OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/6227
Full headers

From: mbuschman@cashnetusa.com
Subject: autogroup overlay breaks all searches
Compose comment
Download message
State:
0 replies:
5 followups: 1 2 3 4 5

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 24 Jul 2009 14:40:53 +0000
From: mbuschman@cashnetusa.com
To: openldap-its@OpenLDAP.org
Subject: autogroup overlay breaks all searches
Full_Name: Marshall Buschman
Version: 2.4.17
OS: Debian Etch
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (38.98.177.132)


I'm using OpenLDAP 2.4.17 with bdb 4.7 Debian Lenny. I've enabled the
autogroup overlay, and I get the following error when I do an ldapsearch:

$ ldapsearch -x -H "ldap://ldapserver" -b dc=cashnetusa,dc=com
# extended LDIF
...
# search result
search: 2
result: 53 Server is unwilling to perform
text: operation not supported within namingContext

Relevant config:
----------------------------------------------
moduleload autogroup

database        bdb
suffix          "dc=cashnetusa,dc=com"

overlay autogroup
autogroup-attrset groupOfURLs memberURL member
----------------------------------------------

OpenLDAP does start normally without the overlay.

Followup 1

Download message
Date: Fri, 24 Jul 2009 09:44:55 -0500
From: Marshall Buschman <mbuschman@cashnetusa.com>
To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6227) autogroup overlay breaks all searches
OS is Debian Lenny, not Debian Etch. Apologies.

openldap-its@OpenLDAP.org wrote:
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#6227.
>
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
>
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#6227)
> in the subject will automatically be attached to the issue report.
>
> 	mailto:openldap-its@openldap.org?subject=(ITS#6227)
>
> You may follow the progress of this report by loading the following
> URL in a web browser:
>     http://www.OpenLDAP.org/its/index.cgi?findid=6227
>
> Please remember to retain your issue tracking number (ITS#6227)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
>
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
>
> OpenLDAP Software is user supported.
> 	http://www.OpenLDAP.org/support/
>
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
>   



Followup 2

Download message
Date: Fri, 24 Jul 2009 09:17:56 -0700
From: Howard Chu <hyc@symas.com>
To: mbuschman@cashnetusa.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6227) autogroup overlay breaks all searches
Fixed now in CVS HEAD.

mbuschman@cashnetusa.com wrote:
> Full_Name: Marshall Buschman
> Version: 2.4.17
> OS: Debian Etch
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (38.98.177.132)
>

> I'm using OpenLDAP 2.4.17 with bdb 4.7 Debian Lenny. I've enabled the
> autogroup overlay, and I get the following error when I do an ldapsearch:
>
> $ ldapsearch -x -H "ldap://ldapserver" -b dc=cashnetusa,dc=com
> # extended LDIF
> ...
> # search result
> search: 2
> result: 53 Server is unwilling to perform
> text: operation not supported within namingContext
>
> Relevant config:
> ----------------------------------------------
> moduleload autogroup
>
> database        bdb
> suffix          "dc=cashnetusa,dc=com"
>
> overlay autogroup
> autogroup-attrset groupOfURLs memberURL member
> ----------------------------------------------
>
> OpenLDAP does start normally without the overlay.
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 3

Download message
Date: Mon, 03 Aug 2009 16:19:26 -0500
From: Marshall Buschman <mbuschman@cashnetusa.com>
CC: openldap-its@openldap.org
Subject: Re: (ITS#6227) autogroup overlay breaks all searches
Confirmed working.
Also experienced (possibly unrelated?) segfault on slapadd.

hyc@symas.com wrote:
> Fixed now in CVS HEAD.
>
> mbuschman@cashnetusa.com wrote:
>   
>> Full_Name: Marshall Buschman
>> Version: 2.4.17
>> OS: Debian Etch
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (38.98.177.132)
>>
>>     
>
>   
>> I'm using OpenLDAP 2.4.17 with bdb 4.7 Debian Lenny. I've enabled the
>> autogroup overlay, and I get the following error when I do an
ldapsearch:
>>
>> $ ldapsearch -x -H "ldap://ldapserver" -b dc=cashnetusa,dc=com
>> # extended LDIF
>> ...
>> # search result
>> search: 2
>> result: 53 Server is unwilling to perform
>> text: operation not supported within namingContext
>>
>> Relevant config:
>> ----------------------------------------------
>> moduleload autogroup
>>
>> database        bdb
>> suffix          "dc=cashnetusa,dc=com"
>>
>> overlay autogroup
>> autogroup-attrset groupOfURLs memberURL member
>> ----------------------------------------------
>>
>> OpenLDAP does start normally without the overlay.
>>
>>     
>
>
>   



Followup 4

Download message
Date: Mon, 03 Aug 2009 14:48:57 -0700
From: Howard Chu <hyc@symas.com>
To: mbuschman@cashnetusa.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6227) autogroup overlay breaks all searches
mbuschman@cashnetusa.com wrote:
> Confirmed working.
> Also experienced (possibly unrelated?) segfault on slapadd.

We can't tell if it's related or not unless you post the stack trace from the 
segfault.
>
> hyc@symas.com wrote:
>> Fixed now in CVS HEAD.
>>
>> mbuschman@cashnetusa.com wrote:
>>
>>> Full_Name: Marshall Buschman
>>> Version: 2.4.17
>>> OS: Debian Etch
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (38.98.177.132)
>>>
>>>
>>
>>
>>> I'm using OpenLDAP 2.4.17 with bdb 4.7 Debian Lenny. I've enabled
the
>>> autogroup overlay, and I get the following error when I do an
ldapsearch:
>>>
>>> $ ldapsearch -x -H "ldap://ldapserver" -b dc=cashnetusa,dc=com
>>> # extended LDIF
>>> ...
>>> # search result
>>> search: 2
>>> result: 53 Server is unwilling to perform
>>> text: operation not supported within namingContext
>>>
>>> Relevant config:
>>> ----------------------------------------------
>>> moduleload autogroup
>>>
>>> database        bdb
>>> suffix          "dc=cashnetusa,dc=com"
>>>
>>> overlay autogroup
>>> autogroup-attrset groupOfURLs memberURL member
>>> ----------------------------------------------
>>>
>>> OpenLDAP does start normally without the overlay.
>>>
>>>
>>
>>
>>
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 5

Download message
Date: Fri, 07 Aug 2009 12:30:33 -0400
From: Ryan Steele <ryans@aweber.com>
To: openldap-its@OpenLDAP.org
CC: mbuschman@cashnetusa.com
Subject: Re: (ITS#6227) autogroup overlay breaks all searches
I can confirm that the segfault on slapadd, slapcat, and friends were in fact a
result of this bug.  I don't have the
strace handy which confirmed it, but after applying Howard's patch and
repackaging the .deb (Ubuntu Jaunty), I see none
of the aforementioned segfaults.

Regards,
Ryan

-- 
Ryan Steele                                    ryans-at-aweber-dot-com
Systems Administrator                          +1 215-825-2196 x758
AWeber Communications                          http://www.aweber.com


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org