Re: [389-devel] Please review: make sure the DBVERSION file ends in a newline
ack. Thanks, Rich!! --noriko Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: Introducing an environment variable USE_VALGRIND to clean up the entry cache and dn cache on exit.
Description: If any string is set to an environment variable USE_VALGRIND,
when running a memory leak checking tool (e.g., valgrind),
it reduces the noise generated by the entry cache and dn cache.
Sample valgrind outputs from the same operations.
1. with USE_VALGRIND
==16525== LEAK SUMMARY:
==16525== definitely lost: 5,102 bytes in 155 blocks
==16525== indirectly lost: 24,655 bytes in 950 blocks
==16525== possibly lost: *13,294* bytes in 433 blocks
==16525== still reachable: 2,209,801 bytes in 17,937 blocks
==16525== suppressed: 0 bytes in 0 blocks
==16525== Reachable blocks (those to which a pointer was found) are not
shown.
==16525== To see them, rerun with: --leak-check=full --show-reachable=yes
2. no USE_VALGRIND
==25738== LEAK SUMMARY:
==25738== definitely lost: 5,102 bytes in 155 blocks
==25738== indirectly lost: 24,655 bytes in 950 blocks
==25738== possibly lost: *23,862,444* bytes in 863,885 blocks
==25738== still reachable: 3,093,988 bytes in 41,603 blocks
==25738== suppressed: 0 bytes in 0 blocks
==25738== Reachable blocks (those to which a pointer was found) are not
shown.
==25738== To see them, rerun with: --leak-check=full --show-reachable=yes
Thanks,
--noriko
From 40ac246939d8e7bf8138c85ea00f30beece094d5 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi nho...@jiji.usersys.redhat.com
Date: Wed, 31 Aug 2011 11:09:42 -0700
Subject: [PATCH] Introducing an environment variable USE_VALGRIND to clean up
the entry cache and dn cache on exit.
---
ldap/servers/slapd/back-ldbm/dblayer.c | 23 +--
1 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c
b/ldap/servers/slapd/back-ldbm/dblayer.c
index b3931a4..b158311 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -2589,16 +2589,19 @@ int dblayer_instance_close(backend *be)
if (NULL == inst)
return -1;
-#if defined(_USE_VALGRIND)
-/* When running a memory leak checking tool (e.g., valgrind),
- it reduces the noise by enabling this code. */
-LDAPDebug1Arg(LDAP_DEBUG_ANY, %s: Cleaning up entry cache\n,
- inst-inst_name);
-cache_clear(inst-inst_cache, CACHE_TYPE_ENTRY);
-LDAPDebug1Arg(LDAP_DEBUG_ANY, %s: Cleaning up dn cache\n,
- inst-inst_name);
-cache_clear(inst-inst_dncache, CACHE_TYPE_DN);
-#endif
+if (getenv(USE_VALGRIND)) {
+/*
+ * if any string is set to an environment variable USE_VALGRIND,
+ * when running a memory leak checking tool (e.g., valgrind),
+ * it reduces the noise by enabling this code.
+ */
+LDAPDebug1Arg(LDAP_DEBUG_ANY, %s: Cleaning up entry cache\n,
+ inst-inst_name);
+cache_clear(inst-inst_cache, CACHE_TYPE_ENTRY);
+LDAPDebug1Arg(LDAP_DEBUG_ANY, %s: Cleaning up dn cache\n,
+ inst-inst_name);
+cache_clear(inst-inst_dncache, CACHE_TYPE_DN);
+}
if (attrcrypt_cleanup_private(inst)) {
LDAPDebug(LDAP_DEBUG_ANY,
--
1.7.4.4
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: Make all backend operations transaction aware
Rich Megginson wrote: http://rmeggins.fedorapeople.org/patches/0001-Make-all-backend-operations-transaction-aware.patch ack. --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: convert memberof to use transactions
Rich Megginson wrote: There are 3 patches. 0001 fixes a problem with betxn and modrdn to make the ENTRY_POST_OP available to betxnpostop plugins. 0002 allows us to pass the plugin config entry to plugin_init functions (yay! finally!). 0003 is the actual change to memberof. ack. ack. ack. So, once betxn is set to the memberof plugin type, memberof mod operations are included in the same transaction? -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: Fix Coverity Defects
https://bugzilla.redhat.com/show_bug.cgi?id=750622 https://bugzilla.redhat.com/attachment.cgi?id=531391action=diff https://bugzilla.redhat.com/attachment.cgi?id=531391action=edit https://bugzilla.redhat.com/show_bug.cgi?id=750624 https://bugzilla.redhat.com/attachment.cgi?id=531390action=diff https://bugzilla.redhat.com/attachment.cgi?id=531390action=edit https://bugzilla.redhat.com/show_bug.cgi?id=750625 Attachments (Terms of Use) https://bugzilla.redhat.com/page.cgi?id=terms-conditions.html *Fix Coverity (11066) Unused pointer value; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531392 (1.04 KB, patch) 2011-11-02 13:05 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531392, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531392action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531392action=diff *Fix Coverity (11065) Uninitialized pointer read; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531393 (1.13 KB, patch) 2011-11-02 13:06 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531393, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531393action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531393action=diff *Fix Coverity (11064) Dereference before null check; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531394 (1.16 KB, patch) 2011-11-02 13:09 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531394, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531394action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531394action=diff *Fix Coverity (11061) Resource leak; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531395 (2.15 KB, patch) 2011-11-02 13:10 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531395, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531395action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531395action=diff *Fix Coverity (11060) Dereference null return value; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531396 (2.02 KB, patch) 2011-11-02 13:11 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531396, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531396action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531396action=diff *Fix Coverity (11058, 11059) Dereference null return value; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531397 (3.89 KB, patch) 2011-11-02 13:12 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531397, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531397action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531397action=diff *Fix Coverity (11057) Dereference null return value; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531398 (1.37 KB, patch) 2011-11-02 13:13 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531398, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531398action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531398action=diff *Fix Coverity (11055) Explicit null dereferenced; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531399 (1.45 KB, patch) 2011-11-02 13:14 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531399, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531399action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531399action=diff *Fix Coverity (11054) Dereference after null check; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531400 (2.92 KB, patch) 2011-11-02 13:15 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531400, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531400action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531400action=diff *Fix Coverity (7) Uninitialized pointer read; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531401 (1.96 KB, patch) 2011-11-02 13:17 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531401, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531401action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531401action=diff *Fix Coverity (6) Uninitialized
[389-devel] Please review: [Bug 750625] Fix Coverity minor defects
Additional coverity fixes... https://bugzilla.redhat.com/show_bug.cgi?id=750625 *Fix Coverity (11055-2) Explicit null dereferenced; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531631 (1.41 KB, patch) 2011-11-03 14:40 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531631, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531631action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531631action=diff *Fix Coverity (11062) Resource leak; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531632 (4.37 KB, patch) 2011-11-03 14:41 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531632, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531632action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531632action=diff *Fix Coverity (11066-2) Unused pointer value; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531634 (1.09 KB, patch) 2011-11-03 14:43 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531634, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531634action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531634action=diff *Fix Coverity (12195) Dereference after null check; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531635 (1.11 KB, patch) 2011-11-03 14:47 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531635, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531635action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531635action=diff *Fix Coverity (12196) Dereference before null check; git patch file (master)* https://bugzilla.redhat.com/attachment.cgi?id=531636 (5.64 KB, patch) 2011-11-03 14:48 EDT https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531636, Noriko Hosoi mailto:nho...@redhat.com nhosoi: review? Details https://bugzilla.redhat.com/attachment.cgi?id=531636action=edit | Diff https://bugzilla.redhat.com/attachment.cgi?id=531636action=diff Thanks! --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 619595] Upgrading sub suffix under non-normalized suffix disappears
https://bugzilla.redhat.com/show_bug.cgi?id=619595 https://bugzilla.redhat.com/attachment.cgi?id=435442action=diff https://bugzilla.redhat.com/attachment.cgi?id=435442action=edit Fix Description: The cause of this problem is the config attribute nsslapd-parent-suffix was not defined as an attribute of DN syntax. Because of the missing definition, the value is not the target of the DN normalization and the match fails after upgraded. Adding the attribute to the schema solves this problem. Plus upgradedb does backup the DB before upgrade, and if it fails it restores from the backed up DB. Use dblayer_restore instead of copying DB files one by one. smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 616608] SIGBUS in RDN index reads on platforms with strict alignments
https://bugzilla.redhat.com/show_bug.cgi?id=616608 https://bugzilla.redhat.com/attachment.cgi?id=434877action=diff https://bugzilla.redhat.com/attachment.cgi?id=434877action=edit Fix description: Use the marshall/unmarshall technique for the entryrdn index data. Introduced sizeushort_internal_to_stored/sizeushort_stored_to_internal for the size data to store in 2 bytes. Entryrdn related functions in the dbscan utility are also modified to support marshalled data. Reviewed by ulf.welt...@hp.com and fixed bugs found by him. Updated the design doc: http://directory.fedoraproject.org/wiki/Subtree_Rename#Entryrdn_index smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 194531] db2bak is too noisy
https://bugzilla.redhat.com/show_bug.cgi?id=194531 https://bugzilla.redhat.com/attachment.cgi?id=436980action=diff https://bugzilla.redhat.com/attachment.cgi?id=436980action=edit Description: Added -v option to db2bak and bak2db and moved the Backing up/ Restoring logs to the verbose mode output. To implement the backend verbose mode, log level SLAPI_LOG_BACKLDBM has been introduced. Usage: db2bak [archivedir] [-v] Usage: bak2db archivedir [-n backendname] [-v] Files: ldap/admin/src/scripts/template-bak2db.in ldap/admin/src/scripts/template-db2bak.in ldap/include/ldaplog.h ldap/servers/slapd/back-ldbm/archive.c ldap/servers/slapd/back-ldbm/dblayer.c ldap/servers/slapd/log.c ldap/servers/slapd/main.c ldap/servers/slapd/slapi-plugin.h Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 621928] Unable to enable replica (rdn problem?) on 1.2.6 rc6
https://bugzilla.redhat.com/show_bug.cgi?id=621928 https://bugzilla.redhat.com/attachment.cgi?id=437670action=diff https://bugzilla.redhat.com/attachment.cgi?id=437670action=edit Description: RUV (nsuniqueid=---,suffix) needs to be allowed to add to the DB beforesuffix is added. To allow it, entryrdn prepares the rdn exception list (rdn_exceptions). If the to-be-added entry (in this case RUV; and currently only RUV is in the list) is in the list,suffix is added to the entryrdn index with the temporary entry ID 0 (note: not to the primary db file id2entry.db#). When the suffix is indeed added to the DB, the temporary ID 0 is replaced with the given real ID. Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 622628] fix coverity Defect Type: Integer handling issues
https://bugzilla.redhat.com/show_bug.cgi?id=622628 https://bugzilla.redhat.com/attachment.cgi?id=437950action=diff https://bugzilla.redhat.com/attachment.cgi?id=437950action=edit https://bugzilla.redhat.com/attachment.cgi?id=437952action=diff https://bugzilla.redhat.com/attachment.cgi?id=437952action=edit https://bugzilla.redhat.com/attachment.cgi?id=437960action=diff https://bugzilla.redhat.com/attachment.cgi?id=437960action=edit Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 622903] fix coverity Defect Type: Code maintainability issues
https://bugzilla.redhat.com/show_bug.cgi?id=622903 https://bugzilla.redhat.com/attachment.cgi?id=437967action=diff https://bugzilla.redhat.com/attachment.cgi?id=437967action=edit https://bugzilla.redhat.com/attachment.cgi?id=437971action=diff https://bugzilla.redhat.com/attachment.cgi?id=437971action=edit https://bugzilla.redhat.com/attachment.cgi?id=437988action=diff https://bugzilla.redhat.com/attachment.cgi?id=437988action=edit https://bugzilla.redhat.com/attachment.cgi?id=437992action=diff https://bugzilla.redhat.com/attachment.cgi?id=437992action=edit https://bugzilla.redhat.com/attachment.cgi?id=437996action=diff https://bugzilla.redhat.com/attachment.cgi?id=437996action=edit https://bugzilla.redhat.com/attachment.cgi?id=438002action=diff https://bugzilla.redhat.com/attachment.cgi?id=438002action=edit https://bugzilla.redhat.com/attachment.cgi?id=438016action=diff https://bugzilla.redhat.com/attachment.cgi?id=438016action=edit https://bugzilla.redhat.com/attachment.cgi?id=438018action=diff https://bugzilla.redhat.com/attachment.cgi?id=438018action=edit https://bugzilla.redhat.com/attachment.cgi?id=438021action=diff https://bugzilla.redhat.com/attachment.cgi?id=438021action=edit https://bugzilla.redhat.com/attachment.cgi?id=438029action=diff https://bugzilla.redhat.com/attachment.cgi?id=438029action=edit https://bugzilla.redhat.com/attachment.cgi?id=438031action=diff https://bugzilla.redhat.com/attachment.cgi?id=438031action=edit https://bugzilla.redhat.com/attachment.cgi?id=438034action=diff https://bugzilla.redhat.com/attachment.cgi?id=438034action=edit https://bugzilla.redhat.com/attachment.cgi?id=438042action=diff https://bugzilla.redhat.com/attachment.cgi?id=438042action=edit https://bugzilla.redhat.com/attachment.cgi?id=438237action=diff https://bugzilla.redhat.com/attachment.cgi?id=438237action=edit https://bugzilla.redhat.com/attachment.cgi?id=438247action=diff https://bugzilla.redhat.com/attachment.cgi?id=438247action=edit Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 629710] escape_string does not check '\HEXHEX'
https://bugzilla.redhat.com/show_bug.cgi?id=629710 https://bugzilla.redhat.com/attachment.cgi?id=442728action=diff https://bugzilla.redhat.com/attachment.cgi?id=442728action=edit Description: do_escape_string (core of escape_string) converts '\\ (backslash)' to '\5C' even if the following 2 characters are hex digits. That is, the character is already escaped. This patch checks the case and if it is, it does not escape it further. File: ldap/servers/slapd/util.c Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 625014] SubTree Renames: ModRDN operation fails and the server hangs if the entry is moved to under the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014 https://bugzilla.redhat.com/attachment.cgi?id=447045action=diff https://bugzilla.redhat.com/attachment.cgi?id=447045action=edit Description: adding a check if the newsuperior is the entry itself or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM. Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: Only check modrdn ops for backend/suffix correctness if not the default backend
On 09/13/2010 03:42 PM, Rich Megginson wrote: This fix allows the datainterop tests to pass at 100% ack. --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] 1.2.6-1 crash
On 09/29/2010 12:49 PM, Rich Megginson wrote: Gary Morris wrote: ah.. sorry.. ok.. just retried with 1.2.6.1-1.. / [r...@dalp-ct02 logs]# rpm -qa | grep 389 389-dsgw-1.1.5-1.fc13.x86_64 389-admin-console-1.1.5-1.fc13.noarch 389-admin-1.1.11-1.fc13.x86_64 389-ds-base-1.2.6.1-1.fc13.x86_64 389-ds-console-1.2.3-1.fc13.noarch 389-admin-console-doc-1.1.5-1.fc13.noarch 389-console-1.1.4-1.fc13.noarch 389-adminutil-1.1.9-1.fc13.x86_64 389-ds-console-doc-1.2.3-1.fc13.noarch 389-ds-1.2.1-1.fc13.noarch I got some gdb output. I tried 5 times and got 3 distinct functions.. the output in order is below: So 1.2.6.1 is still crashing :-( in gdb, do this: thread apply all bt and post the output here Before running the crash test, could you install 389-ds-base-debuginfo? Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f81897fb710 (LWP 5328)] 0x7f81adc5be28 in attrlist_delete () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f4012dea710 (LWP 6263)] 0x7f40432ca01c in attrlist_find_or_create_locking_optional () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fe3b03f9710 (LWP 6778)] 0x7fe3d6f3aea1 in valuearray_add_valuearray_fast () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f5c31bf5710 (LWP 7275)] 0x7f5c59549ea1 in valuearray_add_valuearray_fast () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ff0485e6710 (LWP 7556)] 0x7ff079a4e01c in attrlist_find_or_create_locking_optional () from /usr/lib64/dirsrv/libslapd.so.0 I'm happy to assist in any way I can to resolve. much thanks! -gary On Wed, Sep 29, 2010 at 10:14 AM, Rich Megginsonrmegg...@redhat.com mailto:rmegg...@redhat.com wrote: Gary Morris wrote: ok.. it pulled 389-ds-base-1.2.6-2.fc13.x86_64.. is that ok or do i need to be on 1.2.6-1? On 1.2.6-2 I'm having the same problem. As soon as I start an application that is ldap intensive, the directory server crashes real quick. No errors of any sort reported. No, it should be 1.2.6.1-1, not 1.2.6-1, not 1.2.6-2. Looks like 1.2.6.1-1 is not yet in the mirrors, so if you want to try it in the meantime, you'll have to install it directly from koji: http://koji.fedoraproject.org/koji/buildinfo?buildID=196612 On Tue, Sep 28, 2010 at 11:16 PM, Rich Megginson rmegg...@redhat.commailto:rmegg...@redhat.com mailto:rmegg...@redhat.commailto:rmegg...@redhat.com wrote: Gary Morris wrote: Hi guys.. i'm running 389-ds-base-1.2.6-1.fc13.x86_64 and the server is crashing repeatedly, mostly under load. There are about 390,000 ldap entries in the database. I tried installing on a couple of different servers (Fedora 13) with the same problem. The problem does not seem to be happening on 1.2.6-0.1. I would be happy to send you more details on what is causing the crash if I could figure out how to do that. When I put any load on the server, it crashes, and often crashes before it can even fully start. It does not seem to crash when I turn on the heavy debugging, but then again, performance is very slow on full debug. If anyone has some suggestions on what I can do to give more information, i'd be happy to. There were a couple of crashing bugs that have been fixed in 1.2.6.1-1 - now available in the Testing repos. Please try to install 389-ds-base-1.2.6.1-1 from the updates-testing repo and see if that fixes your problem. -gary -- 389-devel mailing list 389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-de...@lists.fedoraproject.org mailto:389-de...@lists.fedoraproject.org
Re: [389-devel] 1.2.6-1 crash
Could you do thread apply all bt, once you see this Segmentation fault message? Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fe4a23e9710 (LWP 9557)] 0x7fe4d1fc601c in attrlist_find_or_create_locking_optional () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) thread apply all bt On 09/29/2010 01:29 PM, Gary Morris wrote: sure.. i'll do that and rerun them.. On Wed, Sep 29, 2010 at 4:25 PM, Noriko Hosoi nho...@redhat.com mailto:nho...@redhat.com wrote: On 09/29/2010 12:49 PM, Rich Megginson wrote: Gary Morris wrote: ah.. sorry.. ok.. just retried with 1.2.6.1-1.. / [r...@dalp-ct02 logs]# rpm -qa | grep 389 389-dsgw-1.1.5-1.fc13.x86_64 389-admin-console-1.1.5-1.fc13.noarch 389-admin-1.1.11-1.fc13.x86_64 389-ds-base-1.2.6.1-1.fc13.x86_64 389-ds-console-1.2.3-1.fc13.noarch 389-admin-console-doc-1.1.5-1.fc13.noarch 389-console-1.1.4-1.fc13.noarch 389-adminutil-1.1.9-1.fc13.x86_64 389-ds-console-doc-1.2.3-1.fc13.noarch 389-ds-1.2.1-1.fc13.noarch I got some gdb output. I tried 5 times and got 3 distinct functions.. the output in order is below: So 1.2.6.1 is still crashing :-( in gdb, do this: thread apply all bt and post the output here Before running the crash test, could you install 389-ds-base-debuginfo? Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f81897fb710 (LWP 5328)] 0x7f81adc5be28 in attrlist_delete () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f4012dea710 (LWP 6263)] 0x7f40432ca01c in attrlist_find_or_create_locking_optional () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fe3b03f9710 (LWP 6778)] 0x7fe3d6f3aea1 in valuearray_add_valuearray_fast () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f5c31bf5710 (LWP 7275)] 0x7f5c59549ea1 in valuearray_add_valuearray_fast () from /usr/lib64/dirsrv/libslapd.so.0 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ff0485e6710 (LWP 7556)] 0x7ff079a4e01c in attrlist_find_or_create_locking_optional () from /usr/lib64/dirsrv/libslapd.so.0 I'm happy to assist in any way I can to resolve. much thanks! -gary On Wed, Sep 29, 2010 at 10:14 AM, Rich Megginsonrmegg...@redhat.com mailto:rmegg...@redhat.com mailto:rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: Gary Morris wrote: ok.. it pulled 389-ds-base-1.2.6-2.fc13.x86_64.. is that ok or do i need to be on 1.2.6-1? On 1.2.6-2 I'm having the same problem. As soon as I start an application that is ldap intensive, the directory server crashes real quick. No errors of any sort reported. No, it should be 1.2.6.1-1, not 1.2.6-1, not 1.2.6-2. Looks like 1.2.6.1-1 is not yet in the mirrors, so if you want to try it in the meantime, you'll have to install it directly from koji: http://koji.fedoraproject.org/koji/buildinfo?buildID=196612 On Tue, Sep 28, 2010 at 11:16 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.commailto:rmegg...@redhat.com mailto:rmegg...@redhat.com mailto:rmegg...@redhat.com mailto:rmegg...@redhat.commailto:rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: Gary Morris wrote: Hi guys.. i'm running 389-ds-base-1.2.6-1.fc13.x86_64 and the server is crashing repeatedly, mostly under load. There are about 390,000 ldap entries in the database. I tried installing on a couple of different servers (Fedora 13) with the same problem. The problem does not seem to be happening on 1.2.6-0.1. I would be happy to send you more details on what is causing the crash if I could figure out how to do that. When I put any load on the server, it crashes
[389-devel] Please review (take 2): [Bug 602456] Allow to add any cn=config attributes; allow to delete some cn=config attributes
https://bugzilla.redhat.com/show_bug.cgi?id=602456
https://bugzilla.redhat.com/attachment.cgi?id=453261action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453261action=edit
Thanks to Nathan for his review on the first proposal. I'm adding this
change following Rich's suggestion.
Following the suggestion by Rich, adding nsslapd-securelistenhost to the
default nsslapd-allowed-to-delete-attrs list.
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 6b58dde..a7cc1bc 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1013,6 +1013,8 @@ FrontendConfig_init () {
cfg-entryusn_global = LDAP_OFF;
slapi_ch_array_add((cfg-allowed_to_delete_attrs),
slapi_ch_strdup(nsslapd-listenhost));
+ slapi_ch_array_add((cfg-allowed_to_delete_attrs),
+ slapi_ch_strdup(nsslapd-securelistenhost));
#ifdef MEMPOOL_EXPERIMENTAL
cfg-mempool_switch = LDAP_ON;
Description:
1. Originally, configuration attributes are designed not to allow
adding or deleting, but to allow just replacing. Due to a defect
in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
Instead of fixing the add checking to disallow adding, this patch
logs the operation in the error log.
2. On the other hand, deleting configuration attributes is rejected
by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes
need to allow to delete. This patch introduces a config attribute
nsslapd-allowed-to-delete-attrs, which value is configuration
attributes separated by a space ' '. If an attribute is in the list,
the attribute is allowed to delete. The delete operation is also
logged in the error log.
By default, the list contains nsslapd-listenhost and
nsslapd-securelistenhost.
Files:
ldap/servers/slapd/configdse.c
ldap/servers/slapd/libglobs.c
ldap/servers/slapd/proto-slap.h
ldap/servers/slapd/slap.h
Thanks,
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 244229] targetattr not verified against schema when setting an aci
https://bugzilla.redhat.com/show_bug.cgi?id=244229 https://bugzilla.redhat.com/attachment.cgi?id=453598action=diff https://bugzilla.redhat.com/attachment.cgi?id=453598action=edi Description: 1. When acl contains targetattr keyword: (targetattr [!]= attribute_1 || attribute_2 ...|| attribute_n), where attribute_n does not contain '*', the current ACL plugin accepts any attribute_n value even if it is not defined in the schema. This patch rejects the aci if it contains attribute_n not defined in schema with this error message: NSACLPlugin - targetattr attribute_n does not exist in schema. Please add attributeTypes attribute_n to schema if necessary. 2. To implement 1, slapi APIs slapi_attr_syntax_exists and slapi_vattr_type_exists are added. 3. An attributeTypes connection is added to 01core389.ldif which is referred in an aci of cn=monitor. Files: ldap/schema/01core389.ldif ldap/servers/plugins/acl/aclparse.c ldap/servers/slapd/attrsyntax.c ldap/servers/slapd/slapi-plugin.h ldap/servers/slapd/vattr.c -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [Bug 244229] targetattr not verified against schema when setting an aci
https://bugzilla.redhat.com/show_bug.cgi?id=244229 https://bugzilla.redhat.com/attachment.cgi?id=453769action=diff https://bugzilla.redhat.com/attachment.cgi?id=453769action=edit Following the comments by Rich, revised the proposal so that: 1) the error message is sent to the client, as well. 2) removed the useless virtual attribute type name checking. Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 567282] server can not abandon searchRequest of simple paged results
https://bugzilla.redhat.com/show_bug.cgi?id=567282 https://bugzilla.redhat.com/attachment.cgi?id=457550action=edit https://bugzilla.redhat.com/attachment.cgi?id=457550action=diff Description: Simple Paged Results search keeps the connection per paging, but not an operation. When an abandon request is issued, the operation referred by the request has already finished. This patch introduces pagedresults_cleanup function to check whether the connection is for the simple paged results or not, and if it is, the simple paged results is cleaned up. If it is not, pagedresults_cleanup does nothing. The function is called from do_abandon as well as from connection_cleanup. Files: ldap/servers/slapd/abandon.c ldap/servers/slapd/connection.c ldap/servers/slapd/opshared.c ldap/servers/slapd/pagedresults.c ldap/servers/slapd/proto-slap.h Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [389 Project] #453: db2index with -tattrname:type, type fails
https://fedorahosted.org/389/ticket/453 https://fedorahosted.org/389/attachment/ticket/453/0001-Trac-Ticket-453-db2index-with-tattrname-type-type-fa.patch Fix Description: 1) db2index and db2index.pl did not handle options with no space between the option type and the value. This patch properly parses them. 2) db2index_add_indexed_attr now converts the comma delimited list of index types into multiple values for the nsIndexType attribute. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Resending...: Please review: [389 Project] #537: Improvement of range search
(2013/01/07 15:57), Noriko Hosoi wrote: https://fedorahosted.org/389/ticket/537 https://fedorahosted.org/389/attachment/ticket/537/0001-Ticket-537-Improvement-of-range-search.patch Fix description: The index range search function index_range _read_ext was written to call idl_fetch_ext to get an idlist belonging to one key. Then add it to the main idlist as long as the key satisfiles the range search filter condition. This patch introduces a new range search function idl_new_ range_fetch to the new idl code, which generates an idlist in one idl function that eliminates the redundancy such as generating idlist and cursor per key. This patch only implements the new idl version. If idl_new is not set, the existing code is executed. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 557224] subtree rename breaks the referential integrity plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=557224 Description of problem: Analysis by andrey.iva...@polytechnique.fr I'm pretty sure the referential integrity plug-in will not work for modrdn operations with a new superior. Looking more thoroughly through the code ( ldap / servers / plugins / referint / referint.c) confirms my suspicion that new rdn superior is not taken into account. The function referint_postop_modrdn extracts from the parameter block only SLAPI_MODRDN_TARGET and SLAPI_MODRDN_NEWRDN, it does not extract SLAPI_MODRDN_NEWSUPERIOR neither passes it further down the utility functions - update_integrity(argv, dn, newrdn, logChanges) and writeintegritylog(argv[1],dn, newrdn). The same applies to the delayed referint operations (the plug-in writes to the special integrity log file only the old DN and the new RDN, but never the new superior : writeintegritylog(argv[1],dn, newrdn);) Another thought on the subject of referential integrity plug-in - in the previous mail i have only mentioned one-entry renames with a new superior. The things get even worse when we rename a whole non-empty sub-tree. It means that the referential integrity plug-in should change to the new DNs all the references to all the entries of the whole sub-tree, not only for one entry. And what if we rename a sub-tree containing both the referenced entry and the entry referencing the first one's DN in one of its integrity attributes? It actually means that we need at first make the rename and then all the searches and replacements. Though it seems it's already the case as it's a post-op(?) plug-in... Fix Description: The referential integrity plugin has not supported the subtree rename (modrdn with newsuperior). This patch is adding the support. Created an attachment (id=386896) https://bugzilla.redhat.com/attachment.cgi?id=386896action=diff git patch for ldap/servers/plugins/referint/referint.c -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (revised): [Bug 560827] Admin Server templates: DistinguishName validation fails
Thanks to Rich and Nathan for their comments and even debugging my code
:). I revised the proposal based upon their suggestions.
Summary: Admin Server templates: DistinguishName validation fails
https://bugzilla.redhat.com/show_bug.cgi?id=560827
Description of problem:
Some template file contains double quotes in the DN string, which
are not escaped.
Sample broken entry in 01nsroot.ldif.tmpl
dn: ou=uid=%as_uid%, ou=Administrators, ou=TopologyManagement,
o=NetscapeRoot,ou=UserPreferences, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl UserDNControl; allow (all)
userdnattr=creatorsname;)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot
Related bug:
https://bugzilla.redhat.com/show_bug.cgi?id=77
77 - Syntax validation fails for ou=NetscapeRoot tree
[Proposed fix (ldapserver)]
-- (https://bugzilla.redhat.com/attachment.cgi?id=388648)
git patch file (ldapserver)
Description: adding a perl subroutine dnEscape to escape special
characters and eliminate spaces around ',', which is to make
the given dn compliant with RFC4514.
[Proposed fix (adminserver)]
-- (https://bugzilla.redhat.com/attachment.cgi?id=388650)
git patch file (adminserver)
Description:
admserv/newinst/src/dirserver.map.in
/register_param.map.in
--- added escapedrootdn key, which is an escaped rootdn compliant
with RFC4514
admserv/schema/ldif/*.tmpl
--- removed unescaped '' from dn strings, which violates RFC4514.
escaped special characters ('=' and ',') which used to be a
value surrounded in the double quotes ''.
removed spaces around ','
smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 527848] make sure db upgrade to 4.7 and later works correctly
https://bugzilla.redhat.com/show_bug.cgi?id=527848 Subject: make sure db upgrade to 4.7 and later works correctly Proposed Fix: https://bugzilla.redhat.com/attachment.cgi?id=395003action=diff Change Description: https://bugzilla.redhat.com/attachment.cgi?id=395003action=edit Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [Bug 570667] MMR: simultaneous total updates on the masters cause deadlock and data loss
Subject: MMR: simultaneous total updates on the masters cause deadlock and data loss https://bugzilla.redhat.com/show_bug.cgi?id=570667 [Revised proposal] -- (https://bugzilla.redhat.com/attachment.cgi?id=398089) git patch file I revised the previous patch to allow sending simultaneous total updates against other replicas. I think it's no need to disallow it. Thank you! --noriko Description: In the MMR topology, if a master receives a total update request to initialize the other master and being initialized by the other master at the same time, the 2 replication threads hang and the replicated backend instance could be wiped out. To prevent the server running the total update supplier and the consumer at the same time, REPLICA_TOTAL_EXCLUSIVE bit has been introduced and set to the replica state flag by the either operation. Once the bit is detected, the other operation fails with the error. Files: ldap/servers/plugins/replication/repl5.h ldap/servers/plugins/replication/repl5_protocol.c ldap/servers/plugins/replication/repl_extop.c [Fix proposal] -- (https://bugzilla.redhat.com/attachment.cgi?id=397962) git patch file -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: cleanup build warnings
On 03/05/2010 02:56 PM, Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 199923] subtree search fails to find items under a db containing special characters
Subject: subtree search fails to find items under a db containing
special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
This bug had been reopened due to the regression.
[Proposed Fix]
https://bugzilla.redhat.com/attachment.cgi?id=398612action=diff
https://bugzilla.redhat.com/attachment.cgi?id=398612action=edit
Files:
ldap/servers/plugins/syntaxes/validate.c
ldap/servers/slapd/dn.c
Problem Description:
A simple failed case observed before applying the patch:
$ /usr/lib64/mozldap/ldapmodify -p 10389 -D 'cn=directory manager' -w pw EOF
dn: ou=\#\,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: \#\
EOF
ldap_add: Invalid DN syntax
ldap_add: additional info: DN value invalid per syntax
Fix Description:
dn.c: Based upon RFC 4514, '#', '+', ';', '','', and '=' need to be escaped
in addition to '\\' and '' if it appears in the DN string.
validate.c: Using the above example, if an escaped character (\) followed by
an escaped character (\#), the pointer was moved twice skipping '\' before ''
and it makes the validation fail.
==
Breakpoint 2, rdn_validate (
begin=0x7fd090001ed0 ou=\\#\\,dc=example,dc=com,
end=0x7fd090001ee8 m, last=0x7fd0a9bedac0)
at ldap/servers/plugins/syntaxes/validate.c:430
430int rc = 0; /* Assume RDN is valid */
(gdb) p p
$35 = 0x7fd090001ed3 \\#\\,dc=example,dc=com
(gdb) p end
$36 = 0x7fd090001ee8 m
(gdb) p *p
$37 = 92 '\\'
(gdb) n
472if (numericform) {
(gdb) n
498if (IS_UTF1(*p) !IS_ESC(*p) !IS_LUTF1(*p)) {
(gdb) n
507if (numericform) {
(gdb) n
517if (IS_UTF1(*p)) {
(gdb) n
520if ((p == end) !IS_TUTF1(*p)) {
(gdb) n
524} else if (IS_ESC(*p)) {
(gdb) n
528p++;== *p is '#'
(gdb) n
529if (!IS_ESC(*p) !IS_SPECIAL(*p)) {
(gdb) n
538p++;== move the pointer to the next char '\\'
(gdb) p *p
$40 = 92 '\\'
(gdb) n
545p++;== another move to '', which needs to be escaped
(gdb) n
517if (IS_UTF1(*p)) {
(gdb) n
520if ((p == end) !IS_TUTF1(*p)) {
(gdb) n
524} else if (IS_ESC(*p)) {
(gdb) n
540} else if (!IS_SUTF1(*p)) {
(gdb) n
541rc = 1;== failed.
smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: Add support for additional schema/matching rules included with 389
(2010?03?08? 19:54), Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [Bug 199923] subtree search fails to find items under a db containing special characters
Subject: subtree search fails to find items under a db containing special characters https://bugzilla.redhat.com/show_bug.cgi?id=199923 Files: ldap/servers/plugins/syntaxes/validate.c ldap/servers/slapd/back-ldbm/ldbm_add.c ldap/servers/slapd/dn.c Fix Description: dn.c: Based upon RFC 4514, the following characters in the RDN values need to be escaped: '+', ';', '','', and '=' for the intermediate characters '+', ';', '','', '=', '#' and ' ' for leading characters '+', ';', '','', '=', and ' ' for trailing characters validate.c: If an escaped character followed by another escaped character, e.g., \#\, the pointer was moved twice skipping '\' before '' and it makes the validation fail. ldbm_add.c: a local variable addr was not initialized. Thanks to Nathan for his review. I revised dn.c based upon his review comments. Proposed Fix: https://bugzilla.redhat.com/attachment.cgi?id=399189action=diff https://bugzilla.redhat.com/attachment.cgi?id=399189action=edit smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] DN normalisation design document
On 03/17/2010 01:13 PM, Andrey Ivanov wrote: In order to support Old DN format including DN in the double quotes another cn=config switch may be necessary. It seems there was recently a new switch introduced to make the dn syntax validation a little more relaxed - nsslapd-dn-validate-strict. Maybe this one could be used to allow for DNs with double-quoted values? Actually, the way how we are going to handle the old style 'dn: type=nested dn,the rest' is converting the old style to a new style in the normalization when the server receives DNs from clients and the converted new style DN is used in the rest of the process. The nsslapd-dn-validate-strict value is examined in the DN syntax validation code for now. Unless we change it, the DN syntax validation code always receives the new DN style. Ok. What i wanted to say is that we should avoid any new config parameters in cn=config. The way you propose to handle the problem is the best one - it is completely transparent to the user, the server back-end sees only the normalised DNs so it does not complain and no additional configuration parameters are necessary. That being said, are you suggesting if nsslapd-dn-validate-strict is on, we should not convert an old style DN to a new style? That'd be really strict. I'm leaning toward to the other side accepting the both old and new style with no restriction. Do you see any disadvantages in allowing the old style? No, absolutely not, i agree completely with your reasoning. The code should be strict but not completely rigid :) Taking care of the legacy presentation in a transparent manner is the ideal solution. Thanks so much for the confirmation, Andrey. I'm working on the issue based on the design... --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please Review: Fix parsing of start-slapd scripts
On 04/01/2010 11:18 AM, Nathan Kinder wrote: On 03/31/2010 10:04 PM, Nathan Kinder wrote: On 03/31/2010 09:52 PM, Endi Sukma Dewata wrote: - Nathan Kindernkin...@redhat.com wrote: The admin server CGIs parse the start-slapd scripts to determine the DS instance names. A recent format change to start-slapd caused this parsing to break. These patches make the instance name easier to parse from the script. One patch is for DS itself and one is for the Admin Server. ack - much better Thanks, but I need to nak my own patch since it's imcomplete. This isn't going to work well when upgrading an instance. We don't regenerate the start-slapd script when running 'setup-ds.pl -u'. This means that an upgraded instance will not work properly with any of the admin server CGIs that need to parse the instance name from start-slapd. This issue is already a problem not related to this patch, but it seems we should fix it along with this issue. I suppose the right thing to do is to make 'setup-ds.pl -u' generate a new start-slapd script for the existing instances as well as a new instance specific initconfig script if one doesn't exist. I think we need to avoid wiping out an existing instance specific sysconfig script since it may have been modified by an admin to add other stuff to it (like KRB5_KTNAME for Kerberos). Do you see any problems with this approach? I've attached a new set of patches that implements the solution outlined above. ack. --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #605: support TLS 1.1 - adding backward compatibility
https://fedorahosted.org/389/ticket/605 https://fedorahosted.org/389/attachment/ticket/605/0001-Ticket-605-support-TLS-1.1-adding-backward-compatibi.patch Description: commit 88d4beccb9d9f7bb89f5e24c47828d7516ba7ca8 always expected the NSS version supporting TLS 1.2. It broke the build on the system having the NSS version that only supports TLS 1.1 (and older). This patch checks the NSS version and switches the supported TLS in ssl.c based upon the version info. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 651571] When attrcrypt is on, entrydn is stored in the backend db
https://bugzilla.redhat.com/show_bug.cgi?id=651571 https://bugzilla.redhat.com/attachment.cgi?id=459236action=diff https://bugzilla.redhat.com/attachment.cgi?id=459236action=edit Description: If an entry contains a to-be-encrypted attribute, id2entry_add_ext handles a copy of the entry in which the attribute is encrypted, then the copy is being stored in the backend db. On the other hand, an entrydn attribute is supposed to remove from the entry before storing the entry in the db. There was a bug there: the removal was done on the original entry, but not on the encrypted copy. This patch correctly removes the entrydn attribute from the encrypted entry to be stored in the db. Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 182507] clear-password mod from replica is discarded before changelogged
https://bugzilla.redhat.com/show_bug.cgi?id=182507 https://bugzilla.redhat.com/attachment.cgi?id=467113action=diff https://bugzilla.redhat.com/attachment.cgi?id=467113action=edit Description: Replication drops unhashed passwords which is necessary for the AD password sync. This patch allows the passwords replicated and introduces a method to encrypt logs in the changelog. See also http://directory.fedoraproject.org/wiki/Changelog_Encryption Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: [Bug 182507] clear-password mod from replica is discarded before changelogged
Hi Andrey, Andrey Ivanov wrote: Hi Noriko, i've read the changelog encryption design document. Indeed, it's a sound idea to make AD-389 replication more robust. I have two questions about it: * if i understand correctly you say that the server needs a certificate in order to generate the symmetric key. Is this key generated only once? That is correct. If a wrapped symmetric key is not found in cn=changelog5,cn=config, the key is generated. I mean, if we change the expired server certificate it won't trigger the symmetric key regeneration? That's tricky. If your changelog DB contains 2 sets of encrypted value -- one is encrypted with the expired cert, the other with the new cert, it'd be hard to recover old ones. Automation makes it happen easier... * The replication changelog that contains the mixed entries (cleartext, encrypted 3DES, encrypted AES etc) - is it still readable by the server? I don't think so. We should avoid it, too. Does each changelog entry contain a flag that describes whether the entry is cleartext/AES/3DES? Can the server detect in any other way whether the changelog entry is encrypted and if yes with what type of cypher? The answer is no. Each value has no info about the type -- cleartext/AES/3DES. Thanks for the questions, Andrey! --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 616850] ldapmodify failed to reject the replace operation if its targeted for an Unknown attribute
https://bugzilla.redhat.com/show_bug.cgi?id=616850 https://bugzilla.redhat.com/attachment.cgi?id=474335action=diff https://bugzilla.redhat.com/attachment.cgi?id=474335action=edit Description: Attempting to modify an unknown attribute in the config entry fails with LDAP_UNWILLING_TO_PERFORM, while starting up just ignores unknown attributes and the server successfully starts. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (admin server): [Bug 616260] libds-admin-serv linking fails due to unresolved link-time dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=616260 https://bugzilla.redhat.com/attachment.cgi?id=476923action=diff https://bugzilla.redhat.com/attachment.cgi?id=476923action=edit Description: 1) Do not use nodist_property_DATA for ICU resource files, but use BUILT_SOURCES to keep them just in the built source area and directly copy them to the install location using the script defined in install-data-hook. 2) Added macros ADMINUTIL_LINK, NSPR_LINK, NSS_LINK, SASL_LINK and ICU_LINK, and let DEFAULT_LIBS_NOCGI and libds_admin_ serv_la_LIBADD use them. ADMINUTIL_LINK now contains adminutil, NSS, NSPR, SASL, LDAPSDK/OPENLDAP, ICU in the library search path. Note: the patch is big, but only Makefile.am needs to be reviewed. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 675265] preventryusn gets added to entries on a failed delete
https://bugzilla.redhat.com/show_bug.cgi?id=675265 https://bugzilla.redhat.com/attachment.cgi?id=477486action=diff https://bugzilla.redhat.com/attachment.cgi?id=477486action=edit Description: When an entry is deleted with Entry USN plugin enabled, an operational attribute preventryusn is added to handle indexes and entryusn tombstone. The attribute must have been added only when the delete was successful, but it was added regardless of the result from the operation. This patch checks the delete result in the newly added entryusn delete bepost plugin (usn_bepostop_delete). If it is not successful, the bepost plugin cleans up the attribute. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 3) Admin Server: [Bug 245278] Changing to a password with a single quote does not work
https://bugzilla.redhat.com/show_bug.cgi?id=245278 https://bugzilla.redhat.com/attachment.cgi?id=478422action=diff https://bugzilla.redhat.com/attachment.cgi?id=478422action=edit Thanks to Rich for his comments. Instead of doing the in-place escape, changed to duplicate the given password and work on the copy. Description: When the Admin User password is changed on the Admin Console, the console escapes the password then sends it to the Admin Server. This patch adds the apache API ap_unescape_url to mod_admserv to unescape the password before handling it. Since ap_unescape_url does the unescape in place, it duplicates the given password and escapes on the duplicated memory. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 668909] Can't modify replication agreement in some cases
https://bugzilla.redhat.com/show_bug.cgi?id=668909 https://bugzilla.redhat.com/attachment.cgi?id=483808action=diff https://bugzilla.redhat.com/attachment.cgi?id=483808action=edit Description: Code to modify nsds5ReplicaPort in replication agreement was not implemented. This patch adds it. When an agreement change is detected in conn_connect, it resets the values needed to make a connection including the port number. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 684996] Exported tombstone cannot be imported correctly.
https://bugzilla.redhat.com/show_bug.cgi?id=684996 https://bugzilla.redhat.com/attachment.cgi?id=486083action=diff https://bugzilla.redhat.com/attachment.cgi?id=486083action=edit Description: When nsslapd-subtree-rename-switch is on, a tombstone entry has a special RDN which looks like this: nsuniqueid=042d8081-...-ca8fe9f7,original_leaf_rdn This special format was not treated properly. This patch adds the code to handle the special tombstone RDN, where an internal entry has the above RDN and points the correct parent entry. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 689866] ns-newpwpolicy.pl needs to use the new DN format
https://bugzilla.redhat.com/show_bug.cgi?id=689866 https://bugzilla.redhat.com/attachment.cgi?id=486852action=diff https://bugzilla.redhat.com/attachment.cgi?id=486852action=diff https://bugzilla.redhat.com/attachment.cgi?id=486852action=edit https://bugzilla.redhat.com/attachment.cgi?id=486852action=edit Description: template-ns-newpwpolicy.pl.in hasn't been modified to adjust to the new DN format. It escapes only ',' in the nested DN, in which '=' also needs to be escaped. This patch fixed it. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: add skin support to admin server
On 06/16/2011 11:28 AM, Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel Looks good to me. ACK. --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 719069] clean up compiler warnings in 389-ds-base 1.2.9
https://bugzilla.redhat.com/show_bug.cgi?id=719069 https://bugzilla.redhat.com/attachment.cgi?id=511349action=diff https://bugzilla.redhat.com/attachment.cgi?id=511349action=edit Thanks, --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #19: Convert entryUSN plugin to transaction aware type
https://fedorahosted.org/389/ticket/19 https://fedorahosted.org/389/attachment/ticket/19/0001-Trac-Ticket-19-Convert-entryUSN-plugin-to-transactio.patch Fix description: * Separated usn_bepreop operations from usn_betxnpreop operations. usn_bepreop_modify and _modrdn add entryusn: # to the mods, which should be handled before the transaction starts. * Introduced SLAPI_PLUGIN_BE_TXN_PRE_DELETE_TOMBSTONE_FN plugin hook to modify the tombstone entry at the betxn timing. * Eliminated preventryusn (SLAPI_ATTR_ENTRYUSN_PREV). It was used to undo the incremented entryusn when the deletion fails. Since the operation is now executed in the transaction and it is aborted if the operation fails, the explicit undo is not needed in the usn postop. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2'): [389 Project] #359: Database RUV could mismatch the one in changelog under the stress
https://fedorahosted.org/389/ticket/359 Please review these 2 patches: https://fedorahosted.org/389/attachment/ticket/359/0001-Trac-Ticket-359-Database-RUV-could-mismatch-the-one.2.patch (389-ds-base-1.2.10) https://fedorahosted.org/389/attachment/ticket/359/0001-Trac-Ticket-359-Database-RUV-could-mismatch-the-one.3.patch (master) -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: coverity - mbo dead code - winsync leaks, deadcode, null check, test code
Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [389 Project] #351: use betxn plugins by default
https://fedorahosted.org/389/ticket/351 https://fedorahosted.org/389/attachment/ticket/351/0001-Trac-Ticket-351-use-betxn-plugins-by-default.2.patch Fix description: In addition to the fixes following the Rich's suggestions (comment 11), the take 2 patch contains ... . to register cos_post_op are POSTOP only to avoid the deadlock between the transaction and cos change_lock. . to move transaction begin before finding an backend entry in ldbm_back_add/delete/modify/modrdn to avoid the deadlock between the serial lock and the individual entry cache lock. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #18: Data inconsitency during replication
https://fedorahosted.org/389/ticket/18 https://fedorahosted.org/389/attachment/ticket/18/0001-Trac-Ticket-18-Data-inconsitency-during-replication.patch Bug description: If promote a hub server to a new master and assign the same replica ID as the original master server had, some new adds/modifies to the new server may dropped and not be replicated to the consumers. Fix description: If a hub is promoted to a master, consumer's RUV is updated. It only updated the master's URL, but not the CSN and min CSN. This patch resets the CSNs if the URL needs to be updated. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: Remove redundant code - make a global into a static
Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #139: RFE: eliminate the use of char *dn in favor of Slapi_DN *dn
https://fedorahosted.org/389/ticket/139
https://fedorahosted.org/389/attachment/ticket/139/0001-Trac-Ticket-139-eliminate-the-use-of-char-dn-in-favo.patch
Fix description: The oritinal RFE had been already implemented in
the commit f6397113666f06848412bb12f754f04258cfa5fa:
Reduce the number of DN normalization
In this patch, the Slapi_DN creation (slapi_sdn_{new,set,init}_dn_*)
are replaced with corresponding _normdn_ or _ndn_ APIs which takes
advantage of the knowledge that the DN is already optimized or not.
Note: With the patch applied, the slapi_dn_normalize_ext count called in
the start-up 8682 (times) was lowered to 1113 (times).
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #52: FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given
https://fedorahosted.org/389/ticket/52 https://fedorahosted.org/389/attachment/ticket/52/0001-Trac-Ticket-52-FQDN-set-to-nsslapd-listenhost.patch Fix description: Added a code to check netaddr is duplicated or not. When the address is IPv4-mapped-IPv6, cut the IPv4 part out of the address and use it to compare. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #35: Log not clear enough on schema errors
https://fedorahosted.org/389/ticket/35 https://fedorahosted.org/389/attachment/ticket/35/0001-Trac-Ticket-35-Log-not-clear-enough-on-schema-errors.patch Comment: Fix description: Cryptic error message: dse - parsing dse entry [attributeTypes] is now replaced with: dse - Parsing entry in file /path/to/schema/03bad.ldif failed. dse - Invalid section [attributeTypes:the rest of the invalid section up to 256 characters ...] Full sample log: [] - str2entry_dupcheck: entry has no dn [] dse - Parsing entry in file /etc/dirsrv/slapd-ID/schema/03bad.ldif failed. [] dse - Invalid section [# attributes attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog ...] [] dse - Please edit the file to correct the reported problems and then restart the server. The file which failed to parse is now in the error log. The previous error entry has no dn explains the cause of the failure. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [389 Project] #35: Log not clear enough on schema errors
https://fedorahosted.org/389/ticket/35 https://fedorahosted.org/389/attachment/ticket/35/0001-Trac-Ticket-35-Log-not-clear-enough-on-schema-errors.patch Thanks to Rich for his review. The new patch logs the lineno of the corrupted entry in the input ldif file. Comment: Improved the error message to print the line number. Fix description: Cryptic error message: dse - parsing dse entry [attributeTypes] is replaced with: dse_read_one_file - Parsing entry in file /path/to/schema/03bad.ldif failed . (lineno: ##) dse_read_one_file - Invalid section [attributeTypes: the rest of the invalid section up to 256 characters ...] Sample log: [] - str2entry_dupcheck: entry has no dn [] dse_read_one_file - Parsing entry in file /path/to/schema/03bad.ldif failed. (lineno: 13) [] dse_read_one_file - Invalid section [# attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' ) attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelog attrib ...] -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #27: SASL/PLAIN binds do not work
https://fedorahosted.org/389/ticket/27 https://fedorahosted.org/389/attachment/ticket/27/0001-Trac-Ticket-27-SASL-PLAIN-binds-do-not-work.patch Bug description: ids_sasl_canon_user failed to set dn: in front of the dn string in the output argument out_user. The dn string is used in the next session and the corresponding entry was not found due to the bad dn format (missing dn: ). Fix description: This patch adds the proper prefix. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): [389 Project] #27: SASL/PLAIN binds do not work
https://fedorahosted.org/389/ticket/27 https://fedorahosted.org/389/attachment/ticket/27/0001-Trac-Ticket-27-SASL-PLAIN-binds-do-not-work.patch Thanks to Rich for his comment. Fixed the code based upon his suggestions. --noriko -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #84: 389 Directory Server Unnecessary Checkpoints
https://fedorahosted.org/389/ticket/84 https://fedorahosted.org/389/attachment/ticket/84/0001-Trac-Ticket-84-389-Directory-Server-Unnecessary-Chec.patch Fix description: txn_checkpoint was always called with DB_FORCE flag. This patch introduces db_force arg to dblayer_txn_checkpoint and DB_FORCE is passed only from dblayer_force_checkpoint. Note: checkpoint_threadmain is one of the BDB housekeeping threads. It calls txn_checkpoint periodically. The interval is specified in the ldbm database config: dn: cn=config,cn=ldbm database,cn=plugins,cn=config nsslapd-db-checkpoint-interval:second Even if DB_FORCE is not set and there is no db modify activities, as long as checkpoint thread is functioning, some disk IO is observed due to updating the lock table and mempool to check if there is any data to flush. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #169: allow 389 to use db5
https://fedorahosted.org/389/ticket/169 https://fedorahosted.org/389/attachment/ticket/169/0001-Trac-Ticket-169-allow-389-to-use-db5.patch git patch file (master) -- excluded autogen files Fix description: 1. DB suffix .db4 is changed to .db if the server is linked with db5 (libdb); it remains .db4 if linked with db4. 2. Fixed DB_VERSION macro to pick up the correct APIs for db5. 3. DB upgrade flag DBVERSION_UPGRADE_4_5 is introduced and set once it is found the db4 to db5 upgrade is necessary. Upgrade from db4 to 5 requires cleaning up the region files (__db.##) then update transaction log files. The database files are compatible. 4. Added a code to db.m4 to check /usr/include/libdb/db.h. If /usr/include/db4/db.h does not exists AND libdb does, the db5 (libdb) header file is used. Note: package db4-devel and libdb-devel cannot coexist. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #260: 389 DS does not support multiple paging controls on a single connection
https://fedorahosted.org/389/ticket/260 https://fedorahosted.org/389/attachment/ticket/260/0001-Trac-Ticket-260-389-DS-does-not-support-multiple.patch Fix description: 1. Connection object holds the paged results related values. Now they are packaged in one PagedResults object. And the array of PagedResults with its length and used count are placed in PagedResultList, which is stashed in Connection (slap.h). 2. The pagedresults APIs are extended to take the index of Paged- Results array. The index is set to the cookie in the Paged- Results control before returning it to the client. When a client sends a paged results request, the cookie field in the first request control is supposed to be empty. The result control is returned with the search results. The result control stores the index in the cookie and the client sets it to the following request control to get the next pages. When the paged search is done, empty cookie is returned. 3. The array grows if multiple simple paged results requests over a single connection come in. The array does not get released every time, but it is when the server is shutdown. 4. Simple paged results connection is timed out when it exeeds the timelimit. If multiple requests are served, it won't be disconnected until all the requests are timed out. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: coverity 12563 Read from pointer after free
Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #303: make DNA range requests work with transactions
https://fedorahosted.org/389/ticket/303 https://fedorahosted.org/389/attachment/ticket/303/0001-Trac-Ticket-303-make-DNA-range-requests-work-with-tr.patch Fix Description: 1. pre_op: Adding missing dnatypes (e.g., uidNumber) should be done in the pre op phase (outside of the transaction) to satisfy the schema checking. To avoid calling the internal search for modify, set the target entry before calling pre op plugin in op_shared_ modify (modify.c). Also, if the operation is a replication op, the pre_op is skipped. 2. post_op: Moving dna_config_check_post_op to BE_TXN_POST_OP. If it is an internal operation, the dna post op is being skipped to avoid self re-entrant deadlock. 3. Fixed memory leaks on DNA_NEEDS_UPDATE and an uninitialized variable access. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: coverity 12606 Logically dead code
The previous fix (commit 325abca7135d06225adf5380d726de60dacda5a4) for Ticket #303 - make DNA range requests work with transactions introduced this dead code. Since dna_pre_op does not allocate an entry e, there is no need to check the flag free_entry and free it. From 4e0c70fd1a52d4bc943613bc496751fab2e390c0 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi nho...@totoro.usersys.redhat.com Date: Thu, 15 Mar 2012 09:17:33 -0700 Subject: [PATCH] coverity 12606 Logically dead code The previous fix (commit 325abca7135d06225adf5380d726de60dacda5a4) for Ticket #303 - make DNA range requests work with transactions introduced this dead code. Since dna_pre_op does not allocate an entry e, there is no need to check the flag free_entry and free it. --- ldap/servers/plugins/dna/dna.c |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c index c744e0a..ce2486e 100644 --- a/ldap/servers/plugins/dna/dna.c +++ b/ldap/servers/plugins/dna/dna.c @@ -3214,7 +3214,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype) char *dn = NULL; Slapi_Mods *smods = NULL; LDAPMod **mods; -int free_entry = 0; int ret = 0; slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, @@ -3308,9 +3307,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype) slapi_mods_free(smods); } bail: -if (free_entry e) -slapi_entry_free(e); - if (resulting_e) slapi_entry_free(resulting_e); -- 1.7.7.6 -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: schema def must have DESC '' - close paren must be preceded by space
Rich Megginson wrote: -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 597375] Deleting LDBM database causes backup/restore problem
https://bugzilla.redhat.com/attachment.cgi?id=419482action=diff https://bugzilla.redhat.com/attachment.cgi?id=419482action=edit Fix Description: 1) When a backend is removed, the db instance directory was removed as well (See also 463774 - index files for database should be deleted when db is deleted). In case DB_RECOVER_FATAL is set in the DB open after the removal (e.g., in restore), the logs in the transaction logs are replayed and compared with the contents of the DB files. At that time, if the db instance directory does not exist, libdb returns FATAL error. To prevent the problem, we have to leave the empty directory. 2) When removing index files, we don't have to open index files with CREAT flag. smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 578296] Attribute type entrydn needs to be added when subtree rename switch is on.
https://bugzilla.redhat.com/show_bug.cgi?id=578296 https://bugzilla.redhat.com/attachment.cgi?id=426726action=diff https://bugzilla.redhat.com/attachment.cgi?id=426726action=edit Files: ldap/servers/slapd/back-ldbm/back-ldbm.h ldap/servers/slapd/back-ldbm/id2entry.c ldap/servers/slapd/back-ldbm/index.c ldap/servers/slapd/back-ldbm/ldbm_search.c ldap/servers/slapd/back-ldbm/proto-back-ldbm.h Description: Attribute type entrydn needs to be added when subtree rename switch is on. Also, it should be allowed to use entrydn in the filter. Change Description: 1) ldbm_back_next_search_entry_ext (ldbm_search.c) When getting an entry from ID using id2entry_ext, pass a flag ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry. 2) id2entry_ext (id2entry.c) Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN. If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and entryrdn switch is enabled, entrydn is added to the entry. 3) index_read_ext (index.c) If entryrdn switch is on and the attribute type is entrydn and the search type is equality, then call entryrdn_index_read to get the ID directly. Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #576: DNA: use event queue for config update only at the start up.
https://fedorahosted.org/389/ticket/576 https://fedorahosted.org/389/attachment/ticket/576/0001-Ticket-576-DNA-use-event-queue-for-config-update-onl.patch Bug description: DNA config updates were always put into the event queue and executed in 30 seconds, which increased a chance to conflict with the ordinary modify operations and cause db deadlocks. Fix description: The 30 seconds delay is necessary at the start- up time when MMR is configured to guarantee the shared config is logged in the changelog. This patch leaves the behaviour of the config update at the start-up as it is; the rest won't be queued but updated immediately. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #603: A logic error in str2simple
https://fedorahosted.org/389/ticket/603
https://fedorahosted.org/389/attachment/ticket/603/0001-Ticket-603-A-logic-error-in-str2simple.patch
Fix description: str2simple sets the strdup'ed type this way:
if ( f-f_choice == LDAP_FILTER_PRESENT ) {
f-f_type = slapi_ch_strdup( str );
} else if ( unescape_filter ) {
f-f_avtype = slapi_ch_strdup( str );
} if ( !unescape_filter ) {
f-f_avtype = slapi_ch_strdup( str );
}
If f_choice is LDAP_FILTER_PRESENT and !unescape_filter is
true, the first strdup'ed string is leaked since f_type
and f_avtype share the same memory. But currently, str2simple
is not called with (unescape_filter == 0). Thus there is no
chance to satisfy the condition. This patch fixes the flaw.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (additinal fix): [389 Project] #47391: deleting and adding userpassword fails to update the password
https://fedorahosted.org/389/ticket/47391 https://fedorahosted.org/389/attachment/ticket/47391/0001-Ticket-47391-deleting-and-adding-userpassword-fails-.patch Bug description: ldapmodify with changetype modify is supposed to skip checking unhashed password in acl_check_mods. delete and replace were being skipped, but not add. Fix description: add also skips to check unhashed password. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: Ticket #47384 - Plugin library path validation
https://fedorahosted.org/389/ticket/47384 https://fedorahosted.org/389/attachment/ticket/47384/0001-Ticket-47384-Plugin-library-path-validation.3.patch Description: commit a4b81c0ae59a4246d2d44790efea093a62fc972c https://fedorahosted.org/389/changeset/a4b81c0ae59a4246d2d44790efea093a62fc972c/ only checks the invalid plugin path when the value is modified. This patch adds the check when a plugin entry is added. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #47367: ldapdelete returns non-leaf entry error while trying to remove a leaf entry
https://fedorahosted.org/389/ticket/47367 https://fedorahosted.org/389/attachment/ticket/47367/0001-Ticket-47367-phase-1-ldapdelete-returns-non-leaf-ent.2.patch git patch file (master) - phase1: ported from 1.2.11 The difference from 1.2.11: [urp.c] 2) The urp calling timing was moved from SLAPI_PLUGIN_BE_TXN_PRE_* to SLAPI_PLUGIN_BE_PRE_*. (Note: SLAPI_PLUGIN_BE_PRE_* is also in the backend transaction.) This is necessary since urp needs to be done prior to parent checking. [ldbm_add.c] Moved SLAPI_PLUGIN_BE_PRE_ADD_FN inside of the transaction. Other operations are already calling SLAPI_PLUGIN_BE_PRE function at the timing. https://fedorahosted.org/389/attachment/ticket/47367/0002-Ticket-47367-phase-2-ldapdelete-returns-non-leaf-ent.patch git patch file (master) - phase2 Fix description: 1) Make sure add/modify/modrdn/delete plug-in callbacks return SLAPI_PLUGIN_SUCCESS (==0) on SUCCESS and SLAPI_PLUGIN_FAILURE (==-1) on FAILURE. And set error code to SLAPI_RESULT_CODE in pblock, if any. 2) replication: eliminated multimaster_betxnpreop_* which were used for calling urp. Urp needs to be processed at bepreop timing. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [389 Project] #47435: Very large entryusn values after enabling the USN plugin and the lastusn value is negative.
https://fedorahosted.org/389/ticket/47435 https://fedorahosted.org/389/attachment/ticket/47435/0001-Ticket-47435-Very-large-entryusn-values-after-enabli.patch 1. Bug description: The initial value of lastusn is -1, but since the entryusn has the unsigned long long integer type, the server returns 18446744073709551615 == 0X. Fix description: The initial value -1 is returned as it is. 2. Bug description: Entryusn syntax is defined as an integer in the schema. If negative values are accidentally stored in the entryusn value in the database, it was casted to the unsigned integer in the entryusn initialization code (usn_get_last_usn). Fix description: When an entryusn value is retrieved from the database, it's checked as a singed integer once and if it is negative, it's replaced with the initial value -1. -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (coverity fix): [389 Project] #48: Active Directory has certain uids which are reserved and will cause a Directory Server replica initialization of an AD server to abort.
https://fedorahosted.org/389/ticket/48 https://fedorahosted.org/389/attachment/ticket/48/0001-Ticket-48-Active-Directory-has-certain-uids-which-ar.2.patch git patch file (master) -- fixing Coverity CID 11943 Coverity CID 11943 - Logically dead code Fix description: The following commit mistakenly put the Ignoring ALREADY EXIST case code before retrieving the ldap_result_code. This patch fixes the order. commit b00b8acca54267560c6d7ec614bc52cfe541200a Author: Noriko Hosoi nho...@redhat.com Date: Fri Aug 16 14:04:27 2013 -0700 -- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please Review: (460209) Correct configure help message (adminserver)
On 02/15/2010 11:20 AM, Nathan Kinder wrote: https://bugzilla.redhat.com/show_bug.cgi?id=460209 https://bugzilla.redhat.com/attachment.cgi?id=394380action=diff https://bugzilla.redhat.com/attachment.cgi?id=394380action=edit -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 573896] initializing subtree with invalid syntax crashes ns-slapd
Subject: initializing subtree with invalid syntax crashes ns-slapd https://bugzilla.redhat.com/show_bug.cgi?id=573896 Files: ldap/servers/slapd/slap.h ldap/servers/slapd/task.c Description: When an import is executed using a task mechanism, slapi_task_log_notice is called for logging, where task_log field points the memory storing the log messages. If multiple log messages were logged by multiple worker threads simultaneously, there was a chance that the address of the log message was switched by realloc while the other threads were accessing the old address. This patch introduces task_log_lock per task to protect task_log. Note: slapi_ch_malloc and its friends never return NULL. They rather exits. Thus, to avoid the confusion which may look leaking the lock, I eliminated 2 error returns from slapi_task_log_notice. Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=400601action=diff https://bugzilla.redhat.com/attachment.cgi?id=400601action=edit smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 515805] Stop initialize Database crashes the server
https://bugzilla.redhat.com/show_bug.cgi?id=515805 Steps to Reproduce: 1. On the DS Console, Configuration tab | expand Data, choose a backend icon in a suffix 2. Right click and choose initialize database, put an LDIF file name and click OK 3. Once the import started, click Stop on the initialize Databasebackend window, which crashed the server Bug Description: Task can be cancelled by sending a modify request on the task entry by replacing nsTaskCancel value with TRUE as long as the task has the cancel handling code. Currently, only import does. Once TRUE is set to nsTaskCacnel, the pre-set callback slapi_task_set_cancel_fn (import_task_abort in this case) is called and set the ABORT flag, which is monitored by import_monitor_threads. By returning from import_monitor_threads, the main import threads calls slapi_task_log_status. This function calls slapi_task_status_changed, where since the task is cancelled, it sets destroy_task to the event queue. That is, any time after the first slapi_task_log_status/slapi_task_status_changed call, the task may be destroyed. On the other hand, the task application import tries to log after that. [..] - import userRoot: Aborting all import threads...== first log after cancel [..] - import userRoot: Import threads aborted. [..] - import userRoot: Closing files... !!! slapi_task_finish is called !!! [..] - import userRoot: Import failed. In this scenario, any logging or slapi_task_finish after the first log could crash the server. We should not go into the task clean up code when the state is just cancelled. Rather, we should let the task application finish the task which changes the state to finished, then destroy the task. Files: ldap/servers/slapd/back-ldbm/import.c ldap/servers/slapd/task.c Fix proposal: https://bugzilla.redhat.com/attachment.cgi?id=401106action=diff https://bugzilla.redhat.com/attachment.cgi?id=401106action=edit smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 548533] memory leak in Repl_5_Inc_Protocol_new
[Bug 548533] memory leak in Repl_5_Inc_Protocol_new https://bugzilla.redhat.com/show_bug.cgi?id=548533 Proposed Fix: https://bugzilla.redhat.com/attachment.cgi?id=401614action=diff https://bugzilla.redhat.com/attachment.cgi?id=401614action=edit Description: repl5_inc_delete and repl5_tot_delete to release the incremental and total update protocol were not implemented. This fix implemented them. Also, it fixed a leak of connection in private_protocol_factory. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please Review: Managed Entries Plug-in
(2010?03?30? 13:56), Nathan Kinder wrote: New patch attached. Ack. --noriko -NGK On 03/30/2010 01:24 PM, Nathan Kinder wrote: Please hold off on the review. I noticed one other thing that I need to address. A new patch will be sent out shortly. -NGK On 03/30/2010 01:18 PM, Nathan Kinder wrote: -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 2): Update to New DN Format
Thanks to nkin...@redhat.com for his reviews and comments. Following his findings, these bugs were fixed. 1) If nsslapd-dn-validate-strict is set, check the incoming DNs and reject them if they are not valid. Once approved, the DNs are normalized. 2) Function in the acl plugin acllas__client_match_URL was calling slapi_dn_normalize_ext against URL (not DN), which was not a correct usage of the API. Now, the strict DN part is passed to the API. 3) Fixed typos in the acl plugin. https://bugzilla.redhat.com/attachment.cgi?id=409036action=diff https://bugzilla.redhat.com/attachment.cgi?id=409036action=edit Thanks, --noriko On 4/21/10 4:22 PM, Noriko Hosoi wrote: Background info: http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format Fix Description: . adding slapi_dn_normalize_ext and its siblings to normalize/validate invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c) . replacing slapi_dn_normalize with new corresponding functions. . normalizing hardcoded DNs (e.g., removing spaces around ',') . setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix, costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN Related bugs: Bug 199923 - subtree search fails to find items under a db containing special characters Bug 567968 - subtree/user level password policy created using 389-ds-console doesn't work. Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with non-ASCII new rdn incorrect Bug 570962 - ns-inactivate.pl does not work Bug 572785 - DN syntax: old style of DN type=DN,the_rest is not correctly normalized Bug 573060 - DN normalizer: ESC HEX HEX is not normalized Bug 574167 - An escaped space at the end of the RDN value is not handled correctly -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 531642] EntryUSN: RFE: a configuration option to make entryusn global
https://bugzilla.redhat.com/show_bug.cgi?id=531642 https://bugzilla.redhat.com/attachment.cgi?id=441366action=diff https://bugzilla.redhat.com/attachment.cgi?id=441366action=edit Fix description: 1. Introduced a config parameter nsslapd-entryusn-global: on|off to enable | disable the global mode. By default, off. In the global mode, search on root dse returns lastusn:num without the backend subtype (e.g., lastusn;userroot:num) 2. Added slapi_get_next_suffix_ext to mapping_tree.c, which visits children as well as siblings in the mapping tree. (Note: slapi_get_next_suffix does just siblings.) 3. import (ldif2db) adds entryusn: 0 to every entry unless the entry already contains the entryusn attribute. 4. ldbm_back_delete, ldbm_back_modify, ldbm_back_modrdn: set ldap_result_code to pblock so that bepost plugin could see if the operation was successful or not. See also http://directory.fedoraproject.org/wiki/Entry_USN#Global_mode Thanks, --noriko smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (revised): [Bug 635987] Incorrect sub scope search result with ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987 https://bugzilla.redhat.com/attachment.cgi?id=449487action=diff https://bugzilla.redhat.com/attachment.cgi?id=449487action=edit Thanks to Rich for analysing the bug introduced by the previous commit. The attached patch should fix it. Description: This commit made for the bug 635987 introduced a bug to replication. commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5 Author: Noriko Hosoinho...@redhat.com Date: Tue Sep 21 15:12:07 2010 -0700 subtree_candidates (ldbm_search.c) If you do have a tombstone filter, descendants will be NULL, and idl_intersection of candidates and descendents will wipe out all of the candidates, leaving just the one entry, e-ep_id. Changed to call idl_intersection only when the filter is not for tombstone or entryrdn_get_noancestorid (false, by default). smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] 1.2.6-1 crash
The stack traces from the ns-slapd core would be very helpful. 1. login as root 2. ps -ef | grep ns-slapd ldapuser 27526 1 0 Sep24 ?00:02:21 ./ns-slapd -D ... 3. attach the process to gdb # gdb /usr/sbin/ns-slapd 27526 gdb continue 4. start the LDAP intensive application Hopefully, it makes ns-slapd crash. Then, run bt command: gdb thread apply all bt Thanks, --noriko On 9/28/10 8:38 PM, Gary Morris wrote: ok.. it pulled 389-ds-base-1.2.6-2.fc13.x86_64.. is that ok or do i need to be on 1.2.6-1? On 1.2.6-2 I'm having the same problem. As soon as I start an application that is ldap intensive, the directory server crashes real quick. No errors of any sort reported. On Tue, Sep 28, 2010 at 11:16 PM, Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com wrote: Gary Morris wrote: Hi guys.. i'm running 389-ds-base-1.2.6-1.fc13.x86_64 and the server is crashing repeatedly, mostly under load. There are about 390,000 ldap entries in the database. I tried installing on a couple of different servers (Fedora 13) with the same problem. The problem does not seem to be happening on 1.2.6-0.1. I would be happy to send you more details on what is causing the crash if I could figure out how to do that. When I put any load on the server, it crashes, and often crashes before it can even fully start. It does not seem to crash when I turn on the heavy debugging, but then again, performance is very slow on full debug. If anyone has some suggestions on what I can do to give more information, i'd be happy to. There were a couple of crashing bugs that have been fixed in 1.2.6.1-1 - now available in the Testing repos. Please try to install 389-ds-base-1.2.6.1-1 from the updates-testing repo and see if that fixes your problem. -gary -- 389-devel mailing list 389-devel@lists.fedoraproject.org mailto:389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org mailto:389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: openldap ber_init will assert if the bv-bv_val is NULL
ack. Rich Megginson wrote: -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 640027] Naming attribute with a special char sequence parsing bug
https://bugzilla.redhat.com/show_bug.cgi?id=640027 https://bugzilla.redhat.com/attachment.cgi?id=451775action=diff https://bugzilla.redhat.com/attachment.cgi?id=451775action=edit Description: When DN is made from RDNs containing escaped plus \+, the dn normalizer considers the value could be nested multi- valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO) In that case, multi-valued RDNs are sorted by the normalizer. (== cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO) The sample DN provided by Andrey Ivanov contains \+, but that is not a separator for the multi-valued RDNs: cn=mytest\+\=-123'\;456,dc=example,dc=com The dn normalizer should have checked the possibility, as well. The check is added in this patch. Also, sorting was not triggered if multi-valued RDNs are located at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO) The bug was fixed, as well. File: ldap/servers/slapd/dn.c -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please Review: (cov#16300) Unused variable in account policy plugin
On 10/08/2010 03:17 PM, Nathan Kinder wrote: -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel ack. smime.p7s Description: S/MIME Cryptographic Signature -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (take 3): [Bug 653007] db2ldif export of clear text passwords lacks storage scheme
https://bugzilla.redhat.com/show_bug.cgi?id=653007
https://bugzilla.redhat.com/attachment.cgi?id=472145action=diff
https://bugzilla.redhat.com/attachment.cgi?id=472145action=edit
Discussed with Nathan and removed the passwordStorageScheme check. My
previous proposals added {CLEAR} only when the global passwordStorageScheme
was clear and passwords were not hashed. This did not cover some cases such
as the global passwordStorageScheme was not clear and a fine grained password
policy was.
This revised patch checks every userPassword value regardless of the password
scheme and put {CLEAR} if the value is not hashed.
--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review (Admin Server 389-ds-console): [Bug 387981] plain files can be chosen on the Restore Directory dialog
https://bugzilla.redhat.com/show_bug.cgi?id=387981 AS: git patch file (master) https://bugzilla.redhat.com/attachment.cgi?id=477544action=diff https://bugzilla.redhat.com/attachment.cgi?id=477544action=edit Description: dsalib_ldif_parse_line: OpenLDAP ldif_read_record takes buffer with its length and resizes it if it internally requires more memory. The function dsalib_ldif_parse_line did not properly initialize the address and the size which caused the memory problem and crashed some CGIs such as ds_listdb. This patch initializes the address and size to 0. 389-ds-console: git patch file (master) https://bugzilla.redhat.com/attachment.cgi?id=477545action=diff https://bugzilla.redhat.com/attachment.cgi?id=477545action=edit Description: This patch adds 2 checks to RestorePanel: if the restore path exists or not and if the path is a directory or not. When both are true, the OK button is enabled. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 676053] export task followed by import task causes cache assertion
https://bugzilla.redhat.com/show_bug.cgi?id=676053 https://bugzilla.redhat.com/attachment.cgi?id=478160action=diff https://bugzilla.redhat.com/attachment.cgi?id=478160action=edit Description: Task version of export had a bug in handling the busy instance error case. When returning due to the busy error, the function ldbm_back_ldbm2ldif reset the busy bit set by other threads. This patch checks the special return value set in the busy error case and resets the busy bit only when it is set by the function. Also, this patch fixes a bug in dse_add which replaces an adding entry with its copy in pblock and the original entry is consumed. But the caller frees the original entry. Applying this patch, instead of consuming the original entry, its copy is consumed and the original adding entry stays in the pblock. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 676053] export task followed by import task causes cache assertion
https://bugzilla.redhat.com/show_bug.cgi?id=676053 https://bugzilla.redhat.com/attachment.cgi?id=479007action=diff https://bugzilla.redhat.com/attachment.cgi?id=479007action=edit Description: When a search request with VLV and/or SORT control fails, it did not returning an entry to the entry cache. The entry has positive refcnt and won't be cleared even by cache_clear. This patch adds CACHE_RETURN call for the error cases. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 625424] repl-monitor.pl doesn't work in hub node
https://bugzilla.redhat.com/show_bug.cgi?id=625424 https://bugzilla.redhat.com/attachment.cgi?id=480602action=diff https://bugzilla.redhat.com/attachment.cgi?id=480602action=edit Description: repl-monitor.pl has been designed to display the entire replication topology. This patch allows to show the subset of the topology starting from the specified hub. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 211296] Clean up all HTML pages (Admin Express, Repl Monitor, etc)
https://bugzilla.redhat.com/show_bug.cgi?id=211296 Admin Server https://bugzilla.redhat.com/attachment.cgi?id=481106action=diff https://bugzilla.redhat.com/attachment.cgi?id=481106action=edit Description: 1) Using HTML Validator, reviewed html pages (static as well as the generated ones) and fixed the errors and warnings. 2) To allow execute perl cgi script repl-monitor-cgi.pl, enabled AddHandler cgi-script for the extention .pl. 3) repl-monitor-cgi.pl did not pass the parameters sent from the caller cgi monreplication. This patch fixes the bug. 389-ds-console https://bugzilla.redhat.com/attachment.cgi?id=481107action=diff https://bugzilla.redhat.com/attachment.cgi?id=481107action=edit 389-admin-console https://bugzilla.redhat.com/attachment.cgi?id=481109action=diff https://bugzilla.redhat.com/attachment.cgi?id=481109action=edit Description: Using HTML Validator, reviewed help pages and fixed the errors and warnings. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 681015] RFE: allow fine grained password policy duration attributes in days, hours, minutes, as well
https://bugzilla.redhat.com/show_bug.cgi?id=681015 https://bugzilla.redhat.com/attachment.cgi?id=481753action=diff https://bugzilla.redhat.com/attachment.cgi?id=481753action=edit Description: Adding an ability to handle ##D|d, ##H|h, ##M|m, ##S|s format to the fine grained password policy duration attributes: passwordMinAge, passwordMaxAge, passwordWarning, passwordLockoutDuration Valid value for these duraton parameters are . duration in seconds with no extension . duration in days, hours, minutes, and seconds with extesion D|d, H|h, M|m, and S|s, respectively. The value should be less than MAX_ALLOWED_TIME_IN_SECS - current_time. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 158926] Unable to install CA certificate when using hardware token ( LunaSA )
https://bugzilla.redhat.com/show_bug.cgi?id=158926 Admin Server (security CGI): https://bugzilla.redhat.com/attachment.cgi?id=482179action=diff https://bugzilla.redhat.com/attachment.cgi?id=482179action=edit Description: Installing/Importing CA cert to the hardware token was not correctly supported in the security CGI. This patch passes hardware token name to the installCACert helper function and get the correct slot for the hardware token. Then, import the cert to the slot. idm-console-framework: https://bugzilla.redhat.com/attachment.cgi?id=482183action=diff https://bugzilla.redhat.com/attachment.cgi?id=482183action=edit Description: CertificateDialog passes the token name selected from the Security Device menu to ServerCertificatePane, but NOT to CACertificatePane. Due to this, when a hardware token was selected as a Security Device on CACertificatePane, installing CA cert was not forwarded to the hardware token. Also, it was missing to send a passowrd for the Security Device on CACertificatePane, which caused the install fail with an error Password. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please Review: Auto Membership Plug-in
On 04/19/2011 01:44 PM, Nathan Kinder wrote: I've attached a revised patch to address some comments given by Noriko. The only differences here are in the plug-in close() function. We free the config lock now, and we also check if the started flag was set before freeing any of the resources. On 04/19/2011 08:52 AM, Nathan Kinder wrote: http://directory.fedoraproject.org/wiki/Auto_Membership_Design -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel Reviewed++. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] rfc2307bis.ldif Parsing Error
Thanks a lot, Adrien. I've added your fixed schema file to the *Bug 170791* https://bugzilla.redhat.com/show_bug.cgi?id=170791 -Schema file parsing overly picky?. On 05/02/2011 05:55 PM, Adrien Guillon wrote: Today on #389 on freenode we spent some time attempting to understand why directory 389 did not load changes to the schema. I shutdown dirsrv, replaced the rfc2307.ldif schema with rfc2307bis.ldif, restarted, and noticed that the schema change had not taken effect. This was due to the formatting of the rfc2307bis.ldif file itself (basically the DESC field was in the wrong place). I have attached a fixed ldif file. -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] about Bug 590826 - Reloading database from ldif causes changelog to emit data no longer matches errors
Rich Megginson wrote: The problem comes from the method we use to check if the changelog does not match the database in replica_check_for_data_reload(). The RUV in the database contains obsolete elements from replicas that are no longer in use. replica_check_for_data_reload() uses ruv_covers_ruv() to see if all of the max csns in the database ruv are in the changelog maxruv, and vice versa. It fails because the database ruv contains these obsolete elements not found in the changelog maxruv. My question is - why do we care? Isn't it sufficient to check that the replicageneration in the changelog is the same as the replicageneration in the database ruv? The replicageneration is supposed to be the unique identifier of the starting point of the replicated data. If the data is reloaded (e.g. from an ldif not created with db2ldif -r), a new replicageneration will be created, and the data will mismatch. That's right. And the problem is the database RUV never be updated once the data is reloaded from such an ldif file? Then, the server recreates the changelog every time the server is restarted? You mentioned remove them in the proposed warning. Is it the only way to adjust the database RUV? Or, alternately, leave the check for all of the ruv elements in, but just warn if the database contains ruv elements not in the cl maxruv e.g. something like WARNING: The database RUV contains these elements not present in the changelog max ruv: These elements may be obsolete, in which case you should remove them. If they are not obsolete, you should check those servers to make sure replication is occurring. If the database RUV is not used at all, I think there is no benefit to maintain it... Warning would rather confuse users, wouldn't it? --noriko -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: Add support for pre/post db transaction plugins
Rich Megginson wrote: http://rmeggins.fedorapeople.org/patches/0001-Add-support-for-pre-post-db-transaction-plugins.patch -- ack. 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
Re: [389-devel] Please review: convert memberof to use transactions
Rich Megginson wrote: On 10/06/2011 12:04 PM, Noriko Hosoi wrote: Rich Megginson wrote: There are 3 patches. 0001 fixes a problem with betxn and modrdn to make the ENTRY_POST_OP available to betxnpostop plugins. 0002 allows us to pass the plugin config entry to plugin_init functions (yay! finally!). 0003 is the actual change to memberof. ack. ack. ack. So, once betxn is set to the memberof plugin type, memberof mod operations are included in the same transaction? Right. Cool! That'll be very useful! -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
[389-devel] Please review: [Bug 744945] nsslapd-counters attribute value cannot be set to off
https://bugzilla.redhat.com/show_bug.cgi?id=744945 https://bugzilla.redhat.com/attachment.cgi?id=527345action=diff https://bugzilla.redhat.com/attachment.cgi?id=527345action=edit Description: nsslapd-counters (cn=config) is allowed to have the value off. Once it's set, cache monitor would not be available. . when staring the server, following message is logged. cache_init: slapi counter is not available. . ldapsearch cache statistics under cn=monitor,cn=BACKEND,cn=ldbm database, cn=plugins,cn=config shows 0's: entrycachehits: 0 entrycachetries: 0 entrycachehitratio: 0 -- 389-devel mailing list 389-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
