OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/7796
Full headers

From: michael@stroeder.com
Subject: LDAP_DEBUG_TRACE for "not indexed" log messages
Compose comment
Download message
State:
0 replies:
6 followups: 1 2 3 4 5 6

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 06 Feb 2014 12:32:05 +0000
From: michael@stroeder.com
To: openldap-its@OpenLDAP.org
Subject: LDAP_DEBUG_TRACE for "not indexed" log messages
Full_Name: 
Version: HEAD and RE24
OS: 
URL: 
Submission from: (NULL) (212.227.35.93)


Especially when using set-based ACLs the amount of "not indexed" messages is
really annoying even when only "loglevel stats" is used.

Since those messages are useless even for beginners the log-level should be
changed to LDAP_DEBUG_TRACE instead of LDAP_DEBUG_ANY.

Followup 1

Download message
To: <openldap-its@OpenLDAP.org>
From: "Michael =?UTF-8?B?U3Ryw7ZkZXI=?=" <michael@stroeder.com>
Subject: Re: (ITS#7796) LDAP_DEBUG_TRACE for "not indexed" log messages
Date: Thu, 06 Feb 2014 13:38:10 +0100
----==67b6fd74c7313eed06f01db906d1b2a0
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit

I, Michael Str..der, hereby place the attached modifications to OpenLDAP
Software (and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.


----==67b6fd74c7313eed06f01db906d1b2a0
Content-Type: text/x-patch; name="openldap-master-its7796.patch"
Content-Disposition: attachment; filename="openldap-master-its7796.patch"
Content-Transfer-Encoding: base64

ZGlmZiAtLWdpdCBhL3NlcnZlcnMvc2xhcGQvYmFjay1iZGIvZmlsdGVyaW5kZXguYyBiL3NlcnZl
cnMvc2xhcGQvYmFjay1iZGIvZmlsdGVyaW5kZXguYwppbmRleCA3MWUzZWE0Li5iYWZlZjcyIDEw
MDY0NAotLS0gYS9zZXJ2ZXJzL3NsYXBkL2JhY2stYmRiL2ZpbHRlcmluZGV4LmMKKysrIGIvc2Vy
dmVycy9zbGFwZC9iYWNrLWJkYi9maWx0ZXJpbmRleC5jCkBAIC03NDEsNyArNzQxLDcgQEAgZXF1
YWxpdHlfY2FuZGlkYXRlcygKIAkJJmRiLCAmbWFzaywgJnByZWZpeCApOwogCiAJaWYgKCByYyA9
PSBMREFQX0lOQVBQUk9QUklBVEVfTUFUQ0hJTkcgKSB7Ci0JCURlYnVnKCBMREFQX0RFQlVHX0FO
WSwKKwkJRGVidWcoIExEQVBfREVCVUdfVFJBQ0UsCiAJCQkiPD0gYmRiX2VxdWFsaXR5X2NhbmRp
ZGF0ZXM6ICglcykgbm90IGluZGV4ZWRcbiIsIAogCQkJYXZhLT5hYV9kZXNjLT5hZF9jbmFtZS5i
dl92YWwsIDAsIDAgKTsKIAkJcmV0dXJuIDA7CkBAIC04NTgsNyArODU4LDcgQEAgYXBwcm94X2Nh
bmRpZGF0ZXMoCiAJCSZkYiwgJm1hc2ssICZwcmVmaXggKTsKIAogCWlmICggcmMgPT0gTERBUF9J
TkFQUFJPUFJJQVRFX01BVENISU5HICkgewotCQlEZWJ1ZyggTERBUF9ERUJVR19BTlksCisJCURl
YnVnKCBMREFQX0RFQlVHX1RSQUNFLAogCQkJIjw9IGJkYl9hcHByb3hfY2FuZGlkYXRlczogKCVz
KSBub3QgaW5kZXhlZFxuIiwKIAkJCWF2YS0+YWFfZGVzYy0+YWRfY25hbWUuYnZfdmFsLCAwLCAw
ICk7CiAJCXJldHVybiAwOwpAQCAtOTc4LDcgKzk3OCw3IEBAIHN1YnN0cmluZ19jYW5kaWRhdGVz
KAogCQkmZGIsICZtYXNrLCAmcHJlZml4ICk7CiAKIAlpZiAoIHJjID09IExEQVBfSU5BUFBST1BS
SUFURV9NQVRDSElORyApIHsKLQkJRGVidWcoIExEQVBfREVCVUdfQU5ZLAorCQlEZWJ1ZyggTERB
UF9ERUJVR19UUkFDRSwKIAkJCSI8PSBiZGJfc3Vic3RyaW5nX2NhbmRpZGF0ZXM6ICglcykgbm90
IGluZGV4ZWRcbiIsCiAJCQlzdWItPnNhX2Rlc2MtPmFkX2NuYW1lLmJ2X3ZhbCwgMCwgMCApOwog
CQlyZXR1cm4gMDsKQEAgLTEwOTUsNyArMTA5NSw3IEBAIGluZXF1YWxpdHlfY2FuZGlkYXRlcygK
IAkJJmRiLCAmbWFzaywgJnByZWZpeCApOwogCiAJaWYgKCByYyA9PSBMREFQX0lOQVBQUk9QUklB
VEVfTUFUQ0hJTkcgKSB7Ci0JCURlYnVnKCBMREFQX0RFQlVHX0FOWSwKKwkJRGVidWcoIExEQVBf
REVCVUdfVFJBQ0UsCiAJCQkiPD0gYmRiX2luZXF1YWxpdHlfY2FuZGlkYXRlczogKCVzKSBub3Qg
aW5kZXhlZFxuIiwgCiAJCQlhdmEtPmFhX2Rlc2MtPmFkX2NuYW1lLmJ2X3ZhbCwgMCwgMCApOwog
CQlyZXR1cm4gMDsKZGlmZiAtLWdpdCBhL3NlcnZlcnMvc2xhcGQvYmFjay1tZGIvZmlsdGVyaW5k
ZXguYyBiL3NlcnZlcnMvc2xhcGQvYmFjay1tZGIvZmlsdGVyaW5kZXguYwppbmRleCA1OGMxY2M4
Li4yMGM1OGI3IDEwMDY0NAotLS0gYS9zZXJ2ZXJzL3NsYXBkL2JhY2stbWRiL2ZpbHRlcmluZGV4
LmMKKysrIGIvc2VydmVycy9zbGFwZC9iYWNrLW1kYi9maWx0ZXJpbmRleC5jCkBAIC03MDksNyAr
NzA5LDcgQEAgZXF1YWxpdHlfY2FuZGlkYXRlcygKIAkJJmRiaSwgJm1hc2ssICZwcmVmaXggKTsK
IAogCWlmICggcmMgPT0gTERBUF9JTkFQUFJPUFJJQVRFX01BVENISU5HICkgewotCQlEZWJ1Zygg
TERBUF9ERUJVR19BTlksCisJCURlYnVnKCBMREFQX0RFQlVHX1RSQUNFLAogCQkJIjw9IG1kYl9l
cXVhbGl0eV9jYW5kaWRhdGVzOiAoJXMpIG5vdCBpbmRleGVkXG4iLCAKIAkJCWF2YS0+YWFfZGVz
Yy0+YWRfY25hbWUuYnZfdmFsLCAwLCAwICk7CiAJCXJldHVybiAwOwpAQCAtODI1LDcgKzgyNSw3
IEBAIGFwcHJveF9jYW5kaWRhdGVzKAogCQkmZGJpLCAmbWFzaywgJnByZWZpeCApOwogCiAJaWYg
KCByYyA9PSBMREFQX0lOQVBQUk9QUklBVEVfTUFUQ0hJTkcgKSB7Ci0JCURlYnVnKCBMREFQX0RF
QlVHX0FOWSwKKwkJRGVidWcoIExEQVBfREVCVUdfVFJBQ0UsCiAJCQkiPD0gbWRiX2FwcHJveF9j
YW5kaWRhdGVzOiAoJXMpIG5vdCBpbmRleGVkXG4iLAogCQkJYXZhLT5hYV9kZXNjLT5hZF9jbmFt
ZS5idl92YWwsIDAsIDAgKTsKIAkJcmV0dXJuIDA7CkBAIC05NDQsNyArOTQ0LDcgQEAgc3Vic3Ry
aW5nX2NhbmRpZGF0ZXMoCiAJCSZkYmksICZtYXNrLCAmcHJlZml4ICk7CiAKIAlpZiAoIHJjID09
IExEQVBfSU5BUFBST1BSSUFURV9NQVRDSElORyApIHsKLQkJRGVidWcoIExEQVBfREVCVUdfQU5Z
LAorCQlEZWJ1ZyggTERBUF9ERUJVR19UUkFDRSwKIAkJCSI8PSBtZGJfc3Vic3RyaW5nX2NhbmRp
ZGF0ZXM6ICglcykgbm90IGluZGV4ZWRcbiIsCiAJCQlzdWItPnNhX2Rlc2MtPmFkX2NuYW1lLmJ2
X3ZhbCwgMCwgMCApOwogCQlyZXR1cm4gMDsKQEAgLTEwNjAsNyArMTA2MCw3IEBAIGluZXF1YWxp
dHlfY2FuZGlkYXRlcygKIAkJJmRiaSwgJm1hc2ssICZwcmVmaXggKTsKIAogCWlmICggcmMgPT0g
TERBUF9JTkFQUFJPUFJJQVRFX01BVENISU5HICkgewotCQlEZWJ1ZyggTERBUF9ERUJVR19BTlks
CisJCURlYnVnKCBMREFQX0RFQlVHX1RSQUNFLAogCQkJIjw9IG1kYl9pbmVxdWFsaXR5X2NhbmRp
ZGF0ZXM6ICglcykgbm90IGluZGV4ZWRcbiIsIAogCQkJYXZhLT5hYV9kZXNjLT5hZF9jbmFtZS5i
dl92YWwsIDAsIDAgKTsKIAkJcmV0dXJuIDA7Cg==

----==67b6fd74c7313eed06f01db906d1b2a0--




Followup 2

Download message
Date: Thu, 06 Feb 2014 19:40:18 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#7796) LDAP_DEBUG_TRACE for "not indexed" log messages
This is a cryptographically signed message in MIME format.

--------------ms030804020205040903090604
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I, Michael Str=F6der, hereby place the attached modifications to OpenLDAP=

Software (and only these modifications) into the public domain. Hence, th=
ese
modifications may be freely used and/or redistributed for any purpose wit=
h or
without attribution and/or other notice.

Resent as readable ASCII diff for ITS.

diff --git a/servers/slapd/back-bdb/filterindex.c
b/servers/slapd/back-bdb/filterindex.c
index 71e3ea4..bafef72 100644
--- a/servers/slapd/back-bdb/filterindex.c
+++ b/servers/slapd/back-bdb/filterindex.c
@@ -741,7 +741,7 @@ equality_candidates(
 		&db, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D bdb_equality_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -858,7 +858,7 @@ approx_candidates(
 		&db, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D bdb_approx_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -978,7 +978,7 @@ substring_candidates(
 		&db, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D bdb_substring_candidates: (%s) not indexed\n",
 			sub->sa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -1095,7 +1095,7 @@ inequality_candidates(
 		&db, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D bdb_inequality_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
diff --git a/servers/slapd/back-mdb/filterindex.c
b/servers/slapd/back-mdb/filterindex.c
index 58c1cc8..20c58b7 100644
--- a/servers/slapd/back-mdb/filterindex.c
+++ b/servers/slapd/back-mdb/filterindex.c
@@ -709,7 +709,7 @@ equality_candidates(
 		&dbi, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D mdb_equality_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -825,7 +825,7 @@ approx_candidates(
 		&dbi, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D mdb_approx_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -944,7 +944,7 @@ substring_candidates(
 		&dbi, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D mdb_substring_candidates: (%s) not indexed\n",
 			sub->sa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;
@@ -1060,7 +1060,7 @@ inequality_candidates(
 		&dbi, &mask, &prefix );

 	if ( rc =3D=3D LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
+		Debug( LDAP_DEBUG_TRACE,
 			"<=3D mdb_inequality_candidates: (%s) not indexed\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 		return 0;



--------------ms030804020205040903090604
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFfzCC
BXswggNjoAMCAQICAwxOfTANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMjEw
MDIyMDE3MDlaFw0xNDEwMDIyMDE3MDlaMD8xGDAWBgNVBAMUD01pY2hhZWwgU3Ry9mRlcjEj
MCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDo2SKth5GhtaDrCyfGtyUG+/hAAa/J52L0NFN4SSRvTtdGf9HfWwwd
NCtgae0TVGWk2lKDbXA9d5vmyIiRhuwxd90H6FLErhRBeB9G67qtw87E8WUoXt2DwPQEUTWV
hqHpPadlmgFw3+i3TGQQTe3O3W9MMMd4GJNhObem2VGRuCD37OXnzBksTcq0FPJgcWAhe3d/
0ItOkNWBqgq8Mf3p7WFBhaQ0a27BC/mKtH8fI3kPcS305imPRja69Msq3EwUZBc9ToVp6FRQ
NYKjfOBybDUzVkmRZl3H8xutQP2w8Zxb8m5f7Q1BfLLrIFScfYvIDgOERxTCd4lab8+/09XH
AgMBAAGjggFEMIIBQDAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91
ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMCA6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMC
BgorBgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIG
CCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMDEGA1UdHwQqMCgwJqAkoCKGIGh0
dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ry
b2VkZXIuY29tMA0GCSqGSIb3DQEBBQUAA4ICAQC9ouXq3p/bDWMM4tBKgD3tl4HY5H0eECl8
q9/nqk0UL6YeWkrCiQdrDtNPW7DcGqNYtzdgtzmyTr1GhiAX+igrOjdk/ge5NRcQOpONK/4b
zrmpQE

Message of length 6896 truncated


Followup 3

Download message
Date: Sat, 08 Mar 2014 16:18:14 -0800
From: Howard Chu <hyc@symas.com>
To: "openldap-its@openldap.org" <openldap-its@openldap.org>
Subject: ITS#7796 "not indexed" log messages
I'd consider instead, resurrecting the LDAP_DEBUG_INDEX debug flag, or putting 
these in LDAP_DEBUG_FILTER. TRACE is already too verbose.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 4

Download message
Date: Sun, 09 Mar 2014 10:52:03 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
To: hyc@symas.com, openldap-its@openldap.org
Subject: Re: ITS#7796 "not indexed" log messages
hyc@symas.com wrote:
> I'd consider instead, resurrecting the LDAP_DEBUG_INDEX debug flag, or
putting 
> these in LDAP_DEBUG_FILTER. TRACE is already too verbose.

I'm fine with any solution which avoids that these messages are sent to the
log in case of "loglevel stats stats2".

Ciao, Michael.



Followup 5

Download message
Date: Sun, 9 Mar 2014 11:05:05 +0100 (CET)
From: Christian Kratzer <ck-lists@cksoft.de>
To: michael@stroeder.com
cc: openldap-its@openldap.org
Subject: Re: ITS#7796 "not indexed" log messages
Hi,

On Sun, 9 Mar 2014, michael@stroeder.com wrote:

> hyc@symas.com wrote:
>> I'd consider instead, resurrecting the LDAP_DEBUG_INDEX debug flag, or
putting
>> these in LDAP_DEBUG_FILTER. TRACE is already too verbose.
>
> I'm fine with any solution which avoids that these messages are sent to the
> log in case of "loglevel stats stats2".

I would also welcome a separate loglevel for these daemon messages:

   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: read activity on 9
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: select: listen=6 active_threads=0
tvp=zero
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: select: listen=7 active_threads=0
tvp=zero
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: activity on 1 descriptor
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: waked
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: select: listen=6 active_threads=0
tvp=zero
   Mar  9 11:00:24 ldap1 slapd[19539]: daemon: select: listen=7 active_threads=0
tvp=zero

They currently seem to be triggered by loglevel conns.

So what about adding loglevel daemon or even conns2 for these.

Greetings
Christian

-- 
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/



Followup 6

Download message
Date: Sun, 22 Feb 2015 17:05:00 +0100
From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>
To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7796) LDAP_DEBUG_TRACE for "not indexed" log messages
Could you please add this patch to RE24?

The amount of unneeded log messages in my setup with lots of ACLs using
non-indexed filters is huge and I hate to maintain local build patches.

Ciao, Michael.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org