[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6540) test022-ppolicy is flawed, masks serious stability issue

It is also bears mentioning that test022-ppolicy has not changed at all since 2.4.18, and so would never detect this
problem, even using the most recent stable version.  As I mentioned, ldapsearch does not trigger any errors - only
slapcat does (and of course, starting slapd, which fails as is detailed above).

If you really want to test this, you must restart the server on which the chaining configuration from test022-ppolicy
has been added, and then run slapcat.  I am not the only one to run in to this; for example, this individual has the
exact same issue, with no resolution: http://www.openldap.org/lists/openldap-software/200907/msg00118.html

I'd be more than happy to patch the source, if such a patch existed.  But since nothing seems to have changed in the
relevant bits of code that would affect this behavior, and no corresponding ITS exists, that would lead me to believe it
is thusly undocumented, except for similar on-list complaints.  If you can show me where in the back-ldap code you
believe I've missed said patch or refactoring, I've got no problem admitting I missed it, but I don't see any such

I'm sure not everybody has the time to build from completely new source every time a bug is unearthed, and while I do
not object to doing that as soon as I can, right now I have a slapd server that is down because of this, so top priority
is to evaluate the code to figure out where this bug is stemming from and fix it so I can restart slapd.  Next priority
is building and testing new packages.  I mean no disrespect by this, but dropping everything to do this and work out any
new issues, bugs, and compatibility problems and separate those from this pre-existing buggy behavior, seems hasty at
best, especially when there's no concretely identified reason for doing so (i.e., this revision had change X, which
fixes problem Y).

I'm still reviewing the relevant code (which AFAICT hasn't changed) to figure out what's going on here and put out the
immediate fire so that I can at least restore services, at which point I will obviously have to make the time to
completely upgrade it all.