are needed to 2.4.31 in order to have working MMR (and probably several more depending on the overlays you use), and I agree that the fastest way to a working server is probably to build your own from recent upstream code. We prefer to use packages for our servers. Also we see the need of a newer upstream release version. To build a package with some local changes applied, the basic workflow looks like: .. See http://debian-handbook.info/browse/stable/debian-packaging.html for more guidance. thanks for this help Your other option would be to wait until a newer upstream version is introduced into unstable and then install that, possibly rebuilding it for wheezy if the library dependencies changed. This would be the best option for us. Did you know when a new upstream version in unstable or experimental would be released? Until this we have to try to build our own package at 2.4.36 (the first trial is failed). best regards Thomas -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 smime.p7s Description: S/MIME Kryptografische Unterschrift
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan, Am 11.10.2013 00:44, schrieb Ryan Tandy: Hi Thomas, Sorry it took me so long to get back to you. I think the problem is that your slapd.conf uses LDAP Sync replication and not delta-syncrepl. I missed that at first because you have an accesslog database configured, so I assumed you were using delta-syncrepl, but your syncrepl consumers are actually not configured for it. we try to configure Delta-syncrepl and run in next issue :( The slapd on the slaves crashes immediately after modifying a group on memberof overlay. I can try to start in debug mode an the slave crashes after the next entry: ldap-slave# slapd -u openldap -g openldap -F /etc/ldap/slapd.d -d -1 525d3d02 = access_allowed: search access to cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de objectClass requested 525d3d02 = root access granted 525d3d02 = access_allowed: search access granted by manage(=mwrscxd) 525d3d02 = test_filter 6 525d3d02 send_ldap_result: conn=-1 op=0 p=3 525d3d02 send_ldap_result: err=0 matched= text= 525d3d02 == unique_modify cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 unique_modify: administrative bypass, skipping 525d3d02 = bdb_entry_get: ndn: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 = bdb_entry_get: oc: (null), at: (null) 525d3d02 bdb_dn2entry(cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de) 525d3d02 = bdb_entry_get: found entry: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 bdb_entry_get: rc=0 525d3d02 hdb_modify: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 bdb_dn2entry(cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de) 525d3d02 bdb_modify_internal: 0x0056: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 = acl_access_allowed: granted to database root 525d3d02 bdb_modify_internal: softdel member 525d3d02 dnMatch 1 cn=ldapadmin,ou=local,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49qeq,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49haf,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49lan,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49ded,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49bel,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 0 uid=ko35rot,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 bdb_modify_internal: replace entryCSN 525d3d02 bdb_modify_internal: replace modifiersName 525d3d02 bdb_modify_internal: replace modifyTimestamp 525d3d02 = key_change(DELETE,56) 525d3d02 bdb_idl_delete_key: 56 525d3d02 = key_change 0 525d3d02 = key_change(ADD,56) 525d3d02 bdb_idl_insert_key: 56 525d3d02 = key_change 0 525d3d02 = entry_encode(0x0056): 525d3d02 = entry_encode(0x0056): 525d3d02 hdb_modify: updated id=0056 dn=cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 send_ldap_result: conn=-1 op=0 p=3 525d3d02 send_ldap_result: err=0 matched= text= slapd: ../../../../../servers/slapd/overlays/memberof.c:1465: memberof_res_modify: Assertion `0' failed. Abgebrochen Sounds like ITS#7487 (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7487;page=6) best regards Thomas -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 smime.p7s Description: S/MIME Kryptografische Unterschrift
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan, On 02.10.2013 00:52, wrote Ryan Tandy: Hi Thomas, On Tue, Oct 1, 2013 at 4:10 AM, Thomas Sesselmann thomas.sesselm...@uni-jena.de wrote: We installed a multimaster replication setup. Now if we modifies some attributes and groups-memberships and the memory use of the slapd on the 'master' increase extremely (10G) until out of memory. I think you might be experiencing ITS#7292. What do you think? If you bring up a new server with the same configuration and an empty database and allow it to start replicating, like in the ITS, do you observe the same memory usage? http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7292 I don't know, on initial update/sync there are no problems. The problem exists only if the two master servers are in sync with the persist connection (syncrepl type=refreshAndPersist). It was fixed upstream in 2.4.32 by a series of commits: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=shortlog;h=dc912776;hp=65c0cd19 If it's easy for you to rebuild a package and deploy it in a testing environment, you might try doing so with those changes integrated. We now build an independent test-environment. So we can install there test packages ... Rebuild a source packages with some diffs is not impossible, but will spend some time, because we have to learn it first ;) We use the online config. In attachment is the corresponding slapd.conf. I tried to reproduce your report but wasn't successful yet. Is it possible for you to reduce the testcase any further? For example, can you still trigger it if you omit some of the overlays? We delete all overlays (except syncprov) and the problem still exists. The modules are loaded but not used in the configuration, if this should change something? We modifies the member of some groups (delete/add). There are much users in the groups (2), perhaps the result is so worse. Here are the Skript we used: ---modify.pl #!/usr/bin/perl use strict; use warnings; use Net::LDAPS; use Net::LDAP::Util qw(ldap_error_text); my $hostname= ['ldaptest2.rz.uni-jena.de']; my $binddn = 'ou=local,dc=uni-jena, dc=de'; my $auth= 'uid=xxxy'; my $passwd = ''; my $basedn = ou=users,dc=uni-jena,dc=de; my $ldap = Net::LDAP-new($hostname) or die Unable to connect to LDAP server $hostname: $@\n; my $mesg = $ldap- start_tls() or die Unable to StartTLS: $@\n; $ldap-bind( $auth,$binddn, password = $passwd, version = 3 ) or die Binding to the LDAP-Server; ##searching on LDAP my $searchresult = $ldap-search(base =$basedn, filter = ((uid=*)(mail=*)(|(mailHost=mail1.rz.uni-jena.de))), attrs = ['*', 'memberOf']) or die Searching the LDAP-Server; print STDOUT (.$searchresult-count.)\n; sub in_array { my ($arr,$search_for) = @_; return grep {$search_for eq $_} @$arr; } ### For all LDAP-USERS ### foreach my $entry ($searchresult-entries) { my @AddArray= []; my @ReplaceArray= []; my @DeleteArray = []; print STDOUT $entry-dn, \n; my $memberOfs = $entry-get_value('memberOf', asref = 1); ### DELETE IN GROUP SMTP ### if(in_array($memberOfs,'cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de')){ $ldap-modify('cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de', delete = {member = [$entry-dn]}) or die Delete group SMTP; } ### DELETE IN GROUP SMTP-AUTH ### if(in_array($memberOfs,'cn=smtp-auth,ou=local,ou=groups,dc=uni-jena,dc=de')){ $ldap-modify('cn=smtp-auth,ou=local,ou=groups,dc=uni-jena,dc=de', delete = {member = [$entry-dn]}) or die Delete group SMTP-AUTH; } ### DELETE IN GROUP IMAP ### if(in_array($memberOfs,'cn=imap,ou=local,ou=groups,dc=uni-jena,dc=de')){ $ldap-modify('cn=imap,ou=local,ou=groups,dc=uni-jena,dc=de', delete = {member = [$entry-dn]}) or die Delete group IMAP; } ### WRITE USER MODIFICATIONS TO LDAP ### push @{$ReplaceArray[0]}, mailhost = mail1-deleted; $ldap-modify( $entry-dn, changes = [add = @AddArray, replace = @ReplaceArray, delete = @DeleteArray]) or die Modify User on LDAP; } $ldap-unbind(); --- best regards Thomas -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 smime.p7s Description: S/MIME Kryptografische Unterschrift
Bug#725091: slapd with memory leak in active sync
Package: slapd Version: 2.4.31-1+nmu2 Severity: serious Hello, we are using Debian 7.1 on amd64. We installed a multimaster replication setup. Now if we modifies some attributes and groups-memberships and the memory use of the slapd on the 'master' increase extremely (10G) until out of memory. This occurs only if the two servers in sync. If we disable the connection (i.e. iptables) between the servers, the memory usages isn't growing. We use the online config. In attachment is the corresponding slapd.conf. best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/sendmail.schema include /etc/ldap/schema/kerberos.schema include /etc/ldap/schema/fsu.schema include /etc/ldap/schema/eduperson.schema pidfile/var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload accesslog.la moduleload constraint.la moduleload dds.la moduleload dynlist.la moduleload memberof.la moduleload ppolicy.la moduleload refint.la moduleload syncprov.la moduleload unique.la moduleload back_hdb moduleload back_monitor backend hdb backend monitor TLSCACertificateFile /etc/ldap/certs/chain.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile/etc/ldap/certs/ldap.pem TLSCertificateKeyFile /etc/ldap/certs/ldap.key TLSVerifyClient allow ## server-ids/urls fuer mmr ### ServerID1 ldap://ldap1.rz.uni-jena.de; ServerID2 ldap://ldap2.rz.uni-jena.de; ## Match replicator authz-regexp CN=ldap\.uni-jena\.de,O=Universitaet Jena,L=Jena,ST=Thueringen,C=DE uid=replicator,ou=local,dc=uni-jena,dc=de ## generele Abfragen (Basisdn) ? access to dn.base= by * read ## Schema abfragen ? access to dn.base=cn=Subschema by * read ### # enable on-the-fly configuration (cn=config) database config ### syncrepl- direktiven fuer mmr der olc ### syncreplrid=003 provider=ldap://ldap1.rz.uni-jena.de; searchbase=cn=config type=refreshAndPersist retry=5 + bindmethod=sasl saslmech=EXTERNAL starttls=yes filter=(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE))) syncreplrid=004 provider=ldap://ldap2.rz.uni-jena.de; searchbase=cn=config type=refreshAndPersist retry=5 + bindmethod=sasl saslmech=EXTERNAL starttls=yes filter=(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE))) overlay syncprov MirrorMode On access to * by dn.exact=uid=replicator,ou=local,dc=uni-jena,dc=de read by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de manage by * none ### # enable server status monitoring (cn=monitor) database monitor access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de read by * none ### # enable server access logging (cn=logs) databasehdb suffix cn=logs checkpoint 1024 15 rootdn cn=ldapadmin,ou=local,dc=uni-jena,dc=de directory /var/lib/ldap/logs index reqStart,reqEnd,reqMod,reqResult eq index entryUUIDeq access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de read by * none ### # database definitions ### databasehdb suffix dc=uni-jena,dc=de checkpoint 1024 15 rootdn cn=ldapadmin,ou=local,dc=uni-jena,dc=de rootpw{SSHA}xxx directory /var/lib/ldap/data # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShelleq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntryeq,pres,sub index entryUUID eq ## Accesslog overlay accesslog
Bug#466856: rrd-files with wrong RRA-Values for step 60
Package: nagiosgrapher Version: 1.6.1rc3-2 Tags: patch Hello, when collect2.pl generates a new rrd-file the default-values are optimized for step 300. I think the use of $heartbeat is wrong on this place. My patch will calculate the steps of the RRA instead of the number of entries in an RRA. If the generally step is not 60 instead of 300, it will create 4 RRAs. best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Zentrale Datenverarbeitung Deutsches Krebsforschungszentrum Im Neuenheimer Feld 280 69120 Heidelberg Tel.: +49-6221/42-2357 E-Mail: [EMAIL PROTECTED] gpg-key: http://pgpkeys.pca.dfn.de/pks/lookup?op=getsearch=0x9392E54B 427,437c427,433 # Get Steps for RRA Value, for yearly, monthly, weekly, dayly, hourly graph my @rrasteps=(); foreach ( 86400, 7200, 3600, 300, 10 ) { my $aktstep = int( $_ / $step ); $aktstep++ if ( $_ % $step ); push @rrasteps, $aktstep if ( not grep( { $_ == $aktstep } @rrasteps ) ); } foreach ( @rrasteps ) { push @system, RRA:AVERAGE:0.5:$_:600; push @system, RRA:MAX:0.5:$_:600; push @system, RRA:MIN:0.5:$_:600; --- # Adding some default average frames # OLD: 5, 30, 120, 1440; for (1, 6, 24, 288) { push @system, RRA:AVERAGE:0.5:$_:$heartbeat; push @system, RRA:MAX:0.5:$_:$heartbeat; push @system, RRA:MIN:0.5:$_:$heartbeat;
Bug#466854: nagiosgrapher don't ignore comments in main config-file (/etc/nagiosgrapher/ngraph.ncfg)
Package: nagiosgrapher Version: 1.6.1rc3-2 Hello, nagiosgrapher respectivlely the Perl-Module /usr/share/perl5/NagiosGrapher.pm don't ignores comments. i.e. #notes_url /wiki/index.php/$HOSTNAME$#$SERVICEDESC$ matches also the regex 'm/(\w*[_]*\w*)\s+(.*)$/' like notes_url /wiki/index.php/$HOSTNAME$#$SERVICEDESC$ Mainly there should be something like this: s/#.*$//; See File /usr/share/perl5/NagiosGrapher.pm in lines 560-602. For the other definition files the comments will be ignored: (sub read_ngrapher_def line 667, 678 ...) best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Zentrale Datenverarbeitung Deutsches Krebsforschungszentrum Im Neuenheimer Feld 280 69120 Heidelberg Tel.: +49-6221/42-2357 E-Mail: [EMAIL PROTECTED] gpg-key: http://pgpkeys.pca.dfn.de/pks/lookup?op=getsearch=0x9392E54B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#440632: CVE-2007-5707 remote denial of service with malformed objectClasses attribute
Hello, how is the status of this _grave_ bug for stable (etch) and oldstable (sarge)? It will be very nice if this will be fixed, since the fixed version is in testing (security) since 2007-11-18. thanks and best regards Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut fuer Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
Bug#440632: marked as done (ldapadd with 'objectClasses' instead of 'objectClass' brings slapd down)
Hello, because of this Bug can easily cause as Denial of Service of the stable LDAP-Server, i will be happy if you can backport the fix/patch to the stable (etch) release of slapd. many thanks Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut für Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
Bug#440632: ldapadd with 'objectClasses' instead of 'objectClass' brings slapd down
Package: slapd Version: 2.3.30-5 Severity: grave Hello, i am used debian etch. I am wrongly used the misspelling Attribute 'objectClasses' instead of 'objectClass' in ldapadd and then the slapd dies ... I have verified this with a new (debian default) installation with no special things and anonymous ldapadd! [EMAIL PROTECTED]:~$ ldapadd -x dn: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de objectClasses: top adding new entry uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de ldap_add: Invalid syntax (21) additional info: objectClasses: value #0 normalization failed = now there are no slapd-processes left ... (the slapd process is dead) [EMAIL PROTECTED]:~$ ldapsearch -h ldap uid=test4 ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) [EMAIL PROTECTED]:~# ps -ef |grep slap root 21036 14161 0 10:30 pts/000:00:00 grep slap The Log '/var/log/syslog' for the crash (loglevel 4095): Sep 3 10:32:50 ldap slapd[21091]: daemon: read activity on 12 Sep 3 10:32:50 ldap slapd[21091]: connection_get(12) Sep 3 10:32:50 ldap slapd[21091]: connection_get(12): got connid=3 Sep 3 10:32:50 ldap slapd[21091]: connection_read(12): checking for input on id=3 Sep 3 10:32:50 ldap slapd[21091]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=6 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=7 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=8 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: do_add Sep 3 10:32:50 ldap slapd[21091]: dnPrettyNormal: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: dnPrettyNormal: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de, uid=test5,ou=sonst,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: do_add: dn (uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de) Sep 3 10:32:50 ldap slapd[21091]: conn=3 op=4 ADD dn=uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: = str2entry NULL (ssyn_normalize 21) Sep 3 10:32:50 ldap slapd[21091]: send_ldap_result: conn=3 op=4 p=3 Sep 3 10:32:50 ldap slapd[21091]: send_ldap_result: err=21 matched= text=objectClasses: value #0 normalization failed Sep 3 10:32:50 ldap slapd[21091]: send_ldap_response: msgid=5 tag=105 err=21 Sep 3 10:32:50 ldap slapd[21091]: conn=3 op=4 RESULT tag=105 err=21 text=objectClasses: value #0 normalization failed best regards Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann __O Kirchhoff-Institut für Physik _\-, Universitaet Heidelberg _(_)/(_)_ INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED]
Bug#409357: Improvment of the openafs-fileserver init-skript with additional start-options
Package: openafs-fileserver Version: 1.4.2-5 Severity: minor Tags: patch Hello, I want to start the bos-server with the '-syslog' option to get the logs to syslog. So I change the init-skript '/etc/init.d/openafs-fileserver' for adding DAEMON_ARGS and read the /etc/default/openafs-fileserver' file. I attach the changed '/etc/init.d/openafs-fileserver', the new file '/etc/default/openafs-fileserver' and a patch 'change-init-skript-openafs-fileserver.patch'. Sorry for the two attachments with same name, but i think you can differ they by content. Best Regards Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut für Physik Universität Heidelberg INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] /\ \ /ASCII Ribbon Campaign X against HTML email vCards / \ 26a27 DAEMON_ARGS= 36a38,41 # Read configuration variable file if it is present [ -r /etc/default/openafs-fileserver ] . /etc/default/openafs-fileserver 42c47 --exec $DAEMON --- --exec $DAEMON -- $DAEMON_ARGS 75c80 --exec $DAEMON --- --exec $DAEMON -- $DAEMON_ARGS #! /bin/sh ### BEGIN INIT INFO # Provides: openafs-fileserver # Required-Start: $local_fs $remote_fs $network $time # Required-Stop:$local_fs $remote_fs $network # Default-Start:2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description:OpenAFS file and database server manager # Description: Starts, stops, or restarts the OpenAFS bosserver, # which is the process that starts and manages the # OpenAFS file server or database servers depending on # its configuration. ### END INIT INFO # # skeleton example file to build /etc/init.d/ scripts. # This file should be used to construct scripts for /etc/init.d. # # Written by Miquel van Smoorenburg [EMAIL PROTECTED]. # Modified for Debian GNU/Linux # by Ian Murdock [EMAIL PROTECTED]. # # Version: @(#)skeleton 1.8 03-Mar-1998 [EMAIL PROTECTED] # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/bosserver DAEMON_ARGS= NAME=bosserver DESC=AFS Server exec 3/dev/null exec /dev/null test -f $DAEMON || exit 0 # Read configuration variable file if it is present [ -r /etc/default/openafs-fileserver ] . /etc/default/openafs-fileserver case $1 in start) echo -n Starting $DESC: start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_ARGS echo $NAME. ;; stop) echo -n Stopping $DESC: bos shutdown localhost -wait -localauth start-stop-daemon --stop --quiet \ --user root --name bosserver echo $NAME. ;; #reload) # # If the daemon can reload its config files on the fly # for example by sending it SIGHUP, do it here. # # If the daemon responds to changes in its config file # directly anyway, make this a do-nothing entry. # # echo Reloading $DESC configuration files. # start-stop-daemon --stop --signal 1 --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON #;; restart|force-reload) # # If the reload option is implemented, move the force-reload # option to the reload entry above. If not, force-reload is # just the same as restart. # echo -n Restarting $DESC: if pidof $DAEMON /dev/null ; then bos restart localhost -localauth -bos else start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ --exec $DAEMON -- $DAEMON_ARGS fi sleep 1 echo $NAME. ;; *) N=/etc/init.d/$NAME # echo Usage: $N {start|stop|restart|reload|force-reload} 2 echo Usage: $N {start|stop|restart|force-reload} 2 exit 1 ;; esac exit 0 # Default settings for the openafs bosserver # This file is sourced by /etc/init.d/openafs-fileserver # Uncomment this to get the bosserver log to syslog # Try 'bosserver -help' to get all available options. #DAEMON_ARGS='-syslog'
Bug#382458: libldap2 expect ldapi-socket on wrong place
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: libldap2 Version: 2.1.30-13+b1 I try this in the actual testing version of debian (etch). I think on sarge the problem don't exists. Heimdal-kdc can use ldap-backend over local socket (ldapi:///). Heimdal uses the libldap2, where the socket is expectet in /var/run/ldapi. But the actual version of slapd in etch (2.3.24-2) places the socket in /var/run/slapd/ldapi. This is why the place is changed in this version of slapd and the both packages where build from different version of the openldap source: $ apt-src install slapd Hole:1 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (dsc) [1193B] Hole:2 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (tar) [3756kB] Hole:3 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (diff) [132kB] $ apt-src install libldap2 Hole:1 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (dsc) [972B] Hole:2 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (tar) [2045kB] Hole:3 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (diff) [456kB] Best regards Thomas Sesselmann - -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut fuer Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg E-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3C6FEQVslJOS5UsRAs5ZAJ4mFQcAdaVV4Hw8E2eZwONEzhHV0QCgt/z4 WJzkn2dGi1N3c0QC3Pd6IK8= =mU6B -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]