Full_Name: Version: RE24 8a0ce24c5abaf687a41696d988f6a1330128368d OS: URL: Submission from: (NULL) (79.227.171.183) It seems there's a regression in slapo-constraint possibly caused by a patch for ITS#7168. If the client sends valid data which not violates a constraint CONSTRAINT_VIOLATION is returned: delete: departmentNumber departmentNumber: old_number - add: departmentNumber departmentNumber: new_number - It seems turning off only the constraint for departmentNumber does not help. Turning off all constraints makes it work.
On 07/27/2012 10:47 PM, michael@stroeder.com wrote: > Full_Name: > Version: RE24 8a0ce24c5abaf687a41696d988f6a1330128368d > OS: > URL: > Submission from: (NULL) (79.227.171.183) > > > It seems there's a regression in slapo-constraint possibly caused by a patch for > ITS#7168. > > If the client sends valid data which not violates a constraint > CONSTRAINT_VIOLATION is returned: > > delete: departmentNumber > departmentNumber: old_number > - > add: departmentNumber > departmentNumber: new_number > - > > It seems turning off only the constraint for departmentNumber does not help. > Turning off all constraints makes it work. > This works for me: slapd.ldif: ... dn: olcOverlay=constraint,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: constraint olcConstraintAttribute: mail count 3 olcConstraintAttribute: description count 2 ... root.ldif: dn: dc=my-domain,dc=com objectclass: dcObject objectclass: organization dc: my-domain o: My Domain corp. user.ldif: dn: cn=usr2,dc=my-domain,dc=com objectclass: inetOrgPerson objectclass: organizationalPerson cn: usr2 sn: usr2 mail: original@email.com description: desc1 description: desc2 test.ldif: dn: cn=usr2,dc=my-domain,dc=com changetype: modify delete: description description: desc1 - add: description description: desc1-mod < operation is successful > Am I misunderstanding something? If it still doesn't work for you, please, provide more information including your configuration and an example that fails. -- Jan Synacek Software Engineer, BaseOS team Brno, Red Hat
Jan Synacek wrote: > On 07/27/2012 10:47 PM, michael@stroeder.com wrote: >> It seems there's a regression in slapo-constraint possibly caused by a patch for >> ITS#7168. > > This works for me: > > slapd.ldif: > ... > dn: olcOverlay=constraint,olcDatabase={1}bdb,cn=config > objectClass: olcOverlayConfig > objectClass: olcConstraintConfig > olcOverlay: constraint > olcConstraintAttribute: mail count 3 > olcConstraintAttribute: description count 2 > ... From the excerpt above it seems you've only added a count constraint. Please use more features of slapo-constraint for testing, e.g. regex- or URL-based constraints. The patch for ITS#7168 broke all my customer setups since I'm slapo-constraint quite heavily. Ciao, Michael.
On 07/30/2012 08:38 PM, Michael Ströder wrote: > Jan Synacek wrote: >> On 07/27/2012 10:47 PM, michael@stroeder.com wrote: >>> It seems there's a regression in slapo-constraint possibly caused by a patch for >>> ITS#7168. >> >> This works for me: >> >> slapd.ldif: >> ... >> dn: olcOverlay=constraint,olcDatabase={1}bdb,cn=config >> objectClass: olcOverlayConfig >> objectClass: olcConstraintConfig >> olcOverlay: constraint >> olcConstraintAttribute: mail count 3 >> olcConstraintAttribute: description count 2 >> ... > > From the excerpt above it seems you've only added a count constraint. > > Please use more features of slapo-constraint for testing, e.g. regex- or > URL-based constraints. > > The patch for ITS#7168 broke all my customer setups since I'm slapo-constraint > quite heavily. > > Ciao, Michael. > I'm having hard time reproducing this. Still works for me. Please provide a minimal setup and an example that fails, so I can fix the patch. Thank you. -- Jan Synacek Software Engineer, BaseOS team Brno, Red Hat
--On Tuesday, July 31, 2012 11:41 AM +0000 jsynacek@redhat.com wrote: > On 07/30/2012 08:38 PM, Michael Str?der wrote: >> Jan Synacek wrote: >>> On 07/27/2012 10:47 PM, michael@stroeder.com wrote: >>>> It seems there's a regression in slapo-constraint possibly caused by a >>>> patch for ITS#7168. >>> >>> This works for me: >>> >>> slapd.ldif: >>> ... >>> dn: olcOverlay=constraint,olcDatabase={1}bdb,cn=config >>> objectClass: olcOverlayConfig >>> objectClass: olcConstraintConfig >>> olcOverlay: constraint >>> olcConstraintAttribute: mail count 3 >>> olcConstraintAttribute: description count 2 >>> ... >> >> From the excerpt above it seems you've only added a count constraint. >> >> Please use more features of slapo-constraint for testing, e.g. regex- or >> URL-based constraints. >> >> The patch for ITS#7168 broke all my customer setups since I'm >> slapo-constraint quite heavily. >> >> Ciao, Michael. >> > > I'm having hard time reproducing this. Still works for me. > > Please provide a minimal setup and an example that fails, so I can fix the > patch. Thank you. Hi Michael, Have you had any luck in providing a configuration that doesn't work to Jan, so this can be resolved? Thanks, Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
quanah@zimbra.com wrote: > --On Tuesday, July 31, 2012 11:41 AM +0000 jsynacek@redhat.com wrote: >> I'm having hard time reproducing this. Still works for me. >> >> Please provide a minimal setup and an example that fails, so I can fix the >> patch. Thank you. > > Have you had any luck in providing a configuration that doesn't work to > Jan, so this can be resolved? I'm currently *very* busy. It's definitely on my TODO list to provide a test config. One question: Is the patch still enabled in GIT master? I experienced the regression with RE24 but did not test with master yet. But if it works with master the porting to RE24 might have been incomplete back then. Ciao, Michael.
--On Saturday, August 18, 2012 2:06 PM +0200 Michael Ströder <michael@stroeder.com> wrote: > quanah@zimbra.com wrote: >> --On Tuesday, July 31, 2012 11:41 AM +0000 jsynacek@redhat.com wrote: >>> I'm having hard time reproducing this. Still works for me. >>> >>> Please provide a minimal setup and an example that fails, so I can fix >>> the patch. Thank you. >> >> Have you had any luck in providing a configuration that doesn't work to >> Jan, so this can be resolved? > > I'm currently *very* busy. It's definitely on my TODO list to provide a > test config. > > One question: > Is the patch still enabled in GIT master? > > I experienced the regression with RE24 but did not test with master yet. > But if it works with master the porting to RE24 might have been > incomplete back then. Ok. I'll backport it again, with the large test suite it now has as well, and see what happens. ;) --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
quanah@zimbra.com wrote: > --On Saturday, August 18, 2012 2:06 PM +0200 Michael Ströder > <michael@stroeder.com> wrote: >> I experienced the regression with RE24 but did not test with master yet. >> But if it works with master the porting to RE24 might have been >> incomplete back then. > > Ok. I'll backport it again, with the large test suite it now has as well, > and see what happens. ;) Thanks. After your commits I will test RE24 immediately with my customer's setup and provide an example config if RE24 fails. Ciao, Michael.
michael@stroeder.com wrote: > quanah@zimbra.com wrote: >> --On Saturday, August 18, 2012 2:06 PM +0200 Michael Ströder >> <michael@stroeder.com> wrote: >>> I experienced the regression with RE24 but did not test with master yet. >>> But if it works with master the porting to RE24 might have been >>> incomplete back then. >> >> Ok. I'll backport it again, with the large test suite it now has as well, >> and see what happens. ;) Retested with RE24 5e7b8160621ba7ed369ecebc0d03bed745914447 >>>>> Starting test064-constraint for bdb... running defines.sh slapadd: could not parse entry (line=883) Starting slapd on TCP/IP port 9011... Inserting constraint overlay... ldapadd failed (32)! >>>>> test064-constraint failed for bdb (exit 32) make[2]: *** [bdb-mod] Error 32 make[2]: Leaving directory `/usr/src/michael/openldap-git/re24/openldap/tests' make[1]: *** [test] Error 2 make[1]: Leaving directory `/usr/src/michael/openldap-git/re24/openldap/tests' make: *** [test] Error 2 See also http://www.stroeder.com/temp/openldap-its7340-testrun.tar.gz Ciao, Michael.
michael@stroeder.com wrote: > michael@stroeder.com wrote: >> quanah@zimbra.com wrote: >>> --On Saturday, August 18, 2012 2:06 PM +0200 Michael Ströder >>> <michael@stroeder.com> wrote: >>>> I experienced the regression with RE24 but did not test with master yet. >>>> But if it works with master the porting to RE24 might have been >>>> incomplete back then. >>> >>> Ok. I'll backport it again, with the large test suite it now has as well, >>> and see what happens. ;) > > Retested with RE24 5e7b8160621ba7ed369ecebc0d03bed745914447 > >>>>>> Starting test064-constraint for bdb... > running defines.sh > slapadd: could not parse entry (line=883) > Starting slapd on TCP/IP port 9011... > Inserting constraint overlay... > ldapadd failed (32)! >>>>>> test064-constraint failed for bdb > (exit 32) > make[2]: *** [bdb-mod] Error 32 > make[2]: Leaving directory `/usr/src/michael/openldap-git/re24/openldap/tests' > make[1]: *** [test] Error 2 > make[1]: Leaving directory `/usr/src/michael/openldap-git/re24/openldap/tests' > make: *** [test] Error 2 I see this as well. The test script is not taking into account a backend that is built as a loadable module. Will fix this shortly. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--On Monday, August 20, 2012 6:35 PM +0000 michael@stroeder.com wrote: > michael@stroeder.com wrote: > > See also > > http://www.stroeder.com/temp/openldap-its7340-testrun.tar.gz Fix for this is now in RE24, thanks! --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote: > --On Monday, August 20, 2012 6:35 PM +0000 michael@stroeder.com wrote: > >> michael@stroeder.com wrote: >> >> See also >> >> http://www.stroeder.com/temp/openldap-its7340-testrun.tar.gz > > Fix for this is now in RE24, thanks! I get now (24885ef4baaad162bff19a244709770b19983c30) false constraint violation with my customer setup. Note that in opposite to the test suite I'm using static config method. test064 also does not utilize uri- and set-based constraints - both features which I'm heavily using. I will try to come up with test cases failing this evening. Ciao, Michael.
It seems the following set-based constraints falsely fail even with valid modifications: ---------------------------- snip ---------------------------- # cn value has to be concatenated givenName SP sn constraint_attribute cn,sn,givenName set "(this/givenName + [ ] + this/sn) & this/cn" restrict="ldap:///ou=People,dc=infraldap,dc=onlinebrief,dc=de??sub?(objectClass=dpagE2Person)" # homeDirectory value has to be concatenated "/home/" uid constraint_attribute uid,homeDirectory set "([/home/] + this/uid) & this/homeDirectory" restrict="ldap:///ou=People,dc=infraldap,dc=onlinebrief,dc=de??sub?(objectClass=posixAccount)" ---------------------------- snip ---------------------------- When I disable both valid modifications work. Ciao, Michael.
On 08/21/2012 09:51 AM, michael@stroeder.com wrote: > It seems the following set-based constraints falsely fail even with valid > modifications: > > ---------------------------- snip ---------------------------- > # cn value has to be concatenated givenName SP sn > constraint_attribute cn,sn,givenName set > "(this/givenName + [ ] + this/sn) & this/cn" > > restrict="ldap:///ou=People,dc=infraldap,dc=onlinebrief,dc=de??sub?(objectClass=dpagE2Person)" > > # homeDirectory value has to be concatenated "/home/" uid > constraint_attribute uid,homeDirectory set > "([/home/] + this/uid) & this/homeDirectory" > > restrict="ldap:///ou=People,dc=infraldap,dc=onlinebrief,dc=de??sub?(objectClass=posixAccount)" > ---------------------------- snip ---------------------------- > > When I disable both valid modifications work. > > Ciao, Michael. > > Ok, here is an attempt to fix this: ftp://ftp.openldap.org/incoming/jsynacek-20120821-slapo-constraint-set-fix.patch Done on top of the latest OPENLDAP_REL_ENG_2_4 (7da024d80). Michael, can you please give it a quick try? I will update the testsuit as well. -- Jan Synacek Software Engineer, BaseOS team Brno, Red Hat
Jan Synacek wrote: > Ok, here is an attempt to fix this: > > ftp://ftp.openldap.org/incoming/jsynacek-20120821-slapo-constraint-set-fix.patch > > Done on top of the latest OPENLDAP_REL_ENG_2_4 (7da024d80). Michael, can you > please give it a quick try? Short test seems to be ok. Ciao, Michael.
changed state Open to Active
changed notes changed state Active to Test moved from Incoming to Software Bugs
changed notes changed state Test to Release
changed notes changed state Release to Closed
in master in RE24