September 2008 - 389-devel - Fedora Mailing-Lists

[Fedora-directory-devel] ldapsearch with size limit (-z) doesn't work with OR filter and range search

by Xi Sanderson

Hi, I am having a problem with the following command: ldapsearch -z 10 ... (&(attr1=val1)(|(attr2=val21)(attr2=val22))(attr3>=val3)) The command returns successfully with 0 entry. I know there are entries in my database matching the search criteria. And if I remove "-z 10" option, all the entries matching the search criteria return. More interestingly, if I switch the order of the search filter: ldapsearch -z 10 ... (&(attr1=val1)(attr3>=val3)(|(attr2=val21)(attr2=val22))) It returns 10 entries. After looking at the fedora-ds-base code, I found the following: Range search ">=" or "<=" calls index_range_read() function, which has the following code: if (!is_and) { slapi_pblock_get(pb, SLAPI_SEARCH_SIZELIMIT, &sizelimit); } When filter is not AND, client side size limit is used to filter candidates. I don't understand why client side size limit is used on server side to filter the candidates in the first place. Now "is_and" is set in list_candidates() every time when it is called and it is called for AND and OR filters. So if I have a filter like this: (&(attr1=val1)(|(attr2=val21)(attr2=val22))(attr3>=val3)) Since OR "|" is after AND "&", "is_and" is false when index_range_read() is called, size limit is used and if the candidates within the size limit don't satisfy the whole search criteria, no record is returned from the search. The code doesn't seem to understand OR is only for "(|(attr2=val21)(attr2=val22))" part of the filter. However, if I switch the filter order to: (&(attr1=val1)(attr3>=val3)(|(attr2=val21)(attr2=val22))) Now "is_and" is true when index_range_read() is called, thus no size limit is used and the records satisfy the search criteria are returned. Has anybody experienced same problem or know if there is an existing bug for this problem? Thanks, Xi

14 years, 11 months

2
1
0 / 0

[Fedora-directory-devel] Administrative limit exceeded with no results returned

by Graham Leggett

Hi all, I am having some sudden bizarre behaviour from fedora-ds-1.1.2-1.fc6. The following query, logged in as a specific user created for our mailserver, has suddenly since this morning returned the error "Administrative limit exceeded": '(&(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com)))' When the exact same query is made using the Directory Manager, it returns zero records returned, which is correct (no entries exist in the directory called imausa.net). According to the documentation for the error message "Administrative limit exceeded", this error will be thrown when more than by default 1000 rows are returned during a query by a user other than the Directory Manager. When I last looked though, zero records was well less than 1000, and I am completely stumped. Trying a domain that is hosted in this server, the query returns one single record, as expected, as the Directory Manager user. Trying the same query as the specific user created for our mailserver, we again get "Administrative limit exceeded". Has anybody encountered and error like this before? In answer to "what's changed recently", the number of records in the LDAP server was increased from just over 1000 records to around 7000 records, although I cannot be sure if this is related. The records have nothing whatsoever to do with the objects being queried by our mailserver in this case. Regards, Graham --

14 years, 12 months

3
5
0 / 0

[Fedora-directory-devel] Please review:Bug 457846 - The Windows Sync API should have plug-in points - part 3

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=457846 Resolves: bug 457846 Bug Description: The Windows Sync API should have plug-in points - part 3 Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: It turns out I was a little bit too aggressive in removing memory leaks, and broke outbound modify processing. I should not have freed new_dn since it is used elsewhere. There was an earlier memory leak related to the way new_dn was initialized, but that was fixed elsewhere. The real fix is this: - slapi_sdn_free(&new_dn); The other fixes are lots of log messages I added to help debug this problem. Platforms tested: RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=317614&action=diff

15 years

1
0
0 / 0

[Fedora-directory-devel] Please review: The Windows Sync API should have plug-in points - part 2

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=457846 Resolves: bug 457846 Bug Description: The Windows Sync API should have plug-in points - part 2 Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The modify callbacks were not sufficient to handle all cases. We need to have access to the DS entry. This changes the API to add the DS entry to the modify callbacks. I also had to change the handling of the userAccountControl - it cannot just overwrite the value, it must set the appropriate bit in the bit mask. Platforms tested: RHEL5 Flag Day: no Doc impact: yes - winsync api docs https://bugzilla.redhat.com/attachment.cgi?id=317429&action=diff

15 years

1
0
0 / 0

[Fedora-directory-devel] Please Review: (462920) Make DNA plug-in auto-extend exhausted ranges

by Nathan Kinder

https://bugzilla.redhat.com/show_bug.cgi?id=462920 Resolves: bug 462920 Bug Description: Make DNA plug-in auto-extend exhausted ranges Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: See https://bugzilla.redhat.com/show_bug.cgi?id=462920#c1 Flag Day: no Doc impact: yes https://bugzilla.redhat.com/attachment.cgi?id=317225&action=diff

15 years

1
0
0 / 0

[Fedora-directory-devel] java.lang.ClassCastException @ exec of standalone fedora-idm-console on osx

by PGNet

I'm trying to get fedora-idm-console up and running on OSX, uname -a Darwin mac03.pglan.com 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh I've upgraded to latest JDK provided by Apple, java -version java version "1.5.0_16" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_16-b06-277) Java HotSpot(TM) Client VM (build 1.5.0_16-130, mixed mode, sharing) The java upgrade causes heap-space overruns using ant; bug report here, "DirectoryScanner infinitely recurses on symlinks to parent directories" https://issues.apache.org/bugzilla/show_bug.cgi?id=45499 so I've upgraded to a src-build of Ant HEAD, ant -version Apache Ant version 1.8.0alpha compiled on September 14 2008 which cures the problem. Mozilla prereqs all build cleanly. FedoraDS project's "console", "fedora-idm-console", "directoryconsole" & "admservconsole" also build cleanly. I've installed the locally built fedora-ds & fedora-admin jars locally, ls -al ~/.fedora-idm-console/jars/ -rw-r--r-- 1 root wheel 2484780 2008-09-14 12:51 fedora-admin-1.1.2.jar -rw-r--r-- 1 root wheel 37557 2008-09-14 12:51 fedora-admin-1.1.2_en.jar lrwxr-xr-x 1 root wheel 22 2008-09-14 12:51 fedora-admin-1.1.jar -> fedora-admin-1.1.2.jar lrwxr-xr-x 1 root wheel 25 2008-09-14 12:51 fedora-admin-1.1_en.jar -> fedora-admin-1.1.2_en.jar -rw-r--r-- 1 root wheel 2469020 2008-09-14 12:38 fedora-ds-1.1.2.jar -rw-r--r-- 1 root wheel 54528 2008-09-14 12:38 fedora-ds-1.1.2_en.jar lrwxr-xr-x 1 root wheel 19 2008-09-14 12:51 fedora-ds-1.1.jar -> fedora-ds-1.1.2.jar lrwxr-xr-x 1 root wheel 22 2008-09-14 12:51 fedora-ds-1.1_en.jar -> fedora-ds-1.1.2_en.jar @ OSX shell, I launch fedora-idm-console -D 9 -f console.log and can successfully connect to FDS server running on a remote box (SLES). If, in the Fedora Management Console GUI I click through to the Servers & Applications Tab, and select the Server, I get a "Class Loader Error" dialog, "Failed to instantiate Server Object for Directory Server (fds): com.netscape.admin.dirserv.DSAdmin" @ console.log, I get, ... ERROR ServerNode.createServerInstance: could not create com.netscape.management.admserv.AdminServer@fedora-admin-1.1.jar(a)cn=admin-serv-auth, cn=Fedora Administration Server, cn=Server Group, cn=fds.server.pglan.com, ou=pglan.com, o=NetscapeRoot Exception: java.lang.ClassCastException: com.netscape.management.admserv.AdminServer ... ERROR ServerNode.createServerInstance: could not create com.netscape.admin.dirserv.DSAdmin@fedora-ds-1.1.jar(a)cn=admin-serv-auth, cn=Fedora Administration Server, cn=Server Group, cn=fds.server.pglan.com, ou=pglan.com, o=NetscapeRoot Exception: java.lang.ClassCastException: com.netscape.admin.dirserv.DSAdmin ... Per discussion in #fedora-ds, I've installed Eclipse, & created an Eclipse project for fedora-idm-console. Debugging the Eclipse-built fedora-idm-console jar, exec breaks as above. The stack @ break is, fedora_idm_console_jar [Java Application] com.netscape.management.client.console.Console at localhost:50411 Thread [main] (Suspended (exception ClassNotFoundException)) Launcher$AppClassLoader(ClassLoader).loadClass(String, boolean) line: 356 Launcher$AppClassLoader.loadClass(String, boolean) line: 280 Launcher$AppClassLoader(ClassLoader).loadClass(String) line: 251 Launcher$AppClassLoader(ClassLoader).loadClassInternal(String) line: 374 /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/bin/java (Sep 14, 2008 6:19:52 PM) Where, for reference, in "ClassLoader.class", 347: } finally { if (isChildmost) { childmostCaller.remove(); if ((c != null) && name.startsWith("org.apache.") && ( name.startsWith("org.apache.crimson.") || name.startsWith("org.apache.xalan.") || name.startsWith("org.apache.xml.") || name.startsWith("org.apache.xpath.") ) ) { 356: AccessController.doPrivileged(new PrivilegedAction() { public Object run() { return System.setProperty("apple.lang.DisableCompatibilityClasspath", "true"); }}); } I'm *guessing* this is OSX-specific, but am unclear as yet. I'll further familiarize myself with Eclipse and the FDS code; in the meantime, any suggestions as to what the problem maybe, or further debug help would be great. I can provide additional needed output from Eclipse to as needed. Thanks.

15 years

1
0
0 / 0

[Fedora-directory-devel] Please review: Bug 448366 - icu 4.0 will remove the -p option from genrb

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=448366 Resolves: bug 448366 Bug Description: icu 4.0 will remove the -p option from genrb Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: My earlier fix for this was not correct. When I removed the -p switch, I also needed to remove the argument to -p. The extra argument breaks the build on some platforms. Platforms tested: RHEL5, Fedora 9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=315681&action=diff

15 years

1
0
0 / 0

[Fedora-directory-devel] Please review: Bug 461028 - Admin Server problem with mod_nss and NSS 3.12 on F9

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=461028 Resolves: bug 461028 Bug Description: Admin Server problem with mod_nss and NSS 3.12 on F9 Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Admin Server must make sure to do the NSS initialization after mod_nss has done so. NSS 3.12 (introduced in Fedora 9) requires that processes must perform NSS initialization after calling fork() in each child process. Apache provides a hook to do this. I mostly just copied the init code from mod_nss, so that the init is done the same way that mod_nss does it. Without this patch, I get strange errors when starting the Admin Server with SSL enabled, such as "Password for internal slot is incorrect". With the patch, everything works fine. Platforms tested: Fedora 9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=315652&action=diff

15 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-devel September 2008