[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall

2021-05-14 Thread Ryan Tandy
On Fri, May 14, 2021 at 01:36:12PM -, Stephane Chazelas wrote:
>The important backtrace in there is the one from thread 11:
>
>#0  0x7fb288428474 in read () from /lib/x86_64-linux-gnu/libpthread.so.0
>No symbol table info available.
>#1  0x7fb2890c4518 in ?? () from /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2
>No symbol table info available.
>#2  0x7fb287895848 in ?? () from /usr/lib/x86_64-linux-gnu/libgnutls.so.30
>No symbol table info available.

This is a valid issue, but are we certain it's the same one? The 
reporter talked about sched_yield and their backtraces included several 
threads of back_monitor waiting on some kind of lock.

>https://bugs.openldap.org/show_bug.cgi?id=8650#c12 explains that it's
>https://github.com/openldap/openldap/commit/7b5181da8cdd47a13041f9ee36fa9590a0fa6e48
>that is responsible for the issue.
>
>https://github.com/openldap/openldap/commit/4c1ab16ade18a253dd81df7e6eced4d920ac6a8e
>reverted that commit, but that one did not make it into bionic.

Indeed. :( I didn't notice this went unfixed in an LTS, I'm sorry for 
missing that.

>So cherry picking
>https://github.com/openldap/openldap/commit/4c1ab16ade18a253dd81df7e6eced4d920ac6a8e
>should fix it.

In this version it's a Debian patch, so probably just remove the 
offending patch from d/patches, rather than import the revert?

On Fri, May 14, 2021 at 02:18:47PM -, Stephane Chazelas wrote:
>Yes,
>https://github.com/openldap/openldap/commit/735e1ab14bb055344b4e767a216aa410aa7d1503
>can't be directly applied there. There have been other changes in
>between in that section including changes in API, so it would take more
>effort to backport that fix.

Right. I'm not confident I can backport that correctly, so I'd feel 
safer just doing the revert. However, sssd should also be tested, to 
ensure the version in bionic isn't affected by ITS#9210 
(https://bugs.openldap.org/show_bug.cgi?id=9210).

COMPLETELY UNTESTED debdiff attached.


** Bug watch added: bugs.openldap.org/ #9210
   https://bugs.openldap.org/show_bug.cgi?id=9210

** Attachment added: "openldap_2.4.45+dfsg-1ubuntu1.11.debdiff"
   
https://bugs.launchpad.net/bugs/1926265/+attachment/5497610/+files/openldap_2.4.45+dfsg-1ubuntu1.11.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1926265

Title:
  slapd enter in infinite loop on sched_yield syscall

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  On a production server, sometimes slapd become unbresponsive, some threads 
loops in sched_yield syscall and consumme all CPU.
  To recover, slapd needs to restart.
  No related information is reported in log file.
  All same issues in OpenLDAP upstream project are old and fixed.
  So maybe this issue affects only Ubuntu package.
  It occurs randomly, so I have no steps to reproduce.

  
  OS : Bionic

  Openldap version:

  libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10
 
  libldap-common 2.4.45+dfsg-1ubuntu1.10
 
  slapd  2.4.45+dfsg-1ubuntu1.10
 

  Modules loaded:

  olcModuleLoad: {0}back_bdb
  olcModuleLoad: {1}syncprov
  olcModuleLoad: {2}back_monitor
  olcModuleLoad: {3}memberof.la
  olcModuleLoad: {4}refint.la
  olcModuleLoad: {5}rwm
  olcModuleload: {6}back_ldap

  
  Backend is BDB. slapd run in (single) master - (multi) slave mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1921562] [NEW] Intermittent hangs during ldap_search_ext when TLS enabled

2021-03-26 Thread Ryan Tandy
On Sat, Mar 27, 2021 at 01:06:42AM -, Vincent Vanlaer wrote:
>https://git.openldap.org/openldap/openldap/-/commit/735e1ab

Note that this commit is for OpenLDAP 2.5 and needs adjustment for the 
2.4 branch. The commit ids for 2.4 are:

https://git.openldap.org/openldap/openldap/-/commit/7cf7aa3141
https://git.openldap.org/openldap/openldap/-/commit/85fc8974f5

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in
  https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was
  released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS
  and potentially earlier Ubuntu releases. Later Ubuntu releases use an
  openldap version that is at least 2.4.50 and are therefore not
  affected.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

  As this bug affects all systems using LDAP with TLS, I suggest that
  the fix for this bug is ported to Ubuntu 20.04 LTS and potentially
  earlier versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 571481] Re: when slapd upgrade fails, later upgrade attempts overwrite saved backups of pre-upgrade configuration files

2021-02-25 Thread Ryan Tandy
Fixed in 2.4.51+dfsg-1 i.e. groovy

** Changed in: openldap (Ubuntu)
 Assignee: Ryan Tandy (rtandy) => (unassigned)

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/571481

Title:
  when slapd upgrade fails, later upgrade attempts overwrite saved
  backups of pre-upgrade configuration files

Status in openldap package in Ubuntu:
  Fix Released
Status in openldap package in Debian:
  Fix Released

Bug description:
  When called in "upgrade" mode, the slapd.postinst script starts out by
  making a backup of the $SLAPD_CONF directory into /var/backups/slapd
  -/ .

  However, if the upgrade fails (e.g. because of bug #571057), then
  later attempts to run the upgrade script will still be called with the
  same old-package-version, and the script will blindly re-run the
  backup of $SLAPD_CONF onto the same destination directory, overwriting
  the original pre-upgrade-attempt versions of those files with the
  copies that include edits made by the earlier runs of the upgrade
  script.

  I see there is some logic in the compute_backup_path function to check
  if the backup target already exists, and to abort the upgrade run if
  it does.  Doing the same sort of check-and-abort in backup_config_once
  would be better than the current scenario, though it might be even
  nicer if the program could pick a new backup directory (e.g.
  /var/backups/slapd-_try or something)
  automatically, rather than aborting and forcing the user to clean up
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/571481/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1891548] Re: autofs-ldap's /etc/ldap/schema/autofs.schema crashes slapd

2020-08-14 Thread Ryan Tandy
msp3k is correct. The bug is in autofs-ldap, not in slapd. slapd is
correct to reject "caseExactMatch" since the attribute syntax is IA5
String. The correct fix is what msp3k said, fix the matching rule to be
caseExactIA5Match like it was in the old one.


--- /etc/ldap/schema/autofs.schema  2020-08-14 15:50:36.678109301 +
+++ /etc/ldap/schema/autofs.schema  2020-08-14 15:50:46.506246431 +
@@ -10,7 +10,7 @@

 attributetype ( 1.3.6.1.4.1.2312.4.1.2 NAME 'automountInformation'
DESC 'Information used by the autofs automounter'
-   EQUALITY caseExactMatch
+   EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

 objectclass ( 1.3.6.1.4.1.2312.4.2.3 NAME 'automount' SUP top
STRUCTURAL

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1891548

Title:
  autofs-ldap's /etc/ldap/schema/autofs.schema crashes slapd

Status in autofs package in Ubuntu:
  New
Status in openldap package in Ubuntu:
  New

Bug description:
  Ubuntu Release:
  # lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:  20.04

  Version of packages in use:
  # dpkg -l autofs autofs-ldap slapd | grep '^ii'
  ii  autofs 5.1.6-2ubuntu0.1   amd64kernel-based 
automounter for Linux
  ii  autofs-ldap5.1.6-2ubuntu0.1   amd64LDAP map support for 
autofs
  ii  slapd  2.4.49+dfsg-2ubuntu1.3 amd64OpenLDAP server (slapd)

  Expected:
  No errors from slaptest

  Actual Output:
  5f359370 /etc/ldap/schema/autofs.schema: line 14 attributetype: AttributeType 
inappropriate matching rule: "caseExactMatch"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1891548/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1880209] [NEW] slapd configuration does not ask for olcbackend and doesn't add one. Has to be added by hand.

2020-05-22 Thread Ryan Tandy
On Fri, May 22, 2020 at 04:34:52PM -, Mario Mech wrote:
>Installing slapd and ldap-utils results in missing backend
>
>dn: olcBackend={0}mdb,cn=config
>
>the installer skips the installation step. Has to be added by
>ldpamodify.

This was done intentionally as it's much more common to configure things 
per-database than per-backend. What do you need the backend entry for, 
and why is it a problem to add it yourself? Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1880209

Title:
  slapd configuration does not ask for olcbackend and doesn't add one.
  Has to be added by hand.

Status in openldap package in Ubuntu:
  New

Bug description:
  Installing slapd and ldap-utils results in missing backend

  dn: olcBackend={0}mdb,cn=config

  the installer skips the installation step. Has to be added by
  ldpamodify.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: slapd 2.4.49+dfsg-2ubuntu1.2
  ProcVersionSignature: Ubuntu 5.4.0-31.35-generic 5.4.34
  Uname: Linux 5.4.0-31-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CNConfig:
   Error: command ['pkexec', '/usr/bin/ldapsearch', '-Q', '-LLL', '-Y 
EXTERNAL', '-H ldapi:///', '-b cn=config'] failed with exit code 127: 
polkit-agent-helper-1: error response to PolicyKit daemon: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
   Error executing command as another user: Not authorized
   
   This incident has been reported.
  CasperMD5CheckResult: skip
  Date: Fri May 22 18:27:59 2020
  InstallationDate: Installed on 2020-04-20 (32 days ago)
  InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Beta amd64 
(20200417)
  SourcePackage: openldap
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1880209/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1875697] Re: drop fix-ldap-distribution.patch?

2020-05-08 Thread Ryan Tandy
On Fri, May 08, 2020 at 07:57:38PM -, Andreas Hasenack wrote:
>But looks like the email is wrong, we should be showing ubuntu-devel@ 
>there instead of the debian maintainers list.

I'm fine with receiving mail from Ubuntu users as well. (in IRC I'm 
usually supporting at least as many Ubuntu users as Debian users.) But 
feel free to patch this in your build, or send me a patch to pick up 
Maintainer dynamically from the control file (or based on dpkg-vendor or 
whatever).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1875697

Title:
  drop fix-ldap-distribution.patch?

Status in openldap package in Ubuntu:
  Triaged
Status in openldap source package in Focal:
  Triaged

Bug description:
  Hi,

  In version 2.4.49+dfsg-3 I fixed a bug where the version was missing
  from the -V output in OpenLDAP programs:
  .

  At the same time, I've patched it to display the package version
  there, instead of the upstream version:

  # slapd -VV
  @(#) $OpenLDAP: slapd 2.4.49+dfsg-4 (Apr 15 2020 04:33:16) $
Debian OpenLDAP Maintainers 

  If showing the distro version here fulfills the same requirements as
  the fix-ldap-distribution.patch, then maybe that patch can be dropped?

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1875697/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1875697] [NEW] drop fix-ldap-distribution.patch?

2020-04-28 Thread Ryan Tandy
Public bug reported:

Hi,

In version 2.4.49+dfsg-3 I fixed a bug where the version was missing
from the -V output in OpenLDAP programs:
.

At the same time, I've patched it to display the package version there,
instead of the upstream version:

# slapd -VV
@(#) $OpenLDAP: slapd 2.4.49+dfsg-4 (Apr 15 2020 04:33:16) $
Debian OpenLDAP Maintainers 

If showing the distro version here fulfills the same requirements as the
fix-ldap-distribution.patch, then maybe that patch can be dropped?

Thanks.

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1875697

Title:
  drop fix-ldap-distribution.patch?

Status in openldap package in Ubuntu:
  New

Bug description:
  Hi,

  In version 2.4.49+dfsg-3 I fixed a bug where the version was missing
  from the -V output in OpenLDAP programs:
  .

  At the same time, I've patched it to display the package version
  there, instead of the upstream version:

  # slapd -VV
  @(#) $OpenLDAP: slapd 2.4.49+dfsg-4 (Apr 15 2020 04:33:16) $
Debian OpenLDAP Maintainers 

  If showing the distro version here fulfills the same requirements as
  the fix-ldap-distribution.patch, then maybe that patch can be dropped?

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1875697/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1866303] [NEW] slapd crash with pwdAccountLockedTime and stacked overlays

2020-03-05 Thread Ryan Tandy
Public bug reported:

Hello,

Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue
in the ppolicy overlay that can crash slapd. Please also consider SRUing
the patch after it has had some testing time.

Upstream: https://openldap.org/its/?findid=9171
Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

The ingredients for the crash are:

1: ppolicy overlay configured with pwdLockout: TRUE
2. smbk5pwd overlay stacked after ppolicy
3. an account locked out via pwdAccountLockedTime
4. a client binding to the locked-out account and also requesting the ppolicy 
control

The buggy code is not as specific as the above steps, so I suspect there
are probably other configurations or steps that can trigger the same
crash.

I will attach my test script and data for reproducing the crash.

Expected output (last lines):

[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd running

Actual output (last lines):

[ ok ] Starting OpenLDAP: slapd.
slapd running
ldap_bind: Invalid credentials (49)
slapd dead

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: openldap (Debian)
 Importance: Unknown
 Status: Unknown

** Bug watch added: Debian Bug tracker #953150
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

** Also affects: openldap (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1866303

Title:
  slapd crash with pwdAccountLockedTime and stacked overlays

Status in openldap package in Ubuntu:
  New
Status in openldap package in Debian:
  Unknown

Bug description:
  Hello,

  Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an
  issue in the ppolicy overlay that can crash slapd. Please also
  consider SRUing the patch after it has had some testing time.

  Upstream: https://openldap.org/its/?findid=9171
  Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

  The ingredients for the crash are:

  1: ppolicy overlay configured with pwdLockout: TRUE
  2. smbk5pwd overlay stacked after ppolicy
  3. an account locked out via pwdAccountLockedTime
  4. a client binding to the locked-out account and also requesting the ppolicy 
control

  The buggy code is not as specific as the above steps, so I suspect
  there are probably other configurations or steps that can trigger the
  same crash.

  I will attach my test script and data for reproducing the crash.

  Expected output (last lines):

  [ ok ] Starting OpenLDAP: slapd.
  slapd running
  ldap_bind: Invalid credentials (49)
  slapd running

  Actual output (last lines):

  [ ok ] Starting OpenLDAP: slapd.
  slapd running
  ldap_bind: Invalid credentials (49)
  slapd dead

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1866303] test script

2020-03-05 Thread Ryan Tandy
** Attachment added: "slapd.conf"
   https://bugs.launchpad.net/bugs/1866303/+attachment/5334194/+files/slapd.conf

** Attachment added: "data.ldif"
   https://bugs.launchpad.net/bugs/1866303/+attachment/5334195/+files/data.ldif

** Attachment added: "samba.schema"
   
https://bugs.launchpad.net/bugs/1866303/+attachment/5334196/+files/samba.schema

** Attachment added: "script"
   https://bugs.launchpad.net/bugs/1866303/+attachment/5334197/+files/script

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1866303

Title:
  slapd crash with pwdAccountLockedTime and stacked overlays

Status in openldap package in Ubuntu:
  New
Status in openldap package in Debian:
  Unknown

Bug description:
  Hello,

  Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an
  issue in the ppolicy overlay that can crash slapd. Please also
  consider SRUing the patch after it has had some testing time.

  Upstream: https://openldap.org/its/?findid=9171
  Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953150

  The ingredients for the crash are:

  1: ppolicy overlay configured with pwdLockout: TRUE
  2. smbk5pwd overlay stacked after ppolicy
  3. an account locked out via pwdAccountLockedTime
  4. a client binding to the locked-out account and also requesting the ppolicy 
control

  The buggy code is not as specific as the above steps, so I suspect
  there are probably other configurations or steps that can trigger the
  same crash.

  I will attach my test script and data for reproducing the crash.

  Expected output (last lines):

  [ ok ] Starting OpenLDAP: slapd.
  slapd running
  ldap_bind: Invalid credentials (49)
  slapd running

  Actual output (last lines):

  [ ok ] Starting OpenLDAP: slapd.
  slapd running
  ldap_bind: Invalid credentials (49)
  slapd dead

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1864205] Re: _sasl_plugin_load failed on sasl_canonuser_init

2020-02-21 Thread Ryan Tandy
The messages are harmless as far as I know. If you don't want to see
them, uninstall the libsasl2-modules-ldap package. (Since you evidently
haven't configured it, I assume you aren't using it.)

At any rate this is not a bug in the openldap package.

** Changed in: openldap (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1864205

Title:
  _sasl_plugin_load failed on sasl_canonuser_init

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  Ubuntu 20.04
  slapd 2.4.49+dfsg-1ubuntu1

  Default configuration except for preexisting openldap user & group.

  # apt install slapd ldap-utils
  ...
  # journalctl |grep slapd|grep "Feb 21"
  ...
  Feb 21 15:59:54 samsung5-ubuntu slapd[435467]:  * Starting OpenLDAP slapd
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: ldapdb
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: _sasl_plugin_load failed on 
sasl_canonuser_init
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: @(#) $OpenLDAP: slapd  
(Ubuntu) (Feb 10 2020 15:13:47) $
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: auxpropfunc error invalid 
parameter supplied
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: _sasl_plugin_load failed on 
sasl_auxprop_plug_init
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: ldapdb
  Feb 21 15:59:54 samsung5-ubuntu slapd[435473]: _sasl_plugin_load failed on 
sasl_canonuser_init
  Feb 21 15:59:54 samsung5-ubuntu slapd[435474]: slapd starting
  Feb 21 15:59:54 samsung5-ubuntu slapd[435467]:...done.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1864205/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838370] Re: slapd segfault on filter parse error

2019-08-07 Thread Ryan Tandy
This has already been fixed as of 2.4.48+dfsg-1ubuntu1. I'm not sure why
the upload didn't automatically close the bug.

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Xenial:
  Confirmed
Status in openldap source package in Bionic:
  Confirmed
Status in openldap source package in Disco:
  Confirmed

Bug description:
  Hello!
  We have faced slapd crash, seems an attacker was trying to brute force one
  of our services and uid parsing failures caused slapd crash:

  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
  base="ou=test,dc=test,dc=com" scope=2 deref=0
  
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
  userPassword uidNumber gidNumber gecos homeDirectory loginShell
  krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
  shadowLastChange shadowMin shadow
  Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
  krbPasswordExpiration pwdAttribute authorizedService accountExpires
  userAccountControl nsAccountLock host loginDisabled loginExpirationTime
  loginAllowedTimeMap sshPublic
  Key
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
  nentries=0 text=massaged filter parse error
  Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
  7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
  [7fc8d1868000+1c]

  Another faulty filter example:
  
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
  
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ slapd -VVV
  @(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
  buildd@lcy01-amd64-019
  :/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

  Included static backends:
  config
  ldif

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

   affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1838370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1838370] Re: slapd segfault on filter parse error

2019-07-30 Thread Ryan Tandy
Looks like this is fixed upstream already:
https://openldap.org/its/?findid=8964 fixed in 2.4.48.

Cherry-picking upstream commit d40b357f5da9a94d2f4f541c21bde02610d9cd3b
fixes the crash for me.

** Also affects: openldap
   Importance: Undecided
   Status: New

** Changed in: openldap
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hello!
  We have faced slapd crash, seems an attacker was trying to brute force one
  of our services and uid parsing failures caused slapd crash:

  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
  base="ou=test,dc=test,dc=com" scope=2 deref=0
  
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
  userPassword uidNumber gidNumber gecos homeDirectory loginShell
  krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
  shadowLastChange shadowMin shadow
  Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
  krbPasswordExpiration pwdAttribute authorizedService accountExpires
  userAccountControl nsAccountLock host loginDisabled loginExpirationTime
  loginAllowedTimeMap sshPublic
  Key
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
  nentries=0 text=massaged filter parse error
  Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
  7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
  [7fc8d1868000+1c]

  Another faulty filter example:
  
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
  
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ slapd -VVV
  @(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
  buildd@lcy01-amd64-019
  :/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

  Included static backends:
  config
  ldif

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

   affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1838370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1838380] [NEW] slapd does not automatically restart on failure

2019-07-30 Thread Ryan Tandy
Hello,

You can configure that yourself with a systemd drop-in file that 
modifies the generated unit. A similar one was recently added to set 
RemainOnExit=false; see bug 1821343.

I can't comment on whether it's appropriate to add that behaviour in the 
package by default.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838380

Title:
  slapd does not automatically restart on failure

Status in openldap package in Ubuntu:
  New

Bug description:
  Slapd does not restart after a failure. Slapd package does not include
  systemd unit file at all, only init.d script. Makes sense to make a
  unitfile with a Restart=on-failure option.

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1838380/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1838370] [NEW] slapd segfault on filter parse error

2019-07-30 Thread Ryan Tandy
Hello, thank you for the report.

I was able to reproduce the crash locally by intentionally 
mis-configuring the rwm overlay.

Could you please provide a copy of your rwm overlay configuration? I 
would like to see what the actual parse failure was in your instance.


** Changed in: openldap (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1838370

Title:
  slapd segfault on filter parse error

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hello!
  We have faced slapd crash, seems an attacker was trying to brute force one
  of our services and uid parsing failures caused slapd crash:

  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH
  base="ou=test,dc=test,dc=com" scope=2 deref=0
  
filter="(&(uid=aistar123<>!n)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SRCH attr=objectClass uid
  userPassword uidNumber gidNumber gecos homeDirectory loginShell
  krbPrincipalName cn memberOf modifyTimestamp modifyTimestamp
  shadowLastChange shadowMin shadow
  Max shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange
  krbPasswordExpiration pwdAttribute authorizedService accountExpires
  userAccountControl nsAccountLock host loginDisabled loginExpirationTime
  loginAllowedTimeMap sshPublic
  Key
  Jul 26 18:59:47 slapd[1252]: conn=1466 op=13 SEARCH RESULT tag=101 err=0
  nentries=0 text=massaged filter parse error
  Jul 26 18:59:47 kernel: [ 9441.554161] slapd[2367]: segfault at 18 ip
  7fc8d18ec512 sp 7fc8889e2810 error 4 in libc-2.23.so
  [7fc8d1868000+1c]

  Another faulty filter example:
  
filter="(&(uid=sql<>?)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0"
  
filter="(&(uid=fugeone<>?123)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0"

  $ lsb_release -rd
  Description: Ubuntu 16.04.5 LTS
  Release: 16.04

  $ slapd -VVV
  @(#) $OpenLDAP: slapd  (Ubuntu) (May 22 2018 13:54:12) $
  buildd@lcy01-amd64-019
  :/build/openldap-t_Ta0O/openldap-2.4.42+dfsg/debian/build/servers/slapd

  Included static backends:
  config
  ldif

  $ apt-cache policy slapd
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.5
Version table:
   2.4.42+dfsg-2ubuntu3.5 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64
  Packages
   *** 2.4.42+dfsg-2ubuntu3.3 100
  100 /var/lib/dpkg/status
   2.4.42+dfsg-2ubuntu3.2 500
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64
  Packages
   2.4.42+dfsg-2ubuntu3 500
  500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

   affects ubuntu/openldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1838370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1821343] [NEW] slapd process failure is not detected by systemd

2019-03-22 Thread Ryan Tandy
Hello Hector,

On Fri, Mar 22, 2019 at 12:36:57PM -, Heitor R. Alves de Siqueira wrote:
>The slapd package for OpenLDAP is shipped with a SysV-style init script 
>(/etc/init.d/slapd). Systemd automatically converts this to a systemd 
>service by generating the unit file using the systemd-sysv-generator(8) 
>utility. The generated unit file contains Type=forking and 
>RemainAfterExit=yes directives.
>
>If the slapd daemon process exits due to some failure (e.g., it receives
>a SIGTERM or SIGKILL), the failure is not detected properly by systemd.
>The service is still reported as active even though the child (daemon)
>process has exited with a signal.
>
>We can easily fix this by including a proper systemd service file for
>slapd in the openldap package.

Do you need a whole service file for this? I thought you could achieve 
the same with a drop-in that just overrides the required keys:

/etc/systemd/systems/slapd.service.d/remain-after-exit.conf:

[Service]
Type=forking
RemainAfterExit=no
Restart=on-failure

(untested, based on bug 1488962)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1821343

Title:
  slapd process failure is not detected by systemd

Status in openldap package in Ubuntu:
  Confirmed
Status in openldap source package in Xenial:
  Confirmed
Status in openldap source package in Bionic:
  Confirmed
Status in openldap source package in Cosmic:
  Confirmed

Bug description:
  [Impact]
  Systemd service reports slapd as active, even though it may have failed

  [Description]
  The slapd package for OpenLDAP is shipped with a SysV-style init script 
(/etc/init.d/slapd). Systemd automatically converts this to a systemd service 
by generating the unit file using the systemd-sysv-generator(8) utility. The 
generated unit file contains Type=forking and RemainAfterExit=yes directives.

  If the slapd daemon process exits due to some failure (e.g., it
  receives a SIGTERM or SIGKILL), the failure is not detected properly
  by systemd. The service is still reported as active even though the
  child (daemon) process has exited with a signal.

  We can easily fix this by including a proper systemd service file for
  slapd in the openldap package. Since the init.d script already does
  most of the necessary work (parsing configs, setting up PID files,
  etc.), we don't need anything complicated for the systemd unit file.
  Just making sure that RemainAfterExit is set to "no" makes the systemd
  service behave in the expected way.

  [Test Case]
  1) Deploy a disco container
  $ lxc launch images:ubuntu/disco disco

  2) Install slapd
  ubuntu@disco:~$ sudo apt update && sudo apt install slapd -y

  3) Verify that slapd is running with the auto-generated service
  ubuntu@disco:~$ systemctl status slapd
  ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory 
Access Protocol)
 Loaded: loaded (/etc/init.d/slapd; generated)
 Active: active (running) since Fri 2019-03-22 11:51:22 UTC; 40min ago
   Docs: man:systemd-sysv-generator(8)
Process: 1103 ExecStart=/etc/init.d/slapd start (code=exited, 
status=0/SUCCESS)
  Tasks: 3 (limit: 4915)
 Memory: 712.6M
 CGroup: /system.slice/slapd.service
 └─1109 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u 
openldap -F /etc/ldap/slapd.d

  4) SIGKILL the slapd process (PID is displayed in systemctl status output)
  ubuntu@disco:~$ sudo kill -9 1109

  5) Check if systemd service lists slapd as still active, even though it was 
terminated
  ubuntu@disco:~$ systemctl status slapd
  ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory 
Access Protocol)
 Loaded: loaded (/etc/init.d/slapd; generated)
 Active: active (exited) since Fri 2019-03-22 11:51:22 UTC; 42min ago
   Docs: man:systemd-sysv-generator(8)
Process: 1103 ExecStart=/etc/init.d/slapd start (code=exited, 
status=0/SUCCESS)

  [Regression Potential]
  The regression potential for this fix should be very low, if we keep the new 
systemd unit file close to the one generated by systemd-sysv-generator(8). The 
only significant change would be the RemainAfterExit directive, and this should 
make the slapd service behave like a "normal" forking service. Nonetheless, 
we'll perform scripted test runs to make sure no regressions arise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1821343/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
Also here is my git branch in case you prefer to view the merge commit
directly:

https://salsa.debian.org/openldap-team/openldap/tree/ubuntu/merge-2.4.47

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1811630

Title:
  Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  New

Bug description:
  Hello,

  I have prepared the merge of openldap 2.4.47+dfsg-2. This will
  probably be the version released in Debian buster unless any release
  critical bugs show up.

  I made changes in Debian to how the contrib modules are built. I made
  the same changes for nssov in this merge and tested it with the
  current nss/pam-ldapd. I also added its man page which doesn't seem to
  have been included before.

  I performed a test build in a PPA:
  https://launchpad.net/~rtandy/+archive/ubuntu/openldap2.4.47

  Please consider sponsoring this update. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
** Attachment added: "openldap_2.4.47+dfsg-2ubuntu1.debian.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+attachment/5228960/+files/openldap_2.4.47+dfsg-2ubuntu1.debian.tar.xz

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1811630

Title:
  Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  New

Bug description:
  Hello,

  I have prepared the merge of openldap 2.4.47+dfsg-2. This will
  probably be the version released in Debian buster unless any release
  critical bugs show up.

  I made changes in Debian to how the contrib modules are built. I made
  the same changes for nssov in this merge and tested it with the
  current nss/pam-ldapd. I also added its man page which doesn't seem to
  have been included before.

  I performed a test build in a PPA:
  https://launchpad.net/~rtandy/+archive/ubuntu/openldap2.4.47

  Please consider sponsoring this update. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1811630] [NEW] Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
Public bug reported:

Hello,

I have prepared the merge of openldap 2.4.47+dfsg-2. This will probably
be the version released in Debian buster unless any release critical
bugs show up.

I made changes in Debian to how the contrib modules are built. I made
the same changes for nssov in this merge and tested it with the current
nss/pam-ldapd. I also added its man page which doesn't seem to have been
included before.

I performed a test build in a PPA:
https://launchpad.net/~rtandy/+archive/ubuntu/openldap2.4.47

Please consider sponsoring this update. Thank you!

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1811630

Title:
  Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  New

Bug description:
  Hello,

  I have prepared the merge of openldap 2.4.47+dfsg-2. This will
  probably be the version released in Debian buster unless any release
  critical bugs show up.

  I made changes in Debian to how the contrib modules are built. I made
  the same changes for nssov in this merge and tested it with the
  current nss/pam-ldapd. I also added its man page which doesn't seem to
  have been included before.

  I performed a test build in a PPA:
  https://launchpad.net/~rtandy/+archive/ubuntu/openldap2.4.47

  Please consider sponsoring this update. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
** Attachment added: "openldap_2.4.47+dfsg-2ubuntu1.dsc"
   
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+attachment/5228959/+files/openldap_2.4.47+dfsg-2ubuntu1.dsc

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1811630

Title:
  Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  New

Bug description:
  Hello,

  I have prepared the merge of openldap 2.4.47+dfsg-2. This will
  probably be the version released in Debian buster unless any release
  critical bugs show up.

  I made changes in Debian to how the contrib modules are built. I made
  the same changes for nssov in this merge and tested it with the
  current nss/pam-ldapd. I also added its man page which doesn't seem to
  have been included before.

  I performed a test build in a PPA:
  https://launchpad.net/~rtandy/+archive/ubuntu/openldap2.4.47

  Please consider sponsoring this update. Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1809938] Re: delta syncrepl generates reqMod Attribute 'colon' with emtpty value

2018-12-27 Thread Ryan Tandy
** Changed in: openldap (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1809938

Title:
  delta syncrepl generates reqMod Attribute 'colon'  with emtpty value

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  The BUG occurs in 2.4.45+dfsg-1ubuntu1.1 (Ubuntu 18.04.x)
  The BUG occurs in 2.4.46+dfsg-5ubuntu1.1 (Ubuntu 18.10.x)
  The BUG doesn't occur in 2.4.42+dfsg-2ubuntu3.4 (Ubuntu 16.4.x)

  It seems, the BUG only occurs when importing an LDIf file.
  The BUG then only affects locations with a multi-line statement
  'changetype: modify'
  Only statements in which the modify affects the >>same attribute<< are 
affected!
  The order of the action, 'delete', 'add' or eg 'add' twice does not matter.
  Also the name of the attribute does not matter.

  Example: (Instead of pst, it could also be another multivalue attribute 
  version: 1

  dn: uid=someuid,cn=Personen,dc=charite.de
  changetype: modify
  delete: pst
  pst: 
  -
  add: pst
  pst: 50074372

  ...
  The entry is processed by the provider during the import, so far so good:
  But the entry in the accesslog (delta syncrepl) contains a reqMod too much 
for an attribute called ':' (colon), with empty value!
  ...
  reqModpst: -
  reqMod:
  reqModpst: +50074372
  ...

  The consumers acknowledge this with:
  ...
  Dec 22 22:18:18 oscar slapd[30317]: syncrepl_accesslog_mods: rid=333 Invalid 
attribute :, empty AttributeDescription
  ...
  We tested several other LDIF files with different attributes and other 
multiple actions on the same attribute. Whenever the o.g. Conditions apply, 
this error occurs in the accesslog.

  We tested that for
  2.4.45+dfsg-1ubuntu1.1 (Ubuntu 18.04.x)
  2.4.46+dfsg-5ubuntu1.1 (Ubuntu 18.10.x)
  2.4.42+dfsg-2ubuntu3.4 (Ubuntu 16.4.x)
  On 2.4.42 + dfsg-2ubuntu3.4 the error did not occur yet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1809938/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1809938] [NEW] delta syncrepl generates reqMod Attribute 'colon' with emtpty value

2018-12-27 Thread Ryan Tandy
Hello Mario,

This was an intentional change by OpenLDAP developers, in order to fix a 
replication bug that could cause providers and consumers to lose sync. 
Please see the upstream issue for the full details:

http://www.openldap.org/its/?findid=6545

I confirm this behaviour on a producer running 2.4.45 or later. I 
confirm the "Invalid attribute" error (and failure to replicate) on a 
consumer running 2.4.42, but after upgrading the same to 2.4.45, 
everything works.

I think in this case all I can recommend is to run the same version on 
your consumers as on your provider.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1809938

Title:
  delta syncrepl generates reqMod Attribute 'colon'  with emtpty value

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  The BUG occurs in 2.4.45+dfsg-1ubuntu1.1 (Ubuntu 18.04.x)
  The BUG occurs in 2.4.46+dfsg-5ubuntu1.1 (Ubuntu 18.10.x)
  The BUG doesn't occur in 2.4.42+dfsg-2ubuntu3.4 (Ubuntu 16.4.x)

  It seems, the BUG only occurs when importing an LDIf file.
  The BUG then only affects locations with a multi-line statement
  'changetype: modify'
  Only statements in which the modify affects the >>same attribute<< are 
affected!
  The order of the action, 'delete', 'add' or eg 'add' twice does not matter.
  Also the name of the attribute does not matter.

  Example: (Instead of pst, it could also be another multivalue attribute 
  version: 1

  dn: uid=someuid,cn=Personen,dc=charite.de
  changetype: modify
  delete: pst
  pst: 
  -
  add: pst
  pst: 50074372

  ...
  The entry is processed by the provider during the import, so far so good:
  But the entry in the accesslog (delta syncrepl) contains a reqMod too much 
for an attribute called ':' (colon), with empty value!
  ...
  reqModpst: -
  reqMod:
  reqModpst: +50074372
  ...

  The consumers acknowledge this with:
  ...
  Dec 22 22:18:18 oscar slapd[30317]: syncrepl_accesslog_mods: rid=333 Invalid 
attribute :, empty AttributeDescription
  ...
  We tested several other LDIF files with different attributes and other 
multiple actions on the same attribute. Whenever the o.g. Conditions apply, 
this error occurs in the accesslog.

  We tested that for
  2.4.45+dfsg-1ubuntu1.1 (Ubuntu 18.04.x)
  2.4.46+dfsg-5ubuntu1.1 (Ubuntu 18.10.x)
  2.4.42+dfsg-2ubuntu3.4 (Ubuntu 16.4.x)
  On 2.4.42 + dfsg-2ubuntu3.4 the error did not occur yet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1809938/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1782203] Re: package slapd 2.4.45+dfsg-1ubuntu1 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1

2018-07-17 Thread Ryan Tandy
from the terminal log:

Jul 12 09:48:10 pii.host slapd[5659]: daemon: bind(8) failed errno=98 (Address 
already in use)
Jul 12 09:48:10 pii.host slapd[5659]: daemon: bind(8) failed errno=98 (Address 
already in use)

and from the apt log:

Start-Date: 2018-07-12  06:42:24
Commandline: apt-get purge slapd
Purge: slapd:amd64 (2.4.45+dfsg-1ubuntu1)
End-Date: 2018-07-12  06:42:27

Start-Date: 2018-07-12  09:48:08
Commandline: apt-get install slapd ldap-utils
Requested-By: daniel (1000)
Install: slapd:amd64 (2.4.45+dfsg-1ubuntu1)

Looks like slapd was still running after being uninstalled. Just 
speculating here but the most likely reason is that the config was 
broken or damaged and the init script was unable to stop it during 
uninstallation. So please kill it yourself and try the installation 
again.

In any case this does not look like a bug in the package installation.


** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1782203

Title:
  package slapd 2.4.45+dfsg-1ubuntu1 failed to install/upgrade:
  installed slapd package post-installation script subprocess returned
  error exit status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Occurs on startup

  ProblemType: Package
  DistroRelease: Ubuntu 18.04
  Package: slapd 2.4.45+dfsg-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18
  Uname: Linux 4.15.0-23-generic x86_64
  NonfreeKernelModules: kpatch_livepatch_Ubuntu_4_15_0_23_25_generic_40
  ApportVersion: 2.20.9-0ubuntu7.2
  AptOrdering:
   slapd:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  Date: Thu Jul 12 09:48:10 2018
  ErrorMessage: installed slapd package post-installation script subprocess 
returned error exit status 1
  InstallationDate: Installed on 2018-06-07 (39 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 
3.6.5-3ubuntu1
  PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 
2.7.15~rc1-1
  RelatedPackageVersions:
   dpkg 1.19.0.5ubuntu2
   apt  1.6.2
  SourcePackage: openldap
  Title: package slapd 2.4.45+dfsg-1ubuntu1 failed to install/upgrade: 
installed slapd package post-installation script subprocess returned error exit 
status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1782203/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2018-06-28 Thread Ryan Tandy
Last time I tried to reproduce this with a C program I was not
successful, hence why I haven't been able to work on this from the
upstream side. I will try again... Martin, it would be *very* helpful if
you could post code or a script that demonstrates the issue in an
automated way. I know you posted details and pseudocode on the ITS but
I'm fallible and didn't succeed at turning it into a reproducer so far.
Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1547927

Title:
  LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
  STARTTLS

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Tested with vivid and wily...
  also logged with openldap as 
http://www.openldap.org/its/index.cgi/Incoming?id=8374

  
  The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
  between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

  When accessing server with a self-signed certificate, the results are:

  
  ldaps://

  neverOK
  hard Error: can't contact LDAP server
  demand   Error: can't contact LDAP server
  allowOK
  try  Error: can't contact LDAP server

  
  ldap:// plus explicit ldap_start_tls_s()

  neverOK
  hard OK
  demand   OK
  allowOK
  try  OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
On Tue, May 22, 2018 at 05:48:42PM -, Dylan Gray wrote:
>I know RHEL and SLES have an OpenLDAP version which has a dependency on 
>MIT Kerberos.

As far as I know the libldap packages in those distros don't directly 
link a GSSAPI library at all. Ubuntu is the only one I'm aware of that 
enables this.

$ cat /etc/centos-release 
CentOS release 6.9 (Final)
$ ldd /lib64/libldap-2.4.so.2 | grep -e gss -e krb
$ 

If there is a dependency I would guess it's a transitive one, via some 
intermediate library such as NSS?

>Ideally for me, there would be libldap2-mit and libldap2-mit-dev 
>packages I could apt-get, and all my problems would go away without 
>breaking anyone. That being said, I know that is kind of a big ask.

For future releases I'd be more inclined to just disable the libldap 
GSSAPI support - it's dead upstream, non-standard, and as far as I know 
not enabled at all in other distros. For existing Ubuntu stable releases 
I think we're stuck with the status quo.

I'd focus on figuring out what the difference is between your program 
and others that are apparently able to link both libgssapi-krb5 and 
libldap. nslcd is one example as I mentioned; adcli looks like another.

https://launchpadlibrarian.net/252516279/buildlog_ubuntu-xenial-
amd64.adcli_0.8.1-1_BUILDING.txt.gz

>libtool: link: gcc -g -O2 -fstack-protector-strong -Wformat 
>-Werror=format-security -g -Wall -Wstrict-prototypes -Wmissing-declarations 
>-Wmissing-prototypes -Wnested-externs -Wpointer-arith 
>-Wdeclaration-after-statement -Wformat=2 -Winit-self -Waggregate-return 
>-Wno-missing-format-attribute -Wmissing-include-dirs -Wundef 
>-Wl,-Bsymbolic-functions -Wl,-z -Wl,relro -o adcli computer.o entry.o info.o 
>tools.o -Wl,-Bsymbolic-functions -Wl,-z -Wl,relro  ../library/.libs/libadcli.a 
>-L/usr/lib/x86_64-linux-gnu/mit-krb5 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err 
>-llber -lldap -lresolv
>/usr/bin/ld: warning: libkrb5.so.26, needed by 
>//usr/lib/x86_64-linux-gnu/libgssapi.so.3, may conflict with libkrb5.so.3

That one appears to work despite the conflict...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1772530

Title:
  OpenLDAP depends on old version of KRB5 which conflicts with other
  packages

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Currently, Ubuntu 16.04's newest offered version of OpenLDAP is
  version 2.4.42. This version depends on libgssapi3 which in turn
  depends libkrb5 version 2.6. Many other common libraries (like
  gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP
  version 2.4.44 fixes this issue, but it is not available from any of
  the Ubuntu repo's. It would be fabulous if this could be fixed.

  Repo:
  > # OpenLDAP depends on krb5 2.6
  > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so

  Dynamic section at offset 0x4d548 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [liblber-2.4.so.2]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libsasl2.so.2]
   0x0001 (NEEDED) Shared library: [libgssapi.so.3]
   0x0001 (NEEDED) Shared library: [libgnutls.so.30]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libldap_r-2.4.so.2]

  >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3

  Dynamic section at offset 0x3daa8 contains 34 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libheimntlm.so.0]
   0x0001 (NEEDED) Shared library: [libkrb5.so.26]
   0x0001 (NEEDED) Shared library: [libasn1.so.8]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libhcrypto.so.4]
   0x0001 (NEEDED) Shared library: [libroken.so.18]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi.so.3]

  
  > # gssapi_krb5 and default krb5 depend on krb5 3.0
  > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so

  Dynamic section at offset 0x47c48 contains 31 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libkrb5.so.3]
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared 

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
On Tue, May 22, 2018 at 10:21:17AM -0700, Ryan Tandy wrote:
>I see. Yes, I can see how that would be a problem. The linker warning 
>is only a warning, but the ABIs very likely do conflict.

... that said, at least one or two packages do seem to manage with both 
-lldap and -lgssapi_krb5, for example nslcd:

https://launchpadlibrarian.net/222403009/buildlog_ubuntu-xenial-amd64
.nss-pam-ldapd_0.9.6-3_BUILDING.txt.gz

Now maybe it's as simple as nslcd calls different things than your 
program does, but maybe you could look into how some of the existing 
packages that depend both on libgssapi-krb5 and libldap manage to work?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1772530

Title:
  OpenLDAP depends on old version of KRB5 which conflicts with other
  packages

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Currently, Ubuntu 16.04's newest offered version of OpenLDAP is
  version 2.4.42. This version depends on libgssapi3 which in turn
  depends libkrb5 version 2.6. Many other common libraries (like
  gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP
  version 2.4.44 fixes this issue, but it is not available from any of
  the Ubuntu repo's. It would be fabulous if this could be fixed.

  Repo:
  > # OpenLDAP depends on krb5 2.6
  > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so

  Dynamic section at offset 0x4d548 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [liblber-2.4.so.2]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libsasl2.so.2]
   0x0001 (NEEDED) Shared library: [libgssapi.so.3]
   0x0001 (NEEDED) Shared library: [libgnutls.so.30]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libldap_r-2.4.so.2]

  >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3

  Dynamic section at offset 0x3daa8 contains 34 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libheimntlm.so.0]
   0x0001 (NEEDED) Shared library: [libkrb5.so.26]
   0x0001 (NEEDED) Shared library: [libasn1.so.8]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libhcrypto.so.4]
   0x0001 (NEEDED) Shared library: [libroken.so.18]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi.so.3]

  
  > # gssapi_krb5 and default krb5 depend on krb5 3.0
  > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so

  Dynamic section at offset 0x47c48 contains 31 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libkrb5.so.3]
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi_krb5.so.2]

  > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so

  Dynamic section at offset 0xcfcc0 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libkeyutils.so.1]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libkrb5.so.3]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
Hi Dylan,

On Tue, May 22, 2018 at 04:39:21PM -, Dylan Gray wrote:
>The dependency is a problem because my program depends on gssapi_krb5,
>krb5, sasl, and openldap. On Ubuntu, the linker will throw errors
>because "libkrb5.so.26, needed by //usr/lib/x86_64-linux-
>gnu/libgssapi.so.3, may conflict with libkrb5.so."

I see. Yes, I can see how that would be a problem. The linker warning is 
only a warning, but the ABIs very likely do conflict.

As far as I know the MIT and Heimdal libraries can be combined at 
runtime, thanks to symbol versioning; but that doesn't help you at build 
time.

I don't think changing libldap's linkage in an update to a 
several-years-old stable release is a good plan, though. It's at least 
as likely that doing so would break someone else's existing program (or 
worse, someone else's existing compiled binaries.)

I suppose if it were possible for you to use GSSAPI via SASL (like 
libldap does) instead of directly, you'd be doing that already.

I'm not really sure what to suggest here. I'll have to think about this. 
Maybe someone else reading this will have an idea.

(I'm actually not sure why libldap links against Heimdal in the first 
place. MIT is usually the default choice for libkrb5. Maybe because 
Heimdal was already pulled into the openldap build for other reasons.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1772530

Title:
  OpenLDAP depends on old version of KRB5 which conflicts with other
  packages

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Currently, Ubuntu 16.04's newest offered version of OpenLDAP is
  version 2.4.42. This version depends on libgssapi3 which in turn
  depends libkrb5 version 2.6. Many other common libraries (like
  gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP
  version 2.4.44 fixes this issue, but it is not available from any of
  the Ubuntu repo's. It would be fabulous if this could be fixed.

  Repo:
  > # OpenLDAP depends on krb5 2.6
  > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so

  Dynamic section at offset 0x4d548 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [liblber-2.4.so.2]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libsasl2.so.2]
   0x0001 (NEEDED) Shared library: [libgssapi.so.3]
   0x0001 (NEEDED) Shared library: [libgnutls.so.30]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libldap_r-2.4.so.2]

  >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3

  Dynamic section at offset 0x3daa8 contains 34 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libheimntlm.so.0]
   0x0001 (NEEDED) Shared library: [libkrb5.so.26]
   0x0001 (NEEDED) Shared library: [libasn1.so.8]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libhcrypto.so.4]
   0x0001 (NEEDED) Shared library: [libroken.so.18]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi.so.3]

  
  > # gssapi_krb5 and default krb5 depend on krb5 3.0
  > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so

  Dynamic section at offset 0x47c48 contains 31 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libkrb5.so.3]
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi_krb5.so.2]

  > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so

  Dynamic section at offset 0xcfcc0 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libkeyutils.so.1]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
Hi Dylan,

Chances are libldap's dependency on libgssapi is not relevant for you.  
It's only used by the ldap_gssapi_bind family of functions, which are 
non-standard and only used by one or two specific applications.

Without knowing more about your use case, I would assume that for your 
purposes you would select the Kerberos implementation by installing one 
of the two libsasl2-modules-gssapi-* packages I mentioned, as the 
standard way to use GSSAPI is via the SASL library.

MIT and Heimdal both provide conflicting and non-conflicting dev 
packages:

- krb5-multidev provides krb5-config.mit and does not conflict
- heimdal-multidev provides krb5-config.heimdal and does not conflict
- libkrb5-dev provides krb5-config (symlinked to krb5-config.mit) and 
  conflicts with heimdal-dev
- heimdal-dev provides krb5-config (symlinked to krb5-config.heimdal) 
  and conflicts with libkrb5-dev

Hope this helps!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1772530

Title:
  OpenLDAP depends on old version of KRB5 which conflicts with other
  packages

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Currently, Ubuntu 16.04's newest offered version of OpenLDAP is
  version 2.4.42. This version depends on libgssapi3 which in turn
  depends libkrb5 version 2.6. Many other common libraries (like
  gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP
  version 2.4.44 fixes this issue, but it is not available from any of
  the Ubuntu repo's. It would be fabulous if this could be fixed.

  Repo:
  > # OpenLDAP depends on krb5 2.6
  > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so

  Dynamic section at offset 0x4d548 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [liblber-2.4.so.2]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libsasl2.so.2]
   0x0001 (NEEDED) Shared library: [libgssapi.so.3]
   0x0001 (NEEDED) Shared library: [libgnutls.so.30]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libldap_r-2.4.so.2]

  >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3

  Dynamic section at offset 0x3daa8 contains 34 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libheimntlm.so.0]
   0x0001 (NEEDED) Shared library: [libkrb5.so.26]
   0x0001 (NEEDED) Shared library: [libasn1.so.8]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libhcrypto.so.4]
   0x0001 (NEEDED) Shared library: [libroken.so.18]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi.so.3]

  
  > # gssapi_krb5 and default krb5 depend on krb5 3.0
  > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so

  Dynamic section at offset 0x47c48 contains 31 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libkrb5.so.3]
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi_krb5.so.2]

  > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so

  Dynamic section at offset 0xcfcc0 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libkeyutils.so.1]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libkrb5.so.3]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1772530/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : 

Re: [Touch-packages] [Bug 1772530] [NEW] OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-21 Thread Ryan Tandy
Hi Dylan,

On Mon, May 21, 2018 at 10:22:23PM -, Dylan Gray wrote:
>Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version
>2.4.42. This version depends on libgssapi3 which in turn depends libkrb5
>version 2.6. Many other common libraries (like gssapi_krb5) depend on
>libkrb5 3.0.

I'm not sure what you're trying to say here. The version numbers in the 
library filenames (3 and 26 in your examples) track the library's public 
interface, not the software version.

libkrb5.so.3 is the MIT Kerberos implementation: 
https://packages.ubuntu.com/xenial-updates/libkrb5-3

libkrb5.so.26 is the Heimdal Kerberos implementation: 
https://packages.ubuntu.com/xenial-updates/libkrb5-26-heimdal

Could you please be specific about what problem you are having and why 
you think it is caused by the Kerberos libraries?

Note that if you use GSSAPI via SASL, then you can choose which Kerberos 
implementation is used, by installing resp. libsasl2-modules-gssapi-mit 
or libsasl2-modules-gssapi-heimdal.


** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1772530

Title:
  OpenLDAP depends on old version of KRB5 which conflicts with other
  packages

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Currently, Ubuntu 16.04's newest offered version of OpenLDAP is
  version 2.4.42. This version depends on libgssapi3 which in turn
  depends libkrb5 version 2.6. Many other common libraries (like
  gssapi_krb5) depend on libkrb5 3.0. From what I can tell, OpenLDAP
  version 2.4.44 fixes this issue, but it is not available from any of
  the Ubuntu repo's. It would be fabulous if this could be fixed.

  Repo:
  > # OpenLDAP depends on krb5 2.6
  > readelf -d /usr/lib/x86_64-linux-gnu/libldap.so

  Dynamic section at offset 0x4d548 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [liblber-2.4.so.2]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libsasl2.so.2]
   0x0001 (NEEDED) Shared library: [libgssapi.so.3]
   0x0001 (NEEDED) Shared library: [libgnutls.so.30]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libldap_r-2.4.so.2]

  >readelf -d /usr/lib/x86_64-linux-gnu/libgssapi.so.3

  Dynamic section at offset 0x3daa8 contains 34 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libheimntlm.so.0]
   0x0001 (NEEDED) Shared library: [libkrb5.so.26]
   0x0001 (NEEDED) Shared library: [libasn1.so.8]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libhcrypto.so.4]
   0x0001 (NEEDED) Shared library: [libroken.so.18]
   0x0001 (NEEDED) Shared library: [libpthread.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi.so.3]

  
  > # gssapi_krb5 and default krb5 depend on krb5 3.0
  > readelf -d /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so

  Dynamic section at offset 0x47c48 contains 31 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libkrb5.so.3]
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libgssapi_krb5.so.2]

  > readelf -d /usr/lib/x86_64-linux-gnu/libkrb5.so

  Dynamic section at offset 0xcfcc0 contains 32 entries:
TagType Name/Value
   0x0001 (NEEDED) Shared library: [libk5crypto.so.3]
   0x0001 (NEEDED) Shared library: [libcom_err.so.2]
   0x0001 (NEEDED) Shared library: [libkrb5support.so.0]
   0x0001 (NEEDED) Shared library: [libkeyutils.so.1]
   0x0001 (NEEDED) Shared library: [libresolv.so.2]
   0x0001 (NEEDED) Shared library: [libc.so.6]
   0x000e (SONAME) Library soname: [libkrb5.so.3]

To manage notifications about this bug go to:

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
The attached debdiff is basically the same as what I already uploaded to 
Debian stable in 2.4.44+dfsg-5+deb9u1. No regressions were reported 
against that upload.

Tested in a xenial chroot using my test program as above and the patch 
fixes the issue for me.

Test packages are building now in the same PPA.
https://launchpad.net/~rtandy/+archive/ubuntu/bug1688575


** Attachment added: "openldap_2.4.42+dfsg-2ubuntu3.3.debdiff"
   
https://bugs.launchpad.net/bugs/1688575/+attachment/5139684/+files/openldap_2.4.42+dfsg-2ubuntu3.3.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
I also recommend having your local hostname and FQDN in /etc/hosts when 
executing that test program, as the SASL library looks it up at least 
once on every iteration.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
Please find attached a test program and Makefile plus a test script to 
drive it. Basically the program exercises concurrent SASL binds.

With the current packages in xenial, the test program fails in a variety 
of ways:

$ ./sasltest
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70: bind_thread: Assertion `rc == LDAP_SUCCESS' failed.
Aborted

$ ./sasltest
Segmentation fault

$ ./sasltest
Bus error

or even simply hanging/spinning.

(If you execute ./sasltest in a shell, be sure to export 
LDAPSASL_SECPROPS=none first to avoid the confidentiality requirement.)

With the proposed patch, the test program should reliably complete all 
its iterations (takes a few seconds) and exit successfully. I hope this 
reproduces the problem for you.

My proposed debdiff and PPA are out of date and should be rebased using 
the actual upstream patches. (Similar changes already landed in Debian 
stretch.) I will try to take care of that this week, but if you have 
everything you need and the tuits, feel free to proceed without me.


** Attachment added: "Makefile"
   https://bugs.launchpad.net/bugs/1688575/+attachment/5139678/+files/Makefile

** Attachment added: "sasltest.c"
   https://bugs.launchpad.net/bugs/1688575/+attachment/5139679/+files/sasltest.c

** Attachment added: "testscript"
   https://bugs.launchpad.net/bugs/1688575/+attachment/5139680/+files/testscript

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-14 Thread Ryan Tandy
On Mon, May 14, 2018 at 02:34:13PM -, Andreas Hasenack wrote:
>Last I tried, I couldn't reproduce it. Can we make the case for an SRU
>without a clear test case?

I'll try and find time this week to work up instructions.

Would a program that demonstrates the issue (test instructions: compile 
and run) be satisfactory for SRU purposes?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-11 Thread Ryan Tandy
This slipped off my radar after the fix was uploaded to arful, but we
should fix it in xenial as well.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e9637a700) at 

[Touch-packages] [Bug 1763988] Re: package slapd 2.4.31-1+nmu2ubuntu8.2 failed to install/upgrade: underprosessen nytt pre-installation-skript returnerte feilstatus 1

2018-04-14 Thread Ryan Tandy
The slapd upgrade failed, because:

  Dumping to /var/backups/slapd-2.4.31-1+nmu2ubuntu8.2: 
  - directory dc=testlab,dc=dev...
5ad25c38 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif"
5ad25c39 hdb_db_open: database "dc=testlab,dc=dev": 
db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
5ad25c39 backend_startup_one (type=hdb, suffix="dc=testlab,dc=dev"): bi_db_open 
failed! (2)

That doesn't look like the package's fault. We can't upgrade the
database if the files are missing... Was slapd actually working before
you started this upgrade?

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1763988

Title:
  package slapd 2.4.31-1+nmu2ubuntu8.2 failed to install/upgrade:
  underprosessen nytt pre-installation-skript returnerte feilstatus 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Upgrade from 14 lts to 16 lts

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: slapd 2.4.31-1+nmu2ubuntu8.2
  ProcVersionSignature: Ubuntu 3.13.0-74.118-generic 3.13.11-ckt30
  Uname: Linux 3.13.0-74-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.20
  Architecture: amd64
  Date: Sat Apr 14 21:53:46 2018
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu8.2:underprosessen nytt 
pre-installation-skript returnerte feilstatus 1
  ErrorMessage: underprosessen nytt pre-installation-skript returnerte 
feilstatus 1
  InstallationDate: Installed on 2010-05-27 (2878 days ago)
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 
(20100427)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1.4
   apt  1.0.1ubuntu2.13
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu8.2 failed to install/upgrade: 
underprosessen nytt pre-installation-skript returnerte feilstatus 1
  UpgradeStatus: Upgraded to xenial on 2018-04-14 (0 days ago)
  mtime.conffile..etc.default.slapd: 2013-06-27T23:07:54.563749

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1763988/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2017-08-29 Thread Ryan Tandy
** Changed in: openldap (Ubuntu)
   Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1547927

Title:
  LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
  STARTTLS

Status in openldap package in Ubuntu:
  New

Bug description:
  Tested with vivid and wily...
  also logged with openldap as 
http://www.openldap.org/its/index.cgi/Incoming?id=8374

  
  The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
  between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

  When accessing server with a self-signed certificate, the results are:

  
  ldaps://

  neverOK
  hard Error: can't contact LDAP server
  demand   Error: can't contact LDAP server
  allowOK
  try  Error: can't contact LDAP server

  
  ldap:// plus explicit ldap_start_tls_s()

  neverOK
  hard OK
  demand   OK
  allowOK
  try  OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1702290] Re: slapd fails to stop if /etc/ldap/slapd.d/cn=config.ldif is deleted but /etc/ldap/slapd.d still exists

2017-08-29 Thread Ryan Tandy
** Bug watch added: Debian Bug tracker #873682
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873682

** Also affects: openldap (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873682
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1702290

Title:
  slapd fails to stop if /etc/ldap/slapd.d/cn=config.ldif is deleted but
  /etc/ldap/slapd.d still exists

Status in openldap package in Ubuntu:
  Confirmed
Status in openldap package in Debian:
  Unknown

Bug description:
  after i install slapd and remove it's one of folders, couldnt do apt-
  get ugrade. It said problem about header

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: slapd 2.4.31-1+nmu2ubuntu8.4
  ProcVersionSignature: Ubuntu 3.13.0-95.142-generic 3.13.11-ckt39
  Uname: Linux 3.13.0-95-generic x86_64
  NonfreeKernelModules: nvidia wl
  ApportVersion: 2.14.1-0ubuntu3.23
  AptOrdering:
   ldap-utils: Remove
   slapd: Remove
  Architecture: amd64
  Date: Tue Jul  4 15:22:00 2017
  DistributionChannelDescriptor:
   # This is a distribution channel descriptor
   # For more information see 
http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-somerville-trusty-amd64-20140620-0
  DpkgHistoryLog:
   Start-Date: 2017-07-04  15:21:46
   Commandline: apt-get remove slapd ldap-utils
   Remove: ldap-utils:amd64 (2.4.31-1+nmu2ubuntu8.4), slapd:amd64 
(2.4.31-1+nmu2ubuntu8.4)
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu8.4:subprocess installed 
pre-removal script returned error exit status 2
  ErrorMessage: subprocess installed pre-removal script returned error exit 
status 2
  InstallationDate: Installed on 2015-06-03 (761 days ago)
  InstallationMedia: Ubuntu 14.04 "Trusty" - Build amd64 LIVE Binary 
20140620-04:25
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.7
   apt  1.0.1ubuntu2.17
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu8.4 failed to install/upgrade: 
subprocess installed pre-removal script returned error exit status 2
  UpgradeStatus: Upgraded to trusty on 2016-05-30 (400 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1702290/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1656979] Re: No support for DHE ciphers (TLS)

2017-08-29 Thread Ryan Tandy
Hello Haw,

openldap 2.4.45 is in artful now, so this should be fixed. could you
please try your cipherscan again and confirm?

Thanks!

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1656979

Title:
  No support for DHE ciphers (TLS)

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Hi,

  Seems the OpenLDAP shipped with Xenial (and prior) built against
  GnuTLS does not support DHE cipher suites.

  | hloeung@ldap-server:~$ apt-cache policy slapd
  | slapd:
  |   Installed: 2.4.42+dfsg-2ubuntu3.1
  |   Candidate: 2.4.42+dfsg-2ubuntu3.1
  |   Version table:
  |  *** 2.4.42+dfsg-2ubuntu3.1 500
  | 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
  | 100 /var/lib/dpkg/status
  |  2.4.42+dfsg-2ubuntu3 500
  | 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  Our LDAP server is configured with the following:

  | TLSCertificateFile /etc/ssl/certs/ldap-server.crt
  | TLSCertificateKeyFile /etc/ssl/private/ldap-server.key
  | TLSCACertificateFile /etc/ssl/certs/ldap-server_chain.crt
  | TLSProtocolMin 1.0
  | TLSCipherSuite 
PFS:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-CBC:-CAMELLIA-128-GCM:-CAMELLIA-256-GCM:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:%SERVER_PRECEDENCE
  | TLSDHParamFile /etc/ssl/private/dhparams.pem

  I know TLSDHParamFile isn't used by OpenLDAP when built with GnuTLS,
  but thought I'd try anyways. cipherscan[1] shows the following list of
  cipher suites:

  | prio  ciphersuite  protocols  pfs   
  curves
  | 1 ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 2 ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 3 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 4 ECDHE-RSA-AES128-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 6 ECDHE-RSA-AES256-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1

  Even with TLSCipherSuite config commented out, we see the following
  cipher suites:

  | prio  ciphersuite  protocols  pfs   
  curves
  | 1 ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 2 ECDHE-RSA-AES256-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 4 AES256-GCM-SHA384TLSv1.2None  
  None
  | 5 AES256-SHA256TLSv1.2None  
  None
  | 6 AES256-SHA   TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 7 CAMELLIA256-SHA  TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 8 ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 9 ECDHE-RSA-AES128-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 10ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 11AES128-GCM-SHA256TLSv1.2None  
  None
  | 12AES128-SHA256TLSv1.2None  
  None
  | 13AES128-SHA   TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 14CAMELLIA128-SHA  TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 15ECDHE-RSA-DES-CBC3-SHA   TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 16DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2  None  
  None

  I think the fix is in the patch below that's released in 2.4.39:

  
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99

  
  Thanks,

  Haw

  
  [1]https://github.com/jvehent/cipherscan

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1656979/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : 

[Touch-packages] [Bug 1702290] Re: package slapd 2.4.31-1+nmu2ubuntu8.4 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 2

2017-08-29 Thread Ryan Tandy
Hello,

Since you deleted all the contents out of the /etc/ldap/slapd.d folder,
please delete that folder as well, then the uninstallation will proceed.

The init script could probably be more resilient about this.

** Changed in: openldap (Ubuntu)
   Status: New => Confirmed

** Summary changed:

- package slapd 2.4.31-1+nmu2ubuntu8.4 failed to install/upgrade: subprocess 
installed pre-removal script returned error exit status 2
+ slapd fails to stop if /etc/ldap/slapd.d/cn=config.ldif is deleted but 
/etc/ldap/slapd.d still exists

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1702290

Title:
  slapd fails to stop if /etc/ldap/slapd.d/cn=config.ldif is deleted but
  /etc/ldap/slapd.d still exists

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  after i install slapd and remove it's one of folders, couldnt do apt-
  get ugrade. It said problem about header

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: slapd 2.4.31-1+nmu2ubuntu8.4
  ProcVersionSignature: Ubuntu 3.13.0-95.142-generic 3.13.11-ckt39
  Uname: Linux 3.13.0-95-generic x86_64
  NonfreeKernelModules: nvidia wl
  ApportVersion: 2.14.1-0ubuntu3.23
  AptOrdering:
   ldap-utils: Remove
   slapd: Remove
  Architecture: amd64
  Date: Tue Jul  4 15:22:00 2017
  DistributionChannelDescriptor:
   # This is a distribution channel descriptor
   # For more information see 
http://wiki.ubuntu.com/DistributionChannelDescriptor
   canonical-oem-somerville-trusty-amd64-20140620-0
  DpkgHistoryLog:
   Start-Date: 2017-07-04  15:21:46
   Commandline: apt-get remove slapd ldap-utils
   Remove: ldap-utils:amd64 (2.4.31-1+nmu2ubuntu8.4), slapd:amd64 
(2.4.31-1+nmu2ubuntu8.4)
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu8.4:subprocess installed 
pre-removal script returned error exit status 2
  ErrorMessage: subprocess installed pre-removal script returned error exit 
status 2
  InstallationDate: Installed on 2015-06-03 (761 days ago)
  InstallationMedia: Ubuntu 14.04 "Trusty" - Build amd64 LIVE Binary 
20140620-04:25
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.7
   apt  1.0.1ubuntu2.17
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu8.4 failed to install/upgrade: 
subprocess installed pre-removal script returned error exit status 2
  UpgradeStatus: Upgraded to trusty on 2016-05-30 (400 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1702290/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-08-11 Thread Ryan Tandy
** Changed in: openldap
   Status: Fix Committed => Fix Released

** Changed in: openldap (Ubuntu)
 Assignee: Ryan Tandy (rtandy) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap

[Touch-packages] [Bug 1708341] Re: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: intentando sobreescribir el compartido `/etc/ldap/ldap.conf', que es distinto de otras instan

2017-08-02 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 ***
https://bugs.launchpad.net/bugs/1436558

** This bug has been marked a duplicate of bug 1436558
   package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying 
to overwrite shared '/etc/ldap/ldap.conf', which is different from other 
instances of package libldap-2.4-2:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1708341

Title:
  package libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1 failed to
  install/upgrade: intentando sobreescribir el compartido
  `/etc/ldap/ldap.conf', que es distinto de otras instancias del
  paquetes libldap-2.4-2:amd64

Status in openldap package in Ubuntu:
  New

Bug description:
  i just wanted to upgrade and appeared that error

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1
  ProcVersionSignature: Ubuntu 4.4.0-79.100-generic 4.4.67
  Uname: Linux 4.4.0-79-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.6
  Architecture: amd64
  Date: Wed Aug  2 01:41:22 2017
  ErrorMessage: intentando sobreescribir el compartido `/etc/ldap/ldap.conf', 
que es distinto de otras instancias del paquetes libldap-2.4-2:amd64
  InstallationDate: Installed on 2016-08-04 (363 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1.2
   apt  1.2.24
  SourcePackage: openldap
  Title: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1 failed to 
install/upgrade: intentando sobreescribir el compartido `/etc/ldap/ldap.conf', 
que es distinto de otras instancias del paquetes libldap-2.4-2:amd64
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1708341/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2017-07-28 Thread Ryan Tandy
Hi Martin,

I'm trying to reproduce the bug you reported, in order to determine
whether Maciej's patch fixed it or not.

However, a simple C program making the following calls:

ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, _version);
ldap_initialize(, "ldaps://");
ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, );
ldap_simple_bind_s(ld, NULL, NULL);

ldap_initialize(, "ldap://;);
ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, );
ldap_start_tls_s(ld, NULL, NULL);

appears to behave as expected for me.

Could you please post the program code (any language is fine) that you
used to demonstrate the bug? Thanks!

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1547927

Title:
  LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and
  STARTTLS

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Tested with vivid and wily...
  also logged with openldap as 
http://www.openldap.org/its/index.cgi/Incoming?id=8374

  
  The handling of the LDAP_OPT_X_TLS_REQUIRE_CERT option appears to be different
  between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.

  When accessing server with a self-signed certificate, the results are:

  
  ldaps://

  neverOK
  hard Error: can't contact LDAP server
  demand   Error: can't contact LDAP server
  allowOK
  try  Error: can't contact LDAP server

  
  ldap:// plus explicit ldap_start_tls_s()

  neverOK
  hard OK
  demand   OK
  allowOK
  try  OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-26 Thread Ryan Tandy
Closing as Gianfranco Costamagna already merged it on his own.

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1704726

Title:
  Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
  upload. It includes the following fixes:

  - fixed FTBFS on ppc64el with kernel 4.9 and newer
  - fixed FTBFS with Heimdal 7.2.0 and newer

  Please consider sponsoring this merge, thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-07-24 Thread Ryan Tandy
Hi Andreas,

On Mon, Jul 24, 2017 at 05:33:41PM -, Andreas Hasenack wrote:
>I can take a look at this.

Thanks. FYI the fix is released upstream in 2.4.45 and I'll be uploading 
that to Debian soon.

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=d59310f86295d5ca0e2947efc78a08448610a074
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=71a7040393ac02c807e6f2b78967725a3ebd378f

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Committed
Status in openldap package in Ubuntu:
  In Progress

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 

[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
** Attachment added: "openldap_2.4.44+dfsg-8ubuntu1.debian.tar.xz"
   
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+attachment/4915950/+files/openldap_2.4.44+dfsg-8ubuntu1.debian.tar.xz

** Changed in: openldap (Ubuntu)
   Status: In Progress => Confirmed

** Changed in: openldap (Ubuntu)
     Assignee: Ryan Tandy (rtandy) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1704726

Title:
  Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
  upload. It includes the following fixes:

  - fixed FTBFS on ppc64el with kernel 4.9 and newer
  - fixed FTBFS with Heimdal 7.2.0 and newer

  Please consider sponsoring this merge, thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
** Attachment added: "openldap_2.4.44+dfsg-8ubuntu1.dsc"
   
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+attachment/4915949/+files/openldap_2.4.44+dfsg-8ubuntu1.dsc

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1704726

Title:
  Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
  upload. It includes the following fixes:

  - fixed FTBFS on ppc64el with kernel 4.9 and newer
  - fixed FTBFS with Heimdal 7.2.0 and newer

  Please consider sponsoring this merge, thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
** Patch added: "openldap_2.4.44+dfsg-8ubuntu1.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+attachment/4915948/+files/openldap_2.4.44+dfsg-8ubuntu1.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1704726

Title:
  Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
  upload. It includes the following fixes:

  - fixed FTBFS on ppc64el with kernel 4.9 and newer
  - fixed FTBFS with Heimdal 7.2.0 and newer

  Please consider sponsoring this merge, thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1704726] [NEW] Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
Public bug reported:

Hi,

I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
upload. It includes the following fixes:

- fixed FTBFS on ppc64el with kernel 4.9 and newer
- fixed FTBFS with Heimdal 7.2.0 and newer

Please consider sponsoring this merge, thanks!

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: Confirmed

** Changed in: openldap (Ubuntu)
   Status: New => In Progress

** Changed in: openldap (Ubuntu)
 Assignee: (unassigned) => Ryan Tandy (rtandy)

** Summary changed:

- Please merge openldap openldap_2.4.44+dfsg-8 (main) from Debian unstable 
(main)
+ Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1704726

Title:
  Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  I just uploaded openldap 2.4.44+dfsg-8 in response to the new Heimdal
  upload. It includes the following fixes:

  - fixed FTBFS on ppc64el with kernel 4.9 and newer
  - fixed FTBFS with Heimdal 7.2.0 and newer

  Please consider sponsoring this merge, thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1697397] Re: libldap-2.4.42+dfsg-2ubuntu3.2 crashes libreoffice

2017-06-13 Thread Ryan Tandy
I would be amazed if a libldap upgrade actually caused the error you've
pasted here. It _should_ be completely unrelated -  the symbol is a
LibreOffice internal one you mentioned in a LibreOffice internal one.

Could you please paste the relevant transactions from
/var/log/apt/history.log (the ones where libldap was upgraded and then
downgraded - please show all packages involved in those transactions),
and also the output of "dpkg-query -l libreoffice-calc libreoffice-core"
and "ldd /usr/lib/libreoffice/program/soffice.bin"?

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

** Also affects: libreoffice (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: libreoffice (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1697397

Title:
  libldap-2.4.42+dfsg-2ubuntu3.2 crashes libreoffice

Status in libreoffice package in Ubuntu:
  Incomplete
Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Running xubuntu xenial, and after a recent upgrade w/ the following:
  libldap-2.4-2:i386 (2.4.42+dfsg-2ubuntu3.2) over (2.4.42+dfsg-2ubuntu3.1)

  all libreoffice applications (calc, writer, etc) crash on start, with
  the following error:

  /usr/lib/libreoffice/program/soffice.bin: symbol lookup error:
  /usr/lib/libreoffice/program/../program/libsclo.so: undefined symbol:
  _ZN9ScrollBar8SetRangeERK5Range

  
  after investigating, i figured out it seems to be linked to the libldap 
upgrade, and indeed as a temporary workaround downgrading to 
2.4.42+dfsg-2ubuntu3 allows libreoffice to work again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1697397/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-16 Thread Ryan Tandy
Hi,

Sorry for the silence, I'm in a busy spell and not able to look at 
Ubuntu stuff right now. I do intend to follow up and propose the patch 
for a stable update when I can; anyone else is welcome to beat me to it 
in the meantime.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Committed
Status in openldap package in Ubuntu:
  In Progress

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? 

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-08 Thread Ryan Tandy
** Changed in: openldap (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Committed
Status in openldap package in Ubuntu:
  In Progress

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e9637a700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in 

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-08 Thread Ryan Tandy
Yes, just openldap.

I uploaded the patched package to a PPA for you to try:

https://launchpad.net/~rtandy/+archive/ubuntu/bug1688575

Hope that helps.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Committed
Status in openldap package in Ubuntu:
  New

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in 

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-07 Thread Ryan Tandy
** Also affects: openldap
   Importance: Undecided
   Status: New

** Changed in: openldap
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap:
  Fix Committed
Status in openldap package in Ubuntu:
  New

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pthread_create.c:333
  #13 0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 3 (Thread 0x7f2e9637a700 (LWP 42140)):
  ---Type  to continue, or q  to quit---
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread 

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-05 Thread Ryan Tandy
Thanks for opening the new bug.

I have a patch under review right now for a suspiciously similar issue.

Are you able to build and test a patched package, and see if it fixes 
your problem? If you need help modifying the package, I can upload it to 
a PPA for you later on.


** Changed in: openldap (Ubuntu)
 Assignee: (unassigned) => Ryan Tandy (rtandy)

** Patch added: "0001-ITS-8648-add-back-mutex-for-sasl_client_init.patch"
   
https://bugs.launchpad.net/bugs/1688575/+attachment/4872308/+files/0001-ITS-8648-add-back-mutex-for-sasl_client_init.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

Status in openldap package in Ubuntu:
  New

Bug description:
  I have a slapd problem on a freshly installed 16.04 machine:

  slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080
  error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000]

  I'm using the server as Slave LDAP-Server and sync replication with kerberos 
authentication.
  The service either starts and runs successfully or it fails with segmentation 
fault or 100% CPU.
  Maybe an useful info, I'm replicating two databases. When I deactivate 
syncrepl for one of them (doesn't matter which one) the problem is not 
occuring. 

  Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 
x86_64 x86_64 GNU/Linux
  slapd 2.4.42+dfsg-2ubuntu3.1
  libsasl2-2:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules:amd64 2.1.26.dfsg1-14build1
  libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1

  GDB debug:

  Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u 
openldap -g openldap -f /etc/ldap/slapd.conf -d 256
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  590c82ab @(#) $OpenLDAP: slapd  (Ubuntu) (May 11 2016 16:12:05) $

buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd
  590c82ab slapd starting
  [New Thread 0x7f2e96b7b700 (LWP 42139)]
  [New Thread 0x7f2e9637a700 (LWP 42140)]
  [New Thread 0x7f2e95b79700 (LWP 42141)]
  [New Thread 0x7f2e95378700 (LWP 42142)]
  [New Thread 0x7f2e94b77700 (LWP 42143)]
  590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s 
failed (-6)
  590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left)

  Thread 4 "slapd" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7f2e95b79700 (LWP 42141)]
  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2

  
  (gdb) thr apply all bt

  Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 5 (Thread 0x7f2e95378700 (LWP 42142)):
  #0  pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
  #1  0x7f2ea59463f3 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #2  0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at 
pthread_create.c:333
  #3  0x7f2ea45b282d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)):
  #0  0x7f2ea53035b5 in sasl_client_add_plugin () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #1  0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #2  0x7f2ea5303d69 in sasl_client_init () from 
/usr/lib/x86_64-linux-gnu/libsasl2.so.2
  #3  0x7f2ea594da6c in ldap_int_sasl_init () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #4  0x7f2ea594db2c in ldap_int_sasl_open () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #5  0x7f2ea594e2d4 in ldap_int_sasl_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #6  0x7f2ea5951828 in ldap_sasl_interactive_bind () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #7  0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #8  0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, 
sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063
  #9  0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) 
at ../../../../servers/slapd/syncrepl.c:618
  #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at 
../../../../servers/slapd/syncrepl.c:1548
  #11 0x7f2ea59463a2 in ?? () from 
/usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
  #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at 
pt

Re: [Touch-packages] [Bug 921489] Re: Segmentation fault in slapd (related to GSSAPI?)

2017-04-27 Thread Ryan Tandy
Hi Suho,

On Thu, Apr 27, 2017 at 09:09:48AM -, Suho Meso wrote:
>is a new bug really necessary, because the problem from this bug is really 
>similar?

Yes, I would really prefer to track your issue in a new report. Sorry 
for the inconvenience.

When you open the new bug, it would be wonderful if you could include a 
backtrace from gdb (https://wiki.ubuntu.com/Backtrace).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/921489

Title:
  Segmentation fault in slapd (related to GSSAPI?)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  In our installation slapd will crash with a Segmentation Fault about
  once a week. It has been seen on the producer while the consumers
  connect but also on both producer and consumers at random. It seems to
  be related to authentication with GSSAPI.

  syslog produces the followig message:
  kernel: [513493.152760] slapd[1610]: segfault at 7fb242df9000 ip 
7fb242ad7122 sp 7fb127ffd900 error 4 in 
libcrypto.so.0.9.8[7fb242a61000+168000]

  gdb:
  Core was generated by usr/sbin/slapd -d 0 -h ldap:/// ldaps:/// -f 
/local/sukat/conf/slapd.conf'.  Program terminated with signal 11, Segmentation 
fault.
  #0  sha1_block_data_order () at sha1-x86_64.s:133
  133 sha1-x86_64.s: No such file or directory.
  in sha1-x86_64.s
  (gdb) bt
  #0  sha1_block_data_order () at sha1-x86_64.s:133
  #1  0x005e1700 in ?? ()
  #2  0x1700 in ?? ()
  #3  0x in ?? ()

  The backtrace is incomplete as the debug packages are broken. Trying to 
reproduce this bug I trigger another segfault. I will file reports on thease 
issues in
   separate tickets.

  ProblemType: Bug 
  Architecture: amd64
  Date: Wed Jan 25 11:13:22 2012
  Dependencies:
   adduser 3.112ubuntu1
   base-files 5.0.0ubuntu20.10.04.4
   base-passwd 3.5.22
   coreutils 7.4-2ubuntu3
   debconf 1.5.28ubuntu4
   debconf-i18n 1.5.28ubuntu4
   debianutils 3.2.2
   dpkg 1.15.5.6ubuntu4.5 [modified: sbin/start-stop-daemon]
   findutils 4.4.2-1ubuntu1
   gcc-4.4-base 4.4.3-4ubuntu5
   libacl1 2.2.49-2
   libattr1 1:2.4.44-1
   libbz2-1.0 1.0.5-4ubuntu0.2
   libc-bin 2.11.1-0ubuntu7.8
   libc6 2.11.1-0ubuntu7.8
   libcomerr2 1.41.11-1ubuntu2.1
   libdb4.7 4.7.25-9
   libdb4.8 4.8.24-1ubuntu1
   libgcc1 1:4.4.3-4ubuntu5
   libgcrypt11 1.4.4-5ubuntu2
   libgdbm3 1.8.3-9
   libgnutls26 2.8.5-2
   libgpg-error0 1.6-1ubuntu2
   libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.10
   libk5crypto3 1.8.1+dfsg-2ubuntu0.10
   libkeyutils1 1.2-12
   libkrb5-3 1.8.1+dfsg-2ubuntu0.10
   libkrb5support0 1.8.1+dfsg-2ubuntu0.10
   libldap-2.4-2 2.4.21-0ubuntu5.6
   liblocale-gettext-perl 1.05-6
   libltdl7 2.2.6b-2ubuntu1
   libncurses5 5.7+20090803-2ubuntu3
   libpam-modules 1.1.1-2ubuntu5.4
   libpam0g 1.1.1-2ubuntu5.4
   libperl5.10 5.10.1-8ubuntu2.1
   libreadline6 6.1-1
   libsasl2-2 2.1.23.dfsg1-5ubuntu1
   libselinux1 2.0.89-4
   libslp1 1.2.1-7.6ubuntu0.1
   libstdc++6 4.4.3-4ubuntu5
   libtasn1-3 2.4-1
   libtext-charwidth-perl 0.04-6
   libtext-iconv-perl 1.7-2
   libtext-wrapi18n-perl 0.06-7
   libwrap0 7.6.q-18
   lzma 4.43-14ubuntu2
   odbcinst 2.2.11-21
   odbcinst1debian1 2.2.11-21
   passwd 1:4.1.4.2-1ubuntu2.2
   perl 5.10.1-8ubuntu2.1
   perl-base 5.10.1-8ubuntu2.1
   perl-modules 5.10.1-8ubuntu2.1
   psmisc 22.10-1
   readline-common 6.1-1
   sensible-utils 0.0.1ubuntu3
   tzdata 2011n-0ubuntu0.10.04
   unixodbc 2.2.11-21
   zlib1g 1:1.2.3.3.dfsg-15ubuntu1
  DistroRelease: Ubuntu 10.04
  NonfreeKernelModules: openafs
  Package: slapd 2.4.21-0ubuntu5.6
  PackageArchitecture: amd64
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LC_CTYPE=en_GB.UTF-8
  ProcVersionSignature: Ubuntu 2.6.32-37.81-generic 2.6.32.49+drm33.21
  SourcePackage: openldap
  Tags: lucid
  Uname: Linux 2.6.32-37-generic x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/921489/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 921489] Re: Segmentation fault in slapd (related to GSSAPI?)

2017-04-26 Thread Ryan Tandy
Hi Suho,

Please could you file a new bug for your issue, ideally using apport 
(ubuntu-bug) so that the backtrace can be collected? I have been looking 
at a similar issue (https://bugs.debian.org/860947) recently and the 
additional info would be great.

Thanks!


** Bug watch added: Debian Bug tracker #860947
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860947

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/921489

Title:
  Segmentation fault in slapd (related to GSSAPI?)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  In our installation slapd will crash with a Segmentation Fault about
  once a week. It has been seen on the producer while the consumers
  connect but also on both producer and consumers at random. It seems to
  be related to authentication with GSSAPI.

  syslog produces the followig message:
  kernel: [513493.152760] slapd[1610]: segfault at 7fb242df9000 ip 
7fb242ad7122 sp 7fb127ffd900 error 4 in 
libcrypto.so.0.9.8[7fb242a61000+168000]

  gdb:
  Core was generated by usr/sbin/slapd -d 0 -h ldap:/// ldaps:/// -f 
/local/sukat/conf/slapd.conf'.  Program terminated with signal 11, Segmentation 
fault.
  #0  sha1_block_data_order () at sha1-x86_64.s:133
  133 sha1-x86_64.s: No such file or directory.
  in sha1-x86_64.s
  (gdb) bt
  #0  sha1_block_data_order () at sha1-x86_64.s:133
  #1  0x005e1700 in ?? ()
  #2  0x1700 in ?? ()
  #3  0x in ?? ()

  The backtrace is incomplete as the debug packages are broken. Trying to 
reproduce this bug I trigger another segfault. I will file reports on thease 
issues in
   separate tickets.

  ProblemType: Bug 
  Architecture: amd64
  Date: Wed Jan 25 11:13:22 2012
  Dependencies:
   adduser 3.112ubuntu1
   base-files 5.0.0ubuntu20.10.04.4
   base-passwd 3.5.22
   coreutils 7.4-2ubuntu3
   debconf 1.5.28ubuntu4
   debconf-i18n 1.5.28ubuntu4
   debianutils 3.2.2
   dpkg 1.15.5.6ubuntu4.5 [modified: sbin/start-stop-daemon]
   findutils 4.4.2-1ubuntu1
   gcc-4.4-base 4.4.3-4ubuntu5
   libacl1 2.2.49-2
   libattr1 1:2.4.44-1
   libbz2-1.0 1.0.5-4ubuntu0.2
   libc-bin 2.11.1-0ubuntu7.8
   libc6 2.11.1-0ubuntu7.8
   libcomerr2 1.41.11-1ubuntu2.1
   libdb4.7 4.7.25-9
   libdb4.8 4.8.24-1ubuntu1
   libgcc1 1:4.4.3-4ubuntu5
   libgcrypt11 1.4.4-5ubuntu2
   libgdbm3 1.8.3-9
   libgnutls26 2.8.5-2
   libgpg-error0 1.6-1ubuntu2
   libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.10
   libk5crypto3 1.8.1+dfsg-2ubuntu0.10
   libkeyutils1 1.2-12
   libkrb5-3 1.8.1+dfsg-2ubuntu0.10
   libkrb5support0 1.8.1+dfsg-2ubuntu0.10
   libldap-2.4-2 2.4.21-0ubuntu5.6
   liblocale-gettext-perl 1.05-6
   libltdl7 2.2.6b-2ubuntu1
   libncurses5 5.7+20090803-2ubuntu3
   libpam-modules 1.1.1-2ubuntu5.4
   libpam0g 1.1.1-2ubuntu5.4
   libperl5.10 5.10.1-8ubuntu2.1
   libreadline6 6.1-1
   libsasl2-2 2.1.23.dfsg1-5ubuntu1
   libselinux1 2.0.89-4
   libslp1 1.2.1-7.6ubuntu0.1
   libstdc++6 4.4.3-4ubuntu5
   libtasn1-3 2.4-1
   libtext-charwidth-perl 0.04-6
   libtext-iconv-perl 1.7-2
   libtext-wrapi18n-perl 0.06-7
   libwrap0 7.6.q-18
   lzma 4.43-14ubuntu2
   odbcinst 2.2.11-21
   odbcinst1debian1 2.2.11-21
   passwd 1:4.1.4.2-1ubuntu2.2
   perl 5.10.1-8ubuntu2.1
   perl-base 5.10.1-8ubuntu2.1
   perl-modules 5.10.1-8ubuntu2.1
   psmisc 22.10-1
   readline-common 6.1-1
   sensible-utils 0.0.1ubuntu3
   tzdata 2011n-0ubuntu0.10.04
   unixodbc 2.2.11-21
   zlib1g 1:1.2.3.3.dfsg-15ubuntu1
  DistroRelease: Ubuntu 10.04
  NonfreeKernelModules: openafs
  Package: slapd 2.4.21-0ubuntu5.6
  PackageArchitecture: amd64
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LC_CTYPE=en_GB.UTF-8
  ProcVersionSignature: Ubuntu 2.6.32-37.81-generic 2.6.32.49+drm33.21
  SourcePackage: openldap
  Tags: lucid
  Uname: Linux 2.6.32-37-generic x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/921489/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1436558] Re: package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from other instances of pa

2017-03-22 Thread Ryan Tandy
This should be fixed in zesty now.

openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium

  * Merge with Debian unstable (LP: #1663702, LP: #1654416).

openldap (2.4.44+dfsg-1) unstable; urgency=medium

  * Fix policy 8.2 violation (Closes: #330695)
+ Move /etc/ldap/ldap.conf and manpage to new package libldap-common.

** Changed in: openldap (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1436558

Title:
  package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade:
  trying to overwrite shared '/etc/ldap/ldap.conf', which is different
  from other instances of package libldap-2.4-2:amd64

Status in openldap package in Ubuntu:
  Fix Released
Status in openldap package in Debian:
  Fix Released

Bug description:
  package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade:
  Versuch, gemeinsam benutztes »/etc/ldap/ldap.conf« zu überschreiben,
  welches verschieden von anderen Instanzen des Paketes
  libldap-2.4-2:amd64 ist

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: libldap-2.4-2 2.4.31-1+nmu2ubuntu8
  ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
  Uname: Linux 3.13.0-39-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3.8
  Architecture: amd64
  Date: Wed Mar 25 16:48:52 2015
  DuplicateSignature: package:libldap-2.4-2:2.4.31-1+nmu2ubuntu8:Versuch, 
gemeinsam benutztes »/etc/ldap/ldap.conf« zu überschreiben, welches verschieden 
von anderen Instanzen des Paketes libldap-2.4-2:amd64 ist
  ErrorMessage: Versuch, gemeinsam benutztes »/etc/ldap/ldap.conf« zu 
überschreiben, welches verschieden von anderen Instanzen des Paketes 
libldap-2.4-2:amd64 ist
  InstallationDate: Installed on 2014-11-23 (122 days ago)
  InstallationMedia: Xubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 
(20140723)
  SourcePackage: openldap
  Title: package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: 
Versuch, gemeinsam benutztes »/etc/ldap/ldap.conf« zu überschreiben, welches 
verschieden von anderen Instanzen des Paketes libldap-2.4-2:amd64 ist
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ldap.ldap.conf: [deleted]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1436558/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1660447] Re: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: подпроцесс установлен сценарий post-installation возвратил код ошибки 1

2017-03-22 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.3... 
done.
  Moving old database directories to /var/backups:
  - directory dc=BlackWind.local... done.
  Loading from /var/backups/slapd-2.4.31-1+nmu2ubuntu8.3:
  - directory dc=BlackWind.local... failed.

Loading the database from the LDIF dump failed with the following
error while running slapadd:
588fa578 ldif_read_file: checksum error on 
"/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif"
slapadd: line 1: database #1 (dc=BlackWind.local) not configured to hold 
"dc=nodomain"; no database configured for that naming context

This happens when you change the olcSuffix of a database but do not
remove the old contents. The safe way to do this would have been to use
dpkg-reconfigure(8).

Please edit the LDIF file
/var/backups/slapd-2.4.31-1+nmu2ubuntu8.3/dc=BlackWind.local.ldif and
remove the entry for dc=nodomain, and then try the upgrade again.

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368 for more
information.

(BTW, "dc=BlackWind.local" is an unusual suffix. Did you mean to use
"dc=BlackWind,dc=local"?)

** Bug watch added: Debian Bug tracker #546368
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368

** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1660447

Title:
  package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade:
  подпроцесс установлен сценарий post-installation возвратил код ошибки
  1

Status in openldap package in Ubuntu:
  New

Bug description:
  An error has occurred in the transition from version 14.04 to 16.04

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: slapd 2.4.42+dfsg-2ubuntu3.1
  ProcVersionSignature: Ubuntu 3.13.0-83.127-generic 3.13.11-ckt35
  Uname: Linux 3.13.0-83-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  Date: Mon Jan 30 23:43:39 2017
  ErrorMessage: подпроцесс установлен сценарий post-installation возвратил код 
ошибки 1
  InstallationDate: Installed on 2014-05-09 (997 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 
(20140416.2)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1.1
   apt  1.2.19
  SourcePackage: openldap
  Title: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: 
подпроцесс установлен сценарий post-installation возвратил код ошибки 1
  UpgradeStatus: Upgraded to xenial on 2017-01-30 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1660447/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1670567] Re: package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-22 Thread Ryan Tandy
** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1670567

Title:
  package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  while installing ldap packages this issue is observed.

  sudo apt install slapd ldap-utils

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: slapd 2.4.31-1+nmu2ubuntu8.3
  ProcVersionSignature: Ubuntu 4.4.0-62.83~14.04.1-generic 4.4.40
  Uname: Linux 4.4.0-62-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.23
  Architecture: amd64
  Date: Tue Mar  7 09:46:20 2017
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu8.3:subprocess installed 
post-installation script returned error exit status 1
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationDate: Installed on 2016-12-18 (79 days ago)
  InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.7
   apt  1.0.1ubuntu2.17
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1670567/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1675251] Re: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-22 Thread Ryan Tandy
Setting up slapd (2.4.42+dfsg-2ubuntu3.1) ...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.3... 
done.
  Moving old database directories to /var/backups:

  Backup path /var/backups/dc=localdomain-2.4.31-1+nmu2ubuntu8.3.ldapdb
exists. Giving up...

Please delete the existing folder and try the upgrade again.

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1675251

Title:
  package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  upgrade failed

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: slapd 2.4.42+dfsg-2ubuntu3.1
  ProcVersionSignature: Ubuntu 3.13.0-110.157-generic 3.13.11-ckt39
  Uname: Linux 3.13.0-110-generic i686
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: i386
  Date: Thu Mar 23 04:10:53 2017
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1.1
   apt  1.2.19
  SourcePackage: openldap
  Title: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to xenial on 2017-02-27 (24 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1675251/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1670567] [NEW] package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-06 Thread Ryan Tandy
Hello,

The log says that slapd failed to start, but not why.

Please could you check /var/log/syslog for messages emitted by slapd and 
paste them here.

Alternatively, start slapd in debug mode (-d):

/usr/sbin/slapd -h 'ldap:/// ldapi:///' -F /etc/ldap/slapd.d -u openldap
-g openldap -d1

and paste its output.

Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1670567

Title:
  package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1

Status in openldap package in Ubuntu:
  New

Bug description:
  while installing ldap packages this issue is observed.

  sudo apt install slapd ldap-utils

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: slapd 2.4.31-1+nmu2ubuntu8.3
  ProcVersionSignature: Ubuntu 4.4.0-62.83~14.04.1-generic 4.4.40
  Uname: Linux 4.4.0-62-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.23
  Architecture: amd64
  Date: Tue Mar  7 09:46:20 2017
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu8.3:subprocess installed 
post-installation script returned error exit status 1
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationDate: Installed on 2016-12-18 (79 days ago)
  InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.7
   apt  1.0.1ubuntu2.17
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1670567/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1656979] [NEW] No support for DHE ciphers (TLS)

2017-02-10 Thread Ryan Tandy
On Tue, Jan 17, 2017 at 12:49:36AM -, Haw Loeung wrote:
>I think the fix is in the patch below that's released in 2.4.39:
>
>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99

http://www.openldap.org/its/?findid=7506 says:

fixed in RE25
fixed in RE24 (2.4.45)

OpenLDAP 2.4.45 has not been released just yet.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1656979

Title:
  No support for DHE ciphers (TLS)

Status in openldap package in Ubuntu:
  New

Bug description:
  Hi,

  Seems the OpenLDAP shipped with Xenial (and prior) built against
  GnuTLS does not support DHE cipher suites.

  | hloeung@ldap-server:~$ apt-cache policy slapd
  | slapd:
  |   Installed: 2.4.42+dfsg-2ubuntu3.1
  |   Candidate: 2.4.42+dfsg-2ubuntu3.1
  |   Version table:
  |  *** 2.4.42+dfsg-2ubuntu3.1 500
  | 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
  | 100 /var/lib/dpkg/status
  |  2.4.42+dfsg-2ubuntu3 500
  | 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  Our LDAP server is configured with the following:

  | TLSCertificateFile /etc/ssl/certs/ldap-server.crt
  | TLSCertificateKeyFile /etc/ssl/private/ldap-server.key
  | TLSCACertificateFile /etc/ssl/certs/ldap-server_chain.crt
  | TLSProtocolMin 1.0
  | TLSCipherSuite 
PFS:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-CBC:-CAMELLIA-128-GCM:-CAMELLIA-256-GCM:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:%SERVER_PRECEDENCE
  | TLSDHParamFile /etc/ssl/private/dhparams.pem

  I know TLSDHParamFile isn't used by OpenLDAP when built with GnuTLS,
  but thought I'd try anyways. cipherscan[1] shows the following list of
  cipher suites:

  | prio  ciphersuite  protocols  pfs   
  curves
  | 1 ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 2 ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 3 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 4 ECDHE-RSA-AES128-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 6 ECDHE-RSA-AES256-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1

  Even with TLSCipherSuite config commented out, we see the following
  cipher suites:

  | prio  ciphersuite  protocols  pfs   
  curves
  | 1 ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 2 ECDHE-RSA-AES256-SHA384  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 4 AES256-GCM-SHA384TLSv1.2None  
  None
  | 5 AES256-SHA256TLSv1.2None  
  None
  | 6 AES256-SHA   TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 7 CAMELLIA256-SHA  TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 8 ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 9 ECDHE-RSA-AES128-SHA256  TLSv1.2
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 10ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 11AES128-GCM-SHA256TLSv1.2None  
  None
  | 12AES128-SHA256TLSv1.2None  
  None
  | 13AES128-SHA   TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 14CAMELLIA128-SHA  TLSv1,TLSv1.1,TLSv1.2  None  
  None
  | 15ECDHE-RSA-DES-CBC3-SHA   TLSv1,TLSv1.1,TLSv1.2  
ECDH,P-256,256bits  prime192v1,secp224r1,prime256v1,secp384r1,secp521r1
  | 16DES-CBC3-SHA TLSv1,TLSv1.1,TLSv1.2  None  
  None

  I think the fix is in the patch below that's released in 2.4.39:

  
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99

  
  Thanks,

  Haw

  
  [1]https://github.com/jvehent/cipherscan

To manage notifications about this bug go to:

Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-02-10 Thread Ryan Tandy
On Fri, Feb 10, 2017 at 07:03:14PM -, Nish Aravamudan wrote:
>Ah ok, do you want me to send the patches via git to you there? The
>Server Team has adopted
>(https://wiki.ubuntu.com/UbuntuDevelopment/Merging/GitWorkflow) for
>Ubuntu merges so we have our own tree (that's tracking the archive(s)
>for Ubuntu & Debian). But I am happy to send a patch or pull request
>anywhere as you would like.

Not sure. I'll have a look when you're done. I'll probably pull it in as 
a patch, to avoid dragging in the entire second copy of the history.

>Note that in the process of doing the merge, I think I found a bit of
>delta that is actually missing. The last several merges have mentioned
>d/rules installing the apport hook (added in 2.4.23-0ubuntu1), but I
>believe that it got accidentally dropped on the next merge to Debian
>(2.4.23-6ubuntu1) and no one has noticed since -- note that this is a
>good reason to use the above workflow, as the d/changelog mentioned
>delta that I couldn't find! Can you confirm that you see the same. I'll
>fix this in the new merge (but does mean, I think apport for openldap
>has been broken for a long time).

My branch only has ubuntu history starting from when I got involved 
(around 2.4.40) - made one attempt at importing the bzr history into git 
but it didn't go well.

>From the bzr history, it looks to me like it got lost in 
2.4.25-4ubuntu1, when the conversion to dh was merged:

http://bazaar.launchpad.net/~ubuntu-
branches/ubuntu/wily/openldap/wily/revision/46#debian/rules

But yes, a long time.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1654416

Title:
  Requesting 2.4.44 build which includes fix for ITS#8185

Status in openldap package in Ubuntu:
  In Progress

Bug description:
  I reported ITS#8185 to OpenLDAP which was fixed in the 2.4.43 release.
  There have been no OpenLDAP releases since 2.4.44 in February 2016, so
  it looks like things have been stable for a while. I'd like to request
  a refreshed slapd package for 2.4.44 (the most recent slapd package
  available on Ubuntu is 2.4.42 which dates back to August 2015). This
  would help me remove a manual workaround for the ITS#8185 issue, and
  users would also benefit from the number of fixes in 2.4.43 and
  2.4.44.

  http://www.openldap.org/software/release/changes.html

  purging stale pwdFailureTime attributes:
  
http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=8185;selectid=8185

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1654416/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-02-10 Thread Ryan Tandy
On Fri, Feb 10, 2017 at 06:12:22PM -, Nish Aravamudan wrote:
>I'm merging openldap 2.4.44+dfsg-3 today, I hope. Any concerns you have,
>Ryan?

Thanks for working on it. I thought zesty would have frozen by now, 
actually.

FWIW, there is an ubuntu branch in the packaging repository on alioth. 
My usual workflow is to merge release tags into that branch.

I'm expecting to do a -4 with translation updates and bug fixes in the 
next while. Should be minor update compared to the merge.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1654416

Title:
  Requesting 2.4.44 build which includes fix for ITS#8185

Status in openldap package in Ubuntu:
  In Progress

Bug description:
  I reported ITS#8185 to OpenLDAP which was fixed in the 2.4.43 release.
  There have been no OpenLDAP releases since 2.4.44 in February 2016, so
  it looks like things have been stable for a while. I'd like to request
  a refreshed slapd package for 2.4.44 (the most recent slapd package
  available on Ubuntu is 2.4.42 which dates back to August 2015). This
  would help me remove a manual workaround for the ITS#8185 issue, and
  users would also benefit from the number of fixes in 2.4.43 and
  2.4.44.

  http://www.openldap.org/software/release/changes.html

  purging stale pwdFailureTime attributes:
  
http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=8185;selectid=8185

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1654416/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-01-06 Thread Ryan Tandy
Hi Kartik and Hans,

I don't recommend merging the current unstable version as support for 
Heimdal was temporarily dropped. 2.4.44+dfsg-3 with Heimdal re-enabled 
will be uploaded soon on the Debian side and that should be a better 
candidate.

As usual, I will propose a merge once I'm happy with the state of the 
package in Debian, unless someone beats me to it. I can't make any 
promises with regards to the Zesty timeline, sorry.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1654416

Title:
  Requesting 2.4.44 build which includes fix for ITS#8185

Status in openldap package in Ubuntu:
  New

Bug description:
  I reported ITS#8185 to OpenLDAP which was fixed in the 2.4.43 release.
  There have been no OpenLDAP releases since 2.4.44 in February 2016, so
  it looks like things have been stable for a while. I'd like to request
  a refreshed slapd package for 2.4.44 (the most recent slapd package
  available on Ubuntu is 2.4.42 which dates back to August 2015). This
  would help me remove a manual workaround for the ITS#8185 issue, and
  users would also benefit from the number of fixes in 2.4.43 and
  2.4.44.

  http://www.openldap.org/software/release/changes.html

  purging stale pwdFailureTime attributes:
  
http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=8185;selectid=8185

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1654416/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 478827] Re: openldap database backend back_perl has undefined symbols (aka slapd-perl back-perl)

2016-11-21 Thread Ryan Tandy
*** This bug is a duplicate of bug 90812 ***
https://bugs.launchpad.net/bugs/90812

** This bug has been marked a duplicate of bug 90812
   perl backend can't use dynamically loaded modules (DBI, POSIX...)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/478827

Title:
  openldap database backend back_perl has undefined symbols (aka slapd-
  perl back-perl)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Error when starting slapd when configured to use the perl backend 
(/etc/init.d/slapd start):
  Starting OpenLDAP: slapd - failed:
  /usr/sbin/slapd: symbol lookup error: /usr/lib/perl/5.10/auto/Fcntl/Fcntl.so: 
undefined symbol: Perl_Istack_sp_ptr

  This may be related to bug #90812

  When start fails, also verified it was not running with ps.
  Removing the "database perl" section allows it to start.

  
  lsb_release -rd
  Description:Ubuntu 9.10
  Release:9.10

  slapd -V
  @(#) $OpenLDAP: slapd 2.4.18 (Sep  8 2009 17:47:22) $
  
buildd@crested:/build/buildd/openldap-2.4.18/debian/build/servers/slapd

  To reproduce:

  Changed to use slapd.conf rather than ldif configs.
  /etc/defaults/slapd :
  SLAPD_CONF=/etc/ldap/slapd.conf
  SLAPD_USER="openldap"
  SLAPD_GROUP="openldap"
  SLAPD_PIDFILE=
  SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
  SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
  SLAPD_OPTIONS=""

  
  My /etc/ldap/slapd.conf:
  moduleload  back_perl
  include /etc/ldap/schema/core.schema
  include /etc/ldap/schema/cosine.schema
  include /etc/ldap/schema/inetorgperson.schema
  loglevel   1320
  pidfile/var/run/slapd/slapd.pid
  argsfile   /var/run/slapd/slapd.args
  password-hash  {SSHA}
  databaseperl   
  suffix "dc=company,dc=com"
  perlModulePath /etc/ldap/perl
  perlModule SampleLDAP

  
  Copied SampleLDAP.pm from source distribution to /etc/ldap/perl/SampleLDAP.pm
  chown'd it to openldap:
  chmod'd it to 750
  opendlap source location:
  openldap-2.4.19/servers/slapd/back-perl/SampleLDAP.pm

  Fixed bug in SampleLDAP.pm on line 52:
  < print {*STDERR}, "$filterStr\n";
  > print {*STDERR} "$filterStr\n";

  [note: attached the SampleLDAP.pm]

  
  Attempt to start service, and receive the error.
  /etc/init.d/slapd start
  Starting OpenLDAP: slapd - failed:
  /usr/sbin/slapd: symbol lookup error: /usr/lib/perl/5.10/auto/Fcntl/Fcntl.so: 
undefined symbol: Perl_Istack_sp_ptr

  ProblemType: Bug
  Architecture: amd64
  Date: Sun Nov  8 15:16:42 2009
  DistroRelease: Ubuntu 9.10
  Package: slapd 2.4.18-0ubuntu1
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
  ProcVersionSignature: Ubuntu 2.6.31-14.48-server
  SourcePackage: openldap
  Uname: Linux 2.6.31-14-server x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/478827/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 489597] Re: PMI Schema in slapd package can't be added to database

2016-11-21 Thread Ryan Tandy
Not sure exactly when it changed, but on xenial, the pmi schema seems to
work fine. Tested:

 - adding the provided LDIF directly: ldapadd -H ldapi:// -Y EXTERNAL -f 
/etc/ldap/schema/pmi.ldif
 - including the schema in a slapd.conf file
 - converting pmi.schema to LDIF and adding that to slapd

and all were successful.

Marking fixed.

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/489597

Title:
  PMI Schema in slapd package can't be added to database

Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  The PMI scheme that is provided by Ubuntu karmic makes reference to syntax 
definitions, e.g.:
  olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role 
syntax' ...)

  which are not recognized by openldap. The utility splatest can convert
  the PMI scheme into a LDIF file but when trying to add the ldif
  content to the LDAP database we get an error. The same applies when
  adding the ldif file with slaptest to slapd.d configuration directory
  and then checking the database using slapcat. As an example the out
  put of the ldapadd command is shown:

  $ ldapadd -Y EXTERNAL -H ldapi:/// -f pmi.ldif

  adding new entry "cn={14}pmi,cn=schema,cn=config"
  ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Syntax not found: ""

  
  Finally, the content of the ldif file for completeness:

  dn: cn={14}pmi,cn=schema,cn=config
  objectClass: olcSchemaConfig
  cn: pmi
  olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24
  olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25
  olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26
  olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27
  olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32
  olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33
  olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34
  olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58
  olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59
  olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61
  olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62
  olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63
  olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71
  olcObjectIdentifier: {13}id-at-role 2.5.4.72
  olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73
  olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74
  olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75
  olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76
  olcObjectIdentifier: {18}id-mr 2.5.13
  olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42
  olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45
  olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46
  olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53
  olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54
  olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55
  olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56
  olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57
  olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58
  olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59
  olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61
  olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66
  olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67
  olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
  olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9
  olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
  olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
  olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
  olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use
;binary' SYNTAX RoleSyntax )
  olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X
   .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
   5 )
  olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA
   ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY 
   attributeCertificateExactMatch SYNTAX AttributeCertificate )
  olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A
   A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch
SYNTAX AttributeCertificate )
  olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe
   scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, 
   use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific
   ate )
  olcAttributeTypes: {5}( 

[Touch-packages] [Bug 667597] Re: conf.d directory not a configuration directory

2016-11-21 Thread Ryan Tandy
** Changed in: openldap (Ubuntu)
 Assignee: Abhishek kumar singh (abhishekkumarsingh-cse) => (unassigned)

** Changed in: openldap (Ubuntu)
   Status: In Progress => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/667597

Title:
  conf.d directory not a configuration directory

Status in openldap package in Ubuntu:
  Confirmed
Status in openldap package in Debian:
  New

Bug description:
  # cat /etc/issue
  Ubuntu 10.04.1 LTS \n \l

  # apt-cache policy slapd
  slapd:
Installed: 2.4.21-0ubuntu5.3
Candidate: 2.4.21-0ubuntu5.3
Version table:
   *** 2.4.21-0ubuntu5.3 0
  500 ftp://10.1.4.17/ubuntu/ lucid-updates/main Packages
  100 /var/lib/dpkg/status
   2.4.21-0ubuntu5.2 0
  500 ftp://10.1.4.17/ubuntu/ lucid-security/main Packages
   2.4.21-0ubuntu5 0
  500 ftp://10.1.4.17/ubuntu/ lucid/main Packages


  PROBLEM DESCRIPTION:

  The slapd package deploys the cn=config directory
  /etc/ldap/slapd.d/cn=config

  Howard Chu, Chief Architect of the OpenLDAP project has publicly
  stated that the slapd.d directory is a configuration DATABASE and is
  not user-editable[1].

  The placement of this configuration database under /etc/ violates the
  Debian Filesystem Hierarchy Standard v2.3 [2] to which Ubuntu also
  adheres [3].

  This is confusing for administrators migrating to the new cn=config
  and can lead them to editing the database directly, which is not
  documented nor intended.

  
  SUGGESTED FIX:
  * Ensure that slapd creates the configuration database somewhere under 
/var/lib
  * Ensure that the slapd package's postinst does not modify the 
configuration database directly
  * Ensure that the /etc/default/slapd file sets the SLAPD_CONF variable to 
the new location of the configuration database

  
  NOTES:

  This may need to be reported to the upstream Debian maintainers,
  however it is my understanding that lenny still uses slapd.conf (and I
  have not had time to test an unstable/testing box or inspect the
  source package, yet).

  
  [1] http://www.openldap.org/lists/openldap-technical/201009/msg00023.html
  [2] http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html
  [3] 
http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-opersys.html#s-fhs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/667597/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1594925] Re: package libldap-2.4-2 2.4.31-1+nmu2ubuntu12.3 failed to install/upgrade: a tentar sobreescrever '/etc/ldap/ldap.conf' partilhado, que é diferente de outras instância

2016-06-21 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 ***
https://bugs.launchpad.net/bugs/1436558

** This bug has been marked a duplicate of bug 1436558
   package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying 
to overwrite shared '/etc/ldap/ldap.conf', which is different from other 
instances of package libldap-2.4-2:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1594925

Title:
  package libldap-2.4-2 2.4.31-1+nmu2ubuntu12.3 failed to
  install/upgrade: a tentar sobreescrever '/etc/ldap/ldap.conf'
  partilhado, que é diferente de outras instâncias do pacote
  libldap-2.4-2:amd64

Status in openldap package in Ubuntu:
  New

Bug description:
  I'm not sure what happened. I was updating tho hole system and
  reinstalling the ubuntu-desktop, because it was a lil' bit buggy, so
  whatever, I reinstalled it. And the package "libldap-2.4-2
  2.4.31-1+nmu2ubuntu12.3" failed to install/upgrade: trying to
  overwrite '/etc/ldap/ldap.conf'.

  ProblemType: Package
  DistroRelease: Ubuntu 15.04
  Package: libldap-2.4-2 2.4.31-1+nmu2ubuntu12.3
  ProcVersionSignature: Ubuntu 3.19.0-62.70-generic 3.19.8-ckt22
  Uname: Linux 3.19.0-62-generic x86_64
  ApportVersion: 2.17.2-0ubuntu1.8
  Architecture: amd64
  Date: Tue Jun 21 14:20:42 2016
  DuplicateSignature: package:libldap-2.4-2:2.4.31-1+nmu2ubuntu12.3:a tentar 
sobreescrever '/etc/ldap/ldap.conf' partilhado, que é diferente de outras 
instâncias do pacote libldap-2.4-2:amd64
  ErrorMessage: a tentar sobreescrever '/etc/ldap/ldap.conf' partilhado, que é 
diferente de outras instâncias do pacote libldap-2.4-2:amd64
  RelatedPackageVersions:
   dpkg 1.17.25ubuntu1.1
   apt  1.0.9.7ubuntu4.2
  SourcePackage: openldap
  Title: package libldap-2.4-2 2.4.31-1+nmu2ubuntu12.3 failed to 
install/upgrade: a tentar sobreescrever '/etc/ldap/ldap.conf' partilhado, que é 
diferente de outras instâncias do pacote libldap-2.4-2:amd64
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1594925/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1591681] Re: Impossible to configure GnuTLS' %SERVER_PRECEDENCE setting in slapd

2016-06-12 Thread Ryan Tandy
Thanks for the report.

Confirmed in trusty, but cannot reproduce in xenial. However, gnutls-
serv in trusty does accept the flag.

Can you please check whether this still happens for you on a more recent
release, and whether your SSL tester actually reports the problem is
fixed?

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1591681

Title:
  Impossible to configure GnuTLS'  %SERVER_PRECEDENCE setting in slapd

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  While securing our boxes, I noticed that testssl was flagging the
  absence of server cipher order:

  
  ./testssl.sh localhost:636
   Has server cipher order? nope (NOT ok)

  While trying to set it using the following command, slapd just
  crashed:

  dapmodify -Y EXTERNAL -H ldapi:/// <<'EOF'
  dn: cn=config
  changetype: modify
  replace: olcTLSCipherSuite
  olcTLSCipherSuite: 
SECURE:-VERS-SSL3.0:-3DES-CBC:-ARCFOUR-128:%SERVER_PRECEDENCE
  -
  EOF

  Without the %SERVER_PRECEDENCE, it works.

  According to https://gnutls.org/manual/html_node/Priority-Strings.html
  and http://blog.lighttpd.net/articles/2013/06/01/mitigating-beast-
  with-gnutls/ this is indeed the proper setting to add server cipher
  order.

  Same issue happens with %FALLBACK_SCSV ("Downgrade attack prevention
  NOT supported"). There seems to be no setting to fix "Secure Client-
  Initiated Renegotiation".

  However, adding %SAFE_RENEGOTIATION (although not fixing anything) at
  least doesn't crash slapd

  
  1) root@xl:~# lsb_release -rd
  Description:Ubuntu 14.04.4 LTS
  Release:14.04
  2) root@xl:~# apt-cache policy slapd
  slapd:
Installed: 2.4.31-1+nmu2ubuntu8.2
Candidate: 2.4.31-1+nmu2ubuntu8.2
Version table:
   *** 2.4.31-1+nmu2ubuntu8.2 0
  500 http://be.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
  500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
  100 /var/lib/dpkg/status
   2.4.31-1+nmu2ubuntu8 0
  500 http://be.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
  3) What I expected to happen:

  There should be a a way to enforce server cipher order in slapd, as
  well as protect against Client-Initiated Renegotiation and prevent
  downgrade attacks

  4) What happened instead

  When trying to enable these settings that would make slapd more
  secure, it crashes (and after restart, the requested settings are
  still not enabled)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1591681/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1579566] Re: Automatic openldap db migration fails on release upgrade when using accesslog overlay

2016-05-09 Thread Ryan Tandy
*** This bug is a duplicate of bug 1003854 ***
https://bugs.launchpad.net/bugs/1003854

Thanks for the report. This is most likely bug 1003854, triggered in
this case by having /var/lib/ldap/accesslog nested inside /var/lib/ldap.

** Summary changed:

- Automatic openldap db migration fails on release upgrade when using accesslog 
overlay
+ Automatic openldap db migration fails on release upgrade when using nested 
database directories

** This bug has been marked a duplicate of bug 1003854
   Database upgrade/migration fails with nested db directories (lucid to 
precise)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1579566

Title:
  Automatic openldap db migration fails on release upgrade when using
  nested database directories

Status in openldap package in Ubuntu:
  New

Bug description:
  While attempting to perform an upgrade of my home server from Ubuntu
  12.04 to Ubuntu 14.04, I received the following error:

  
===
  Error in function: 

  
  A fatal error occurred 

  Please report this as a bug and include the files 
  /var/log/dist-upgrade/main.log and /var/log/dist-upgrade/apt.log in 
  your report. The upgrade has aborted. 
  Your original sources.list was saved in 
  /etc/apt/sources.list.distUpgrade. 

  SystemError: E:Sub-process /usr/bin/dpkg returned an error code (1)


  Could not install the upgrades

  The upgrade has aborted. Your system could be in an unusable state. A 
  recovery will run now (dpkg --configure -a). 

  Setting up slapd (2.4.31-1+nmu2ubuntu8.2) ...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.28-1.1ubuntu4.6... 
done.
Moving old database directories to /var/backups:
Loading from /var/backups/slapd-2.4.28-1.1ubuntu4.6: 
- directory dc=waveform,dc=org,dc=uk... failed.

  Loading the database from the LDIF dump failed with the following
  error while running slapadd:
  572f946e olcDbDirectory: value #0: invalid path: No such file or directory
  572f946e config error processing olcDatabase={2}hdb,cn=config: 
olcDbDirectory: value #0: invalid path: No such file or directory
  slapadd: bad configuration directory!
  dpkg: error processing package slapd (--configure):
   subprocess installed post-installation script returned error exit status 1
  Errors were encountered while processing:
   slapd

  Upgrade complete

  The upgrade has completed but there were errors during the upgrade 
  process. 
  
===

  Admittedly, it's rather strange for a home server to use LDAP for
  authentication but I don't have a terribly complex setup: openldap
  with a fairly normal LDAP layout and SSSD for handling the PAM
  interface (no kerberos - I did try it in the past but quickly gave it
  up as too complex to maintain). Hence, I was rather expecting the
  upgrade to be relatively smooth (as much as server upgrades ever are
  :).

  As requested in the message I'm attaching /var/log/dist-
  upgrade/main.log and /var/log/dist-upgrade/apt.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1579566/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1573557] Re: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: trying to overwrite shared '/usr/sh

2016-04-22 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 ***
https://bugs.launchpad.net/bugs/1436558

** This bug has been marked a duplicate of bug 1436558
   package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying 
to overwrite shared '/etc/ldap/ldap.conf', which is different from other 
instances of package libldap-2.4-2:amd64

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1573557

Title:
  package libldap-2.4-2 2.4.42+dfsg-2ubuntu3 [modified:
  usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to
  install/upgrade: trying to overwrite shared
  '/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', which is different
  from other instances of package libldap-2.4-2:i386

Status in openldap package in Ubuntu:
  New

Bug description:
  i just wanted to install wine 1.8 via ppa

  os ubuntu 16.04

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: libldap-2.4-2 2.4.42+dfsg-2ubuntu3 [modified: 
usr/share/doc/libldap-2.4-2/changelog.Debian.gz]
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic x86_64
  NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  Date: Fri Apr 22 13:49:45 2016
  ErrorMessage: trying to overwrite shared 
'/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', which is different from 
other instances of package libldap-2.4-2:i386
  InstallationDate: Installed on 2016-02-19 (63 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1
   apt  1.2.10ubuntu1
  SourcePackage: openldap
  Title: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3 [modified: 
usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: 
trying to overwrite shared '/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', 
which is different from other instances of package libldap-2.4-2:i386
  UpgradeStatus: Upgraded to xenial on 2016-03-22 (31 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1573557/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1559775] Re: package slapd 2.4.42+dfsg-2ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2016-03-20 Thread Ryan Tandy
from DpkgTerminalLog:

Setting up slapd (2.4.42+dfsg-2ubuntu3) ...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.2... 
done.
  Moving old database directories to /var/backups:

  Backup path /var/backups/dc=nodomain-2.4.31-1+nmu2ubuntu8.2.ldapdb
exists. Giving up...

The upgrade script is trying to back up your existing slapd config
before upgrading, but the location it wants to back it up to already
exists (maybe from a previous upgrade attempt, or a dpkg-reconfigure, or
something else). Remove or rename that directory, and issue the command

dpkg --configure --pending

to complete the upgrade.

** Changed in: openldap (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1559775

Title:
  package slapd 2.4.42+dfsg-2ubuntu3 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  sudo lsb_release -rd;sudo apt-cache policy slapd openldap
  [sudo] password for carlos: 
  Description:  Ubuntu Xenial Xerus (development branch)
  Release:  16.04
  slapd:
Installed: 2.4.42+dfsg-2ubuntu3
Candidate: 2.4.42+dfsg-2ubuntu3
Version table:
   *** 2.4.42+dfsg-2ubuntu3 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status
  N: Unable to locate package openldap

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: slapd 2.4.42+dfsg-2ubuntu3
  ProcVersionSignature: Ubuntu 4.4.0-14.30-generic 4.4.5
  Uname: Linux 4.4.0-14-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  Date: Sun Mar 20 15:37:27 2016
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationDate: Installed on 2016-03-11 (8 days ago)
  InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release amd64 
(20160217.1)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1
   apt  1.2.7
  SourcePackage: openldap
  Title: package slapd 2.4.42+dfsg-2ubuntu3 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to xenial on 2016-03-20 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1559775/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
On Fri, Feb 26, 2016 at 07:56:59PM -, Michal Dziczkowski wrote:
>I don't have the mantioned PPA in my repositories, so how could I
>install slapd from it?

The 'apt-cache policy' output you posted does include it.

> 500 http://ppa.launchpad.net/dirk-computer42/c42-backport/ubuntu/ trusts / 
> main i386 Packages
> release v = 14.04, o = LP-PPA-dirk-computer42-c42-backport, a = trusts, n 
> = trusts, l = c42-backport, c = main
> origin ppa.launchpad.net

Not sure why that says "trusts" rather than "trusty", but that is 
definitely the version apt-get wants to install.

'apt-cache policy slapd' would tell you exactly which versions of slapd 
are available, which is going to be installed, and why.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1550437

Title:
  [BUG] Unable to install: dependency problem

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  Unable to install because of dependency issues.

  I have installed the library libperl5.20 and slapd still don't care
  about it and forces to have a non-existing in repo libperl5.16 (even
  if in dependencies it's shown as ">= 5.16" ) and makes it unable to be
  installed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1550437/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
> Investigating (0) slapd [i386]  2.4.40-4 ~ ~ ubuntu14.04.1
c42.ppa1> (net)

This package (slapd 2.4.40-4~ubuntu14.04.1~c42.ppa1) is not part of
Ubuntu. It comes from one of the PPAs you have installed:
https://launchpad.net/~dirk-computer42/+archive/ubuntu/c42-backport

This is either a problem with that specific PPA, or an incompatibility
between some of the many PPAs you have. Either way, this is not a bug in
the slapd package in Ubuntu.

** Changed in: openldap (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1550437

Title:
  [BUG] Unable to install: dependency problem

Status in openldap package in Ubuntu:
  Invalid

Bug description:
  Unable to install because of dependency issues.

  I have installed the library libperl5.20 and slapd still don't care
  about it and forces to have a non-existing in repo libperl5.16 (even
  if in dependencies it's shown as ">= 5.16" ) and makes it unable to be
  installed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1550437/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
Hi Michal,

Thanks for the report. Can I ask you to provide some more information?
The output from the following commands would be very helpful:

lsb_release -a

uname -a

apt-cache policy

apt-get -y install slapd

apt-get -y -o Debug::pkgProblemResolver=1 install slapd

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1550437

Title:
  [BUG] Unable to install: dependency problem

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Unable to install because of dependency issues.

  I have installed the library libperl5.20 and slapd still don't care
  about it and forces to have a non-existing in repo libperl5.16 (even
  if in dependencies it's shown as ">= 5.16" ) and makes it unable to be
  installed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1550437/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1536301] Re: package libldap-2.4-2 2.4.41+dfsg-1ubuntu3 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: trying to overwrite shared '/usr/sh

2016-01-25 Thread Ryan Tandy
Sounds like a case of multi-arch skew. If I'm reading correctly, you had
libldap-2.4-2 2.4.41+dfsg-1ubuntu2 installed for both i386 and amd64;
but then you tried to upgrade to -1ubuntu3 on i386 only.

Updating your system should resolve this, I think.

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1536301

Title:
  package libldap-2.4-2 2.4.41+dfsg-1ubuntu3 [modified:
  usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to
  install/upgrade: trying to overwrite shared
  '/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', which is different
  from other instances of package libldap-2.4-2:i386

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  this occure when login.

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: libldap-2.4-2 2.4.41+dfsg-1ubuntu3 [modified: 
usr/share/doc/libldap-2.4-2/changelog.Debian.gz]
  ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3
  Uname: Linux 4.3.0-5-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.19.3-0ubuntu3
  Architecture: amd64
  Date: Wed Jan 20 01:28:20 2016
  ErrorMessage: trying to overwrite shared 
'/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', which is different from 
other instances of package libldap-2.4-2:i386
  InstallationDate: Installed on 2016-01-01 (19 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1
   apt  1.1.10
  SourcePackage: openldap
  Title: package libldap-2.4-2 2.4.41+dfsg-1ubuntu3 [modified: 
usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: 
trying to overwrite shared '/usr/share/doc/libldap-2.4-2/changelog.Debian.gz', 
which is different from other instances of package libldap-2.4-2:i386
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1536301/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1537762] Re: syncrepl does not work when using tls

2016-01-25 Thread Ryan Tandy
Hi Ian,

I found https://stathers.net/2016/01/14/thawte-premium-ssl-
md5-gnutls.html but it would be surprising if that broke syncrepl but
not ldapsearch. Still, worth checking if you haven't already.
(ldapsearch and syncrepl are using the same CA certificate, right?)

Is there any interesting output if you run the consumer slapd at a
higher debug level?

Separate from slapd, are gnutls-serv/gnutls-cli able to communicate
using the same certificates?

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1537762

Title:
  syncrepl does not work when using tls

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  
  syncrepl gives a "slap_client_connect: URI=ldap://ldaphost.domain.com Error, 
ldap_start_tls failed (-11)" error

  syncrepl was working perfectly until I upgraded libgnutls26 from

  version 2.12.14-5ubuntu3.10

  to

  version 2.12.14-5ubuntu3.11

  This new version of gnutls just seems to only have a simple fix for
  CVE-2015-7575

  ldapsearch works perfectly happily with the new version of gnutls and
  our SSL certificate.

  My syncrepl config looks like this:

  syncreplrid=222
  provider=ldap://ldaphost.domain.com
  starttls=critical
  type=refreshAndPersist
  retry=60,+
  searchbase="dc=ccc,dc=sss,dc=aa,dc=uu"
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn="cn=uu,dc=ccc,dc=s,dc=aa,dc=uu"
  credentials=

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4.6
  ProcVersionSignature: Ubuntu 3.2.0-97.137-generic 3.2.73
  Uname: Linux 3.2.0-97-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.13
  Architecture: amd64
  Date: Mon Jan 25 13:33:26 2016
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 
(20120424.1)
  MarkForUpload: True
  SourcePackage: openldap
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.slapd: 2012-10-02T10:07:38

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1537762/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1537762] Re: syncrepl does not work when using tls

2016-01-25 Thread Ryan Tandy
Please also have a look at
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230 (thanks
to sarnold for the pointer)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1537762

Title:
  syncrepl does not work when using tls

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  
  syncrepl gives a "slap_client_connect: URI=ldap://ldaphost.domain.com Error, 
ldap_start_tls failed (-11)" error

  syncrepl was working perfectly until I upgraded libgnutls26 from

  version 2.12.14-5ubuntu3.10

  to

  version 2.12.14-5ubuntu3.11

  This new version of gnutls just seems to only have a simple fix for
  CVE-2015-7575

  ldapsearch works perfectly happily with the new version of gnutls and
  our SSL certificate.

  My syncrepl config looks like this:

  syncreplrid=222
  provider=ldap://ldaphost.domain.com
  starttls=critical
  type=refreshAndPersist
  retry=60,+
  searchbase="dc=ccc,dc=sss,dc=aa,dc=uu"
  scope=sub
  schemachecking=off
  bindmethod=simple
  binddn="cn=uu,dc=ccc,dc=s,dc=aa,dc=uu"
  credentials=

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4.6
  ProcVersionSignature: Ubuntu 3.2.0-97.137-generic 3.2.73
  Uname: Linux 3.2.0-97-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.13
  Architecture: amd64
  Date: Mon Jan 25 13:33:26 2016
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 
(20120424.1)
  MarkForUpload: True
  SourcePackage: openldap
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.slapd: 2012-10-02T10:07:38

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1537762/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 874339] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2016-01-25 Thread Ryan Tandy
*** This bug is a duplicate of bug 1040177 ***
https://bugs.launchpad.net/bugs/1040177

** This bug has been marked a duplicate of bug 1040177
   slapd install fails when requesting to 'Omit OpenLDAP server configuration"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/874339

Title:
  package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess
  installed post-installation script returned error exit status 1

Status in openldap:
  New
Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  slapd fails to install

  ProblemType: Package
  DistroRelease: Ubuntu 11.04
  Package: slapd 2.4.23-6ubuntu6
  ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic i686
  Architecture: i386
  CNConfig: Error: command ['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', 
'-H ldapi:///', '-b cn=config'] failed with exit code 255: 
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
  Date: Fri Oct 14 16:48:41 2011
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  SourcePackage: openldap
  Title: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess 
installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to natty on 2011-05-23 (143 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/874339/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 694707] Re: database doesn't get purged during purge

2016-01-25 Thread Ryan Tandy
There is a debconf question about purge:

Template: slapd/purge_database
Type: boolean
Default: false
Description: Do you want the database to be removed when slapd is purged?

Note that false is the default. Was it changed to true before purging?

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/694707

Title:
  database doesn't get purged during purge

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  When documenting the installation of slapd on Lucid, I often need to go back 
to a clean default install. I do this by:
  apt-get -y purge slapd && apt-get install slapd

  It seems that purging does not remove /var/lib/ldap, so after re-
  installation old database stuff is hanging around.

  Hence, you receive all kinds of 'duplicate' warnings when trying to
  add things to an alleged 'clean' install.

  Expected behavior: 'apt-get purge slapd' purges everything, including
  /var/lib/ldap.

  FYI, this is the only ldap related package I had installed, so
  /var/lib/ldap is not used by other packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/694707/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1532648] [NEW] Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

2016-01-10 Thread Ryan Tandy
Public bug reported:

Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Assignee: Ryan Tandy (rtandy)
 Status: In Progress

** Changed in: openldap (Ubuntu)
 Assignee: (unassigned) => Ryan Tandy (rtandy)

** Changed in: openldap (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1532648

Title:
  Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

Status in openldap package in Ubuntu:
  In Progress

Bug description:
  Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1532648/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1532648] proposed merged package

2016-01-10 Thread Ryan Tandy
Built and tested in
https://launchpad.net/~rtandy/+archive/ubuntu/lp1532648

dpkg-buildpackage -S -sa -v2.4.41+dfsg-1ubuntu3

debdiff openldap_2.4.42+dfsg-2.dsc openldap_2.4.42+dfsg-2ubuntu1.dsc >
debian-ubuntu.diff

debdiff openldap_2.4.41+dfsg-1ubuntu3.dsc openldap_2.4.42+dfsg-
2ubuntu1.dsc | filterdiff -i '*/debian/*' > ubuntu-ubuntu.diff

Please consider sponsoring this merge. Thank you!


** Patch added: "debian-ubuntu.diff"
   
https://bugs.launchpad.net/bugs/1532648/+attachment/4547835/+files/debian-ubuntu.diff

** Patch added: "ubuntu-ubuntu.diff"
   
https://bugs.launchpad.net/bugs/1532648/+attachment/4547836/+files/ubuntu-ubuntu.diff

** Attachment added: "openldap_2.4.42+dfsg-2ubuntu1_source.changes"
   
https://bugs.launchpad.net/bugs/1532648/+attachment/4547837/+files/openldap_2.4.42+dfsg-2ubuntu1_source.changes

** Attachment added: "openldap_2.4.42+dfsg-2ubuntu1.dsc"
   
https://bugs.launchpad.net/bugs/1532648/+attachment/4547838/+files/openldap_2.4.42+dfsg-2ubuntu1.dsc

** Attachment added: "openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz"
   
https://bugs.launchpad.net/bugs/1532648/+attachment/4547839/+files/openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz

** Changed in: openldap (Ubuntu)
 Assignee: Ryan Tandy (rtandy) => (unassigned)

** Changed in: openldap (Ubuntu)
   Status: In Progress => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1532648

Title:
  Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1532648/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 990751] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/990751

Title:
  package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade:
  ErrorMessage: subprocess installed post-installation script returned
  error exit status 1

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade:
  ErrorMessage: subprocess installed post-installation script returned
  error exit status 1

  This error happened during my upgrade from 11.10 to 12.04 using the
  built-in system upgrade tool.

  ProblemType: Package
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4
  ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
  Uname: Linux 3.2.0-24-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.0.1-0ubuntu6
  Architecture: amd64
  Date: Sat Apr 28 14:09:33 2012
  ErrorMessage: ErrorMessage: subprocess installed post-installation script 
returned error exit status 1
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
  SourcePackage: openldap
  Title: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: 
ErrorMessage: subprocess installed post-installation script returned error exit 
status 1
  UpgradeStatus: Upgraded to precise on 2012-04-28 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/990751/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 989243] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/989243

Title:
  package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade:
  ErrorMessage: subprocess installed post-installation script returned
  error exit status 1

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Happened durung upgrade

  ProblemType: Package
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4
  ProcVersionSignature: Ubuntu 3.0.0-17.30-generic 3.0.22
  Uname: Linux 3.0.0-17-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.0.1-0ubuntu6
  Architecture: amd64
  Date: Thu Apr 26 22:51:51 2012
  ErrorMessage: ErrorMessage: subprocess installed post-installation script 
returned error exit status 1
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
  SourcePackage: openldap
  Title: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: 
ErrorMessage: subprocess installed post-installation script returned error exit 
status 1
  UpgradeStatus: Upgraded to precise on 2012-04-26 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/989243/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 840513] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 862520 ***
https://bugs.launchpad.net/bugs/862520

>From the upgrade log:

Setting up slapd (2.4.23-6ubuntu6) ...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.21-0ubuntu5.4... done.
  Moving old database directories to /var/backups:
  Loading from /var/backups/slapd-2.4.21-0ubuntu5.4: 
  - directory dc=trekkie... failed.

Loading the database from the LDIF dump failed with the following
error while running slapadd:
/var/backups/slapd-2.4.21-0ubuntu5.4/dc=trekkie.ldif: No such file or 
directory

but there's no indication of why that file is missing.

Without that information, I don't think there's any way I can help with
this one.

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Incomplete

** This bug has been marked a duplicate of bug 862520
   package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: 
subprocess installed post-installation script returned error exit status 1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/840513

Title:
  package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess
  installed post-installation script returned error exit status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  fail

  ProblemType: Package
  DistroRelease: Ubuntu 11.04
  Package: slapd 2.4.23-6ubuntu6
  ProcVersionSignature: Ubuntu 2.6.38-11.48-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic i686
  Architecture: i386
  CNConfig: Error: command ['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', 
'-H ldapi:///', '-b cn=config'] failed with exit code 255: 
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
  Date: Sat Sep  3 07:55:40 2011
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  SourcePackage: openldap
  SysLog:
   Sep  3 07:55:40 trekkie AptDaemon.Worker: CRITICAL: slapd: subprocess 
installed post-installation script returned error exit status 1
   Sep  3 07:55:47 trekkie AptDaemon.Worker: CRITICAL: slapd: subprocess 
installed post-installation script returned error exit status 1
  Title: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess 
installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to natty on 2011-08-07 (27 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/840513/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 896737] Re: package slapd 2.4.21-0ubuntu5.6 failed to install/upgrade:

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

Thanks dino99, but this one is still relevant and does need to be fixed.
We should keep it open.

** Changed in: openldap (Ubuntu)
   Status: Invalid => Confirmed

** Bug watch added: Debian Bug tracker #546368
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368

** Also affects: openldap (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368
   Importance: Unknown
   Status: Unknown

** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

** No longer affects: openldap (Debian)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/896737

Title:
  package slapd 2.4.21-0ubuntu5.6 failed to install/upgrade:

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  This couldn't upgrade from 8.04LTS to 10.04.3 LTS automatically. This
  may be problematic on my system given I'm using pam with ldap for
  authentication.

  ProblemType: Package
  DistroRelease: Ubuntu 10.04
  Package: slapd 2.4.21-0ubuntu5.6
  ProcVersionSignature: Ubuntu 2.6.24-29.95-server
  Uname: Linux 2.6.24-29-server x86_64
  Architecture: amd64
  Date: Sat Nov 26 19:59:10 2011
  ErrorMessage:
   ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  SourcePackage: openldap
  Title: package slapd 2.4.21-0ubuntu5.6 failed to install/upgrade:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/896737/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 391420] Re: slapd failed to install/upgrade: slapadd: line 1: database (dc=xxx, dc=xxx, dc=xx) not configured to hold "dc=nodomain"

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

** This bug has been marked a duplicate of bug 112631
   [apport] package slapd failed to install/upgrade:

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/391420

Title:
  slapd failed to install/upgrade: slapadd: line 1: database
  (dc=xxx,dc=xxx,dc=xx) not configured to hold "dc=nodomain"

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: update-manager

  sorry, i'm just an end user, not an admin or a programer

  ProblemType: Package
  Architecture: i386
  Date: Tue Jun 23 20:32:48 2009
  DistroRelease: Ubuntu 8.04
  ErrorMessage: ErrorMessage: SystemError in cache.commit(): E:Sub-process 
/usr/bin/dpkg returned an error code (1)

  NonfreeKernelModules: nvidia
  Package: update-manager 1:0.87.31
  PackageArchitecture: all
  SourcePackage: update-manager
  Title: package update-manager 1:0.87.31 failed to install/upgrade: 
ErrorMessage: SystemError in cache.commit(): E:Sub-process /usr/bin/dpkg 
returned an error code (1)
  Uname: Linux 2.6.22-16-generic i686

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/391420/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 862520] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
caused by:

Preparing to replace slapd 2.4.21-0ubuntu5.5 (using 
.../slapd_2.4.23-6ubuntu6_amd64.deb) ...
  Dumping to /var/backups/slapd-2.4.21-0ubuntu5.5:
Unpacking replacement slapd ...

Would need a copy of the config before the upgrade in order to determine
why the database was not listed for backing up.

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/862520

Title:
  package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage:
  subprocess installed post-installation script returned error exit
  status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  error while upgrading to 11.04. error in openldap and ebox

  ProblemType: Package
  DistroRelease: Ubuntu 11.04
  Package: slapd 2.4.23-6ubuntu6
  ProcVersionSignature: Ubuntu 2.6.35-30.56-server 2.6.35.13
  Uname: Linux 2.6.35-30-server x86_64
  Architecture: amd64
  CNConfig: Error: command ['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', 
'-H ldapi:///', '-b cn=config'] failed with exit code 255: 
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
  Date: Thu Sep 29 17:51:38 2011
  ErrorMessage: ErrorMessage: subprocess installed post-installation script 
returned error exit status 1
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 
(20100427)
  SourcePackage: openldap
  SysLog: Sep 29 17:49:44 MFL-Srv kernel: [14554.308947] type=1400 
audit(1317311384.416:88): apparmor="STATUS" operation="profile_replace" 
name="/usr/sbin/slapd" pid=5472 comm="apparmor_parser"
  Title: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to natty on 2011-09-29 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/862520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 990892] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
There isn't enough information (would need debconf info) to say for
sure, but this is most likely caused by slapd/domain ending with a dot,
or otherwise causing olcSuffix to end up containing an unacceptable
character. The former case has been fixed in wily and later.

** Changed in: openldap (Ubuntu)
   Status: New => Fix Released

** Bug watch added: Debian Bug tracker #637996
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637996

** Also affects: openldap (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637996
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/990892

Title:
  package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: subprocess
  installed post-installation script returned error exit status 1

Status in openldap package in Ubuntu:
  Fix Released
Status in openldap package in Debian:
  Unknown

Bug description:
  Attempted to install slapd for the first time, but on a machine
  recently upgraded from 10.04.  I had already installed autofs-ldap
  before attempting to install slapd.  This is my first experiment with
  LDAP so that's about all I know.

  Setting up slapd (2.4.28-1.1ubuntu4) ...
Creating new user openldap... done.
Creating initial configuration... Loading the initial configuration from 
the ldif file () failed with
  the following error while running slapadd:
  4f9cbb70 str2entry: invalid value for attributeType olcSuffix #0 (syntax 
1.3.6.1.4.1.1466.115.121.1.12)
  slapadd: could not parse entry (line=1051)
  dpkg: error processing slapd (--configure):
   subprocess installed post-installation script returned error exit status 1
  Processing triggers for libc-bin ...
  ldconfig deferred processing now taking place
  Errors were encountered while processing:
   slapd
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  ProblemType: Package
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4
  ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
  Uname: Linux 3.2.0-24-generic x86_64
  ApportVersion: 2.0.1-0ubuntu7
  AptOrdering:
   libodbc1: Install
   slapd: Install
   libodbc1: Configure
   slapd: Configure
  Architecture: amd64
  Date: Sat Apr 28 23:54:24 2012
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
  SourcePackage: openldap
  Title: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: subprocess 
installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to precise on 2012-04-28 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/990892/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 988688] Re: slapd failed to upgrade: no databases were backed up

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 862520 ***
https://bugs.launchpad.net/bugs/862520

** Summary changed:

- package slapd 2.4.21-0ubuntu5.7 failed to install/upgrade: subprocess 
installed post-installation script returned error exit status 1
+ slapd failed to upgrade: no databases were backed up

** This bug has been marked a duplicate of bug 862520
   package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: 
subprocess installed post-installation script returned error exit status 1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/988688

Title:
  slapd failed to upgrade: no databases were backed up

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  upgrading 8.04 to 10.04 lts

  ProblemType: Package
  DistroRelease: Ubuntu 10.04
  Package: slapd 2.4.21-0ubuntu5.7
  ProcVersionSignature: Ubuntu 2.6.32-41.88-generic 2.6.32.59+drm33.24
  Uname: Linux 2.6.32-41-generic i686
  Architecture: i386
  Date: Thu Apr 26 01:24:33 2012
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  SourcePackage: openldap
  Title: package slapd 2.4.21-0ubuntu5.7 failed to install/upgrade: subprocess 
installed post-installation script returned error exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/988688/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1108252] Re: package slapd 2.4.28-1.1ubuntu4.2 failed to install/upgrade: ErrorMessage: el subproceso instalado el script post-installation devolvió el código de salida de error

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

** This bug is no longer a duplicate of bug 1011227
   package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: 
subprocess installed post-installation script returned error exit status 1
** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1108252

Title:
  package slapd 2.4.28-1.1ubuntu4.2 failed to install/upgrade:
  ErrorMessage: el subproceso instalado el script post-installation
  devolvió el código de salida de error 1

Status in openldap package in Ubuntu:
  New

Bug description:
  Upgrade version

  ProblemType: Package
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4.2
  ProcVersionSignature: Ubuntu 3.0.0-30.47-generic-pae 3.0.57
  Uname: Linux 3.0.0-30-generic-pae i686
  ApportVersion: 2.0.1-0ubuntu17.1
  Architecture: i386
  Date: Mon Jan 28 16:32:48 2013
  ErrorMessage: ErrorMessage: el subproceso instalado el script 
post-installation devolvió el código de salida de error 1
  InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Release i386 
(20110426)
  MarkForUpload: True
  SourcePackage: openldap
  Title: package slapd 2.4.28-1.1ubuntu4.2 failed to install/upgrade: 
ErrorMessage: el subproceso instalado el script post-installation devolvió el 
código de salida de error 1
  UpgradeStatus: Upgraded to precise on 2013-01-28 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1108252/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1011227] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 ***
https://bugs.launchpad.net/bugs/112631

** This bug has been marked a duplicate of bug 112631
   slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1011227

Title:
  package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade:
  ErrorMessage: subprocess installed post-installation script returned
  error exit status 1

Status in openldap package in Ubuntu:
  Confirmed

Bug description:
  Description:  Ubuntu 12.04 LTS
  Release:  12.04

  
  apt-cache policy slapd
  slapd:
Installed: 2.4.28-1.1ubuntu4
Candidate: 2.4.28-1.1ubuntu4
Version table:
   *** 2.4.28-1.1ubuntu4 0
  500 http://nl.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
  100 /var/lib/dpkg/status

  ProblemType: Package
  DistroRelease: Ubuntu 12.04
  Package: slapd 2.4.28-1.1ubuntu4
  ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16
  Uname: Linux 3.2.0-24-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: i386
  Date: Sun Jun 10 18:02:57 2012
  ErrorMessage: ErrorMessage: subprocess installed post-installation script 
returned error exit status 1
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
  SourcePackage: openldap
  Title: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: 
ErrorMessage: subprocess installed post-installation script returned error exit 
status 1
  UpgradeStatus: Upgraded to precise on 2012-06-10 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1011227/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 112631] Re: slapd failed to install/upgrade: database (dc=xxx, dc=xxx, dc=xx) not configured to hold "dc=nodomain"

2015-12-26 Thread Ryan Tandy
** Summary changed:

- [apport] package slapd failed to install/upgrade: 
+ slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not 
configured to hold "dc=nodomain"

** Bug watch added: Debian Bug tracker #546368
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368

** Also affects: openldap (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/112631

Title:
  slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not
  configured to hold "dc=nodomain"

Status in openldap package in Ubuntu:
  Confirmed
Status in openldap package in Debian:
  Unknown

Bug description:
  While upgrading from Edgy to Feisty, I got the following error:

  Configurando slapd (2.3.30-2) ...
Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.2.26-5ubuntu3.1... 
done.
Updating config access directives... done.
Moving old database directories to /var/backups:
Loading from /var/backups/slapd-2.2.26-5ubuntu3.1: 
- directory o=localhost... fixing, failed.

  Loading the database from the LDIF dump failed with the following
  error while running slapadd:
  slapadd: line 14: database (o=localhost) not configured to hold 
"dc=nodomain"
  slapadd: line 14: database (o=localhost) not configured to hold 
"dc=nodomain"
  dpkg: error al procesar slapd (--configure):
   el subproceso post-installation script devolvió el código de salida de error 
1

  ProblemType: Package
  Date: Sat May  5 17:01:36 2007
  ErrorMessage:
   ErrorMessage: el subproceso post-installation script devolvió el código de 
salida de error 1
  Package: slapd
  SourcePackage: openldap2.3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/112631/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 571752] Re: slapd upgrades don't add frontend ACLs for base="" and cn=subschema

2015-12-26 Thread Ryan Tandy
Fixed in natty and later, looks like.

openldap (2.4.23-5) unstable; urgency=high
[...]
  * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings.  Closes: #596326.
  * Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended.  Closes: #596049.

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/571752

Title:
  slapd upgrades don't add frontend ACLs for base="" and cn=subschema

Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  As a result of LP: #427842, the initial configuration created upon 
installation of slapd 2.4.21-0ubuntu4 and later will include the following ACLs 
on the {-1}frontend database:
olcAccess: to dn.base="" by * read
olcAccess: to dn.base="cn=subschema" by * read

  However, when upgrading from earlier versions of slapd, no attempt is
  made make sure these ACLs exist.

  In the case of a Hardy -> Lucid upgrade, this causes e.g. "ldapvi
  --discover" to stop working.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/571752/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1501047] Re: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu8.1 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd

2015-09-29 Thread Ryan Tandy
Hi,

It does not look like an openldap bug to me:

dpkg: error processing package libgcrypt11:i386 (--configure):
 package is in a very bad inconsistent state; you should
 reinstall it before attempting configuration
dpkg: dependency problems prevent configuration of libldap-2.4-2:i386:
 libldap-2.4-2:i386 depends on libgcrypt11 (>= 1.5.1); however:
  Package libgcrypt11:i386 is not configured yet.

Please get your libgcrypt11 into a better state and then try again.

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1501047

Title:
  package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu8.1 failed to
  install/upgrade: vereistenproblemen - blijft ongeconfigureerd

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  failed to install

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu8.1
  ProcVersionSignature: Ubuntu 3.13.0-46.79-generic 3.13.11-ckt15
  Uname: Linux 3.13.0-46-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.12
  Architecture: amd64
  Date: Tue Sep 29 22:16:43 2015
  ErrorMessage: vereistenproblemen - blijft ongeconfigureerd
  PackageArchitecture: i386
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.4
   apt  1.0.1ubuntu2.10
  SourcePackage: openldap
  Title: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu8.1 failed to 
install/upgrade: vereistenproblemen - blijft ongeconfigureerd
  UpgradeStatus: Upgraded to trusty on 2014-04-29 (518 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1501047/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1495339] Re: package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1

2015-09-14 Thread Ryan Tandy
Thanks for the bug report.

The dpkg log says:

Configurando slapd (2.4.31-1+nmu2ubuntu12.2) ...
  Creating new user openldap... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
insserv: warning: script 'K01centrify-kcm' missing LSB tags and overrides
insserv: script slapd: service slapd already provided!
insserv: exiting now!
update-rc.d: error: insserv rejected the script header
dpkg: error al procesar el paquete slapd (--configure):
 el subproceso instalado el script post-installation devolvió el código de 
salida de error 1

I'm not familiar with Centrify at all, but this sounds to me like the
centrify-kcm init script Provides: slapd. If that's the case, you're
probably hitting Debian bug #606593 . Resolving it without removing centrify-
kcm's ability to satisfy slapd dependencies would require us to
coördinate a virtual service
 with
the Centrify folks.

As a local workaround, if you do want to have slapd and centrify-kcm
installed together, you could just remove the Provides: slapd from the
centrify-kcm init script.

Reassigning to insserv for now; feel free to reassign back if some
openldap change is needed (for example coördinating a virtual service
with Centrify).

** Bug watch added: Debian Bug tracker #606593
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606593

** Package changed: openldap (Ubuntu) => insserv (Ubuntu)

** Also affects: insserv (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606593
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1495339

Title:
  package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el
  subproceso instalado el script post-installation devolvió el código de
  salida de error 1

Status in insserv package in Ubuntu:
  New
Status in insserv package in Debian:
  Unknown

Bug description:
  I belive that is the version of ubuntu because the hardware and some
  apps is very fresh, just this.

  ProblemType: Package
  DistroRelease: Ubuntu 15.04
  Package: slapd 2.4.31-1+nmu2ubuntu12.2
  ProcVersionSignature: Ubuntu 3.19.0-26.28-generic 3.19.8-ckt4
  Uname: Linux 3.19.0-26-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.17.2-0ubuntu1.3
  Architecture: amd64
  Date: Sun Sep 13 20:43:45 2015
  DuplicateSignature: package:slapd:2.4.31-1+nmu2ubuntu12.2:el subproceso 
instalado el script post-installation devolvió el código de salida de error 1
  ErrorMessage: el subproceso instalado el script post-installation devolvió el 
código de salida de error 1
  InstallationDate: Installed on 2015-05-15 (121 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Beta amd64 (20150326)
  RelatedPackageVersions:
   dpkg 1.17.25ubuntu1
   apt  1.0.9.7ubuntu4.1
  SourcePackage: openldap
  Title: package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el 
subproceso instalado el script post-installation devolvió el código de salida 
de error 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/insserv/+bug/1495339/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1489071] Re: slapd expose server filestructure when issue lpadsearch with special query

2015-08-26 Thread Ryan Tandy
Please read https://help.ubuntu.com/community/ShellGlobbing to
understand how your shell interprets the * character.

** Changed in: openldap (Ubuntu)
   Status: New = Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1489071

Title:
  slapd expose server filestructure when issue lpadsearch with special
  query

Status in Developer registration portal:
  Invalid
Status in openldap package in Ubuntu:
  Invalid

Bug description:
  In my server I've made :

  ldapsearch -x -b cn=ttestaaja,dc=myserver,dc=net  *

  That will be show

  all files and folders in my /var/log/-folder

  # filter: (objectclass=*)
  # requesting: alternatives.log alternatives.log.1 alternatives.log.2.gz 
alternatives.log.3.gz apache2 apt auth.log auth.log.1 auth.log.2.gz 
auth.log.3.gz auth.log.4.gz bootstrap.log btmp btmp.1 dist-upgrade dmesg 
dpkg.log dpkg.log.1 dpkg.log.2.gz dpkg.log.3.gz dyfi-update.log faillog fsck 
installer kern.log kern.log.1 kern.log.2.gz kern.log.3.gz kern.log.4.gz 
landscape lastlog mail.log mail.log.1 mail.log.2.gz mail.log.3.gz mail.log.4.gz 
mysql openldap.log php5-fpm.log php5-fpm.log.1 php5-fpm.log.10.gz 
php5-fpm.log.2.gz php5-fpm.log.3.gz php5-fpm.log.4.gz php5-fpm.log.5.gz 
php5-fpm.log.6.gz php5-fpm.log.7.gz php5-fpm.log.8.gz php5-fpm.log.9.gz redis 
syslog syslog.1 syslog.2.gz syslog.3.gz syslog.4.gz syslog.5.gz syslog.6.gz 
syslog.7.gz ufw.log ufw.log.1 ufw.log.2.gz ufw.log.3.gz ufw.log.4.gz 
unattended-upgrades wtmp wtmp.1 
  #

  # search result
  search: 2
  result: 32 No such object
  matchedDN: dc=myserver,dc=net

  # numResponses: 1

  and

  ldapsearch -x -b cn=ttestaaja,dc=myserver,dc=net /etc/*

  
  # extended LDIF
  #
  # LDAPv3
  # base cn=ttestaaja,dc=myserver,dc=net with scope subtree
  # filter: (objectclass=*)
  # requesting: /etc/acpi /etc/adduser.conf /etc/aliases /etc/aliases.db 
/etc/alternatives /etc/apache2 /etc/apm /etc/apparmor /etc/apparmor.d 
/etc/apport /etc/apt /etc/at.deny /etc/bash.bashrc /etc/bash_completion 
/etc/bash_completion.d /etc/bind /etc/bindresvport.blacklist /etc/binfmt.d 
/etc/byobu /etc/ca-certificates /etc/ca-certificates.conf /etc/calendar 
/etc/chatscripts /etc/checkinstallrc /etc/console-setup /etc/cron.d 
/etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/crontab 
/etc/cron.weekly /etc/dbus-1 /etc/debconf.conf /etc/debian_version /etc/default 
/etc/deluser.conf /etc/depmod.d /etc/dhcp /etc/dpkg /etc/emacs /etc/environment 
/etc/fonts /etc/fstab /etc/fuse.conf /etc/gai.conf /etc/groff /etc/group 
/etc/group- /etc/grub.d /etc/gshadow /etc/gshadow- /etc/gss /etc/hdparm.conf 
/etc/host.conf /etc/hostname /etc/hosts /etc/hosts.allow /etc/hosts.deny 
/etc/ifplugd /etc/init /etc/init.d /etc/initramfs-tools /etc/inputrc 
/etc/insserv /etc/insserv.conf /etc/insserv.conf.d /
 etc/iproute2 /etc/irssi.conf /etc/iscsi /etc/issue /etc/issue.net /etc/kbd 
/etc/kernel /etc/kernel-img.conf /etc/landscape /etc/ldap /etc/ldapscripts 
/etc/ld.so.cache /etc/ld.so.conf /etc/ld.so.conf.d /etc/legal 
/etc/libaudit.conf /etc/libnl-3 /etc/locale.alias /etc/localtime /etc/logcheck 
/etc/login.defs /etc/logrotate.conf /etc/logrotate.d /etc/lsb-release 
/etc/ltrace.conf /etc/lvm /etc/machine-id /etc/magic /etc/magic.mime 
/etc/mailcap /etc/mailcap.order /etc/manpath.config /etc/mime.types 
/etc/mke2fs.conf /etc/modprobe.d /etc/modules /etc/modules-load.d /etc/mtab 
/etc/mysql /etc/nanorc /etc/network /etc/networks /etc/newt /etc/nsswitch.conf 
/etc/opt /etc/os-release /etc/pam.conf /etc/pam.d /etc/passwd /etc/passwd- 
/etc/perl /etc/php5 /etc/phpldapadmin /etc/pm /etc/polkit-1 
/etc/popularity-contest.conf /etc/postfix /etc/ppp /etc/profile /etc/profile.d 
/etc/protocols /etc/python /etc/python2.7 /etc/python3 /etc/python3.4 
/etc/rc0.d /etc/rc1.d /etc/rc2.d /etc/rc3.d /etc/rc4.d /etc/
 rc5.d /etc/rc6.d /etc/rc.local /etc/rcS.d /etc/redis /etc/resolvconf 
/etc/resolv.conf /etc/rmt /etc/rpc /etc/rsyslog.conf /etc/rsyslog.d 
/etc/screenrc /etc/securetty /etc/security /etc/selinux /etc/services /etc/sgml 
/etc/shadow /etc/shadow- /etc/shells /etc/skel /etc/ssh /etc/ssl /etc/subgid 
/etc/subgid- /etc/subuid /etc/subuid- /etc/sudoers /etc/sudoers.d 
/etc/sysctl.conf /etc/sysctl.d /etc/systemd /etc/terminfo /etc/timezone 
/etc/tmpfiles.d /etc/ucf.conf /etc/udev /etc/ufw /etc/updatedb.conf 
/etc/update-manager /etc/update-motd.d /etc/update-notifier /etc/vim /etc/vtrgb 
/etc/w3m /etc/wgetrc /etc/wpa_supplicant /etc/X11 /etc/xdg /etc/xml 
/etc/zsh_command_not_found 
  #

  Same with also with i.e /home folder

  lsb_release -ar
  Distributor ID:   Ubuntu
  Description:  Ubuntu 15.04
  Release:  15.04
  Codename: vivid

  slapd:
Asennettu: 2.4.31-1+nmu2ubuntu12.2
Ehdokas:   2.4.31-1+nmu2ubuntu12.2
Versiotaulukko:
   *** 2.4.31-1+nmu2ubuntu12.2 0
  500 http://fi.archive.ubuntu.com/ubuntu/ vivid-updates/main amd64 

[Touch-packages] [Bug 1479512] Re: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: package libldap-2.4-2:i386 is already installed and configured

2015-07-29 Thread Ryan Tandy
Thanks for the report. I guess apt has gotten confused since you had to
reboot in the middle of the upgrade. I don't know that there's anything
I can do about it from openldap's end, though.

** Package changed: openldap (Ubuntu) = apt (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1479512

Title:
  package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu12.2 failed to
  install/upgrade: package libldap-2.4-2:i386 is already installed and
  configured

Status in apt package in Ubuntu:
  New

Bug description:
  Ran the software updater application, whole session froze while
  configuring kernel image 3.19.0-25. Cold rebooted machine, and was
  unable to properly login with latest kernel (screen resolution was
  wrong/too small as well) Booted from earlier kernel version.

  ProblemType: Package
  DistroRelease: Ubuntu 15.04
  Package: libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu12.2
  ProcVersionSignature: Ubuntu 3.19.0-18.18-generic 3.19.6
  Uname: Linux 3.19.0-18-generic x86_64
  NonfreeKernelModules: nvidia wl
  ApportVersion: 2.17.2-0ubuntu1.1
  AptdaemonVersion: 1.1.1+bzr982-0ubuntu3.1
  Architecture: amd64
  Date: Sun Jul 26 19:51:13 2015
  DuplicateSignature: 
package:libldap-2.4-2:i386:2.4.31-1+nmu2ubuntu12.2:package libldap-2.4-2:i386 
is already installed and configured
  ErrorMessage: package libldap-2.4-2:i386 is already installed and configured
  InstallationDate: Installed on 2015-05-25 (65 days ago)
  InstallationMedia: Ubuntu 15.04 Vivid Vervet - Release amd64 (20150422)
  PackageArchitecture: i386
  RelatedPackageVersions:
   dpkg 1.17.25ubuntu1
   apt  1.0.9.7ubuntu4.1
  SourcePackage: openldap
  Title: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu12.2 failed to 
install/upgrade: package libldap-2.4-2:i386 is already installed and configured
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1479512/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail

2015-07-28 Thread Ryan Tandy
With slapd from vivid-updates:

# dpkg-query -W slapd
slapd   2.4.31-1+nmu2ubuntu12.1
# ldapwhoami -H ldapi:// -QY EXTERNAL
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

With slapd from vivid-proposed:

# dpkg-query -W slapd
slapd   2.4.31-1+nmu2ubuntu12.2
# ldapwhoami -H ldapi:// -QY EXTERNAL
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

Marking verified.

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1392018

Title:
  apparmor stops /var/run/ldapi from being read causing ldap to fail

Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Utopic:
  Won't Fix
Status in openldap source package in Vivid:
  Fix Committed

Bug description:
  [Impact]

  * Changes to AppArmor's unix socket mediation in utopic and later
  require servers to have 'rw' file permissions on socket paths,
  compared to just 'w' previously.

  * This bug breaks any application that tries to communicate with slapd
  via the ldapi:// scheme, for example heimdal-kdc.

  * The recommended way to configure slapd in Ubuntu is to authenticate
  via SASL EXTERNAL over the ldapi socket. This bug prevents online
  configuration of slapd (via ldapmodify) in the default setup.

  [Test Case]

  apt-get install slapd
  ldapwhoami -H ldapi:// -QY EXTERNAL

  Expected result:
  dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

  Actual result:
  ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

  [Regression Potential]

  * Extremely low potential for regression. No code changes, only
  granting an additional permission on contents of two directories. The
  worst possible regression is that slapd might be permitted to read
  some files it shouldn't, but having such files in /run/{slapd,nslcd}
  seems unlikely.

  [Other Info]

  Test packages can be found in ppa:rtandy/lp1392018

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1472639] Re: apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket

2015-07-24 Thread Ryan Tandy
Hi Kartik,

To help me reproduce and verify this, can you describe your setup where
slapd stores its credentials in the KCM?

I'm asking because I do see these denials, but they don't appear to
affect operation with a keytab, and I haven't been able to get slapd to
work without a keytab. I'm guessing I might be missing an option to
kinit (thereby caching insufficient credentials), or something.

(I can cache my own credentials in the KCM, and auth with those, just
fine.)

Or from a different angle: does your setup work properly if you aa-
complain slapd?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1472639

Title:
  apparmor profile denied for kerberos:  /run/.heim_org.h5l.kcm-socket

Status in openldap package in Ubuntu:
  New

Bug description:
  The slapd apparmor profile doesn't allow access to /run/.heim_org.h5l
  .kcm-socket which is used by kerberos:

  apparmor=DENIED operation=connect profile=/usr/sbin/slapd
  name=/run/.heim_org.h5l.kcm-socket pid=61289 comm=slapd
  requested_mask=wr denied_mask=wr fsuid=389 ouid=0

  This is as of 2.4.40+dfsg-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


  1   2   >