Bug 202343

Comment 1 Xin LI 2015-08-15 20:13:53 UTC

-h expects an URI so it has to be encoded.  See http://www.openldap.org/doc/admin24/runningslapd.html#Command-Line Options for more details.

(In reply to Xin LI from comment #1)

Thank you for reading.
Not yet issue resolved.

When use the -h with encoded URI is not working, but -h with no-encoded URI is working.


In case FreeBSD 10.1 and openldap-server-2.4.41.

Use the -h with encoded URI, we can see the WARNING.

    # sysrc slapd_flags
    slapd_flags: -h 'ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/'
    # service slapd restart
    Stopping slapd.
    Waiting for PIDS: 1604.
    Starting slapd.
    /usr/local/etc/rc.d/slapd: WARNING: slapd: Can't find socket /var/run/openldap/ldapi

This WARNING would be output because the UNIX socket was not opened at run slapd script.

Even using the URI encoded in the running options,
  (-h 'ldapi://%252fvar%252frun%252fopenldap%252fldapi/)
correct socket name that is seen in netstat should have decoded URI.
  (%252fvar%252frun%252fopenldap%252fldapi/ -> /var/run/openldap/ldapi)


When use the -h with encoded URI is not created UNIX socket, but -h with no-encoded URI is created UNIX socket.

This was intended ?

Comment 3 Xin LI 2015-08-15 23:10:10 UTC

(In reply to ruy from comment #2)
Here is what I tried:

root@anubis:/usr/ports/net/openldap24-server # cat >> /etc/rc.conf.local 
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
root@anubis:/usr/ports/net/openldap24-server # sysrc slapd_flags
slapd_flags: -h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"
root@anubis:/usr/ports/net/openldap24-server # service slapd restart
Stopping slapd.
Waiting for PIDS: 77613.
Starting slapd.
root@anubis:/usr/ports/net/openldap24-server # sockstat -l | grep slap
ldap     slapd      77704 6  stream /var/run/openldap/ldapi
ldap     slapd      77704 7  tcp4   *:389                 *:*

The host system is FreeBSD 10.1-RELEASE-p16.

I then looked more closely to your report and found an extra %25 there, which would make slapd to create a socket in /.

Where did you get that part?  I tried this, and the output does look legitimate:

% pkg info -D openldap-server
openldap-server-2.4.41:
************************************************************

The OpenLDAP server package has been successfully installed.

In order to run the LDAP server, you need to edit
  /usr/local/etc/openldap/slapd.conf
to suit your needs and add the following lines to /etc/rc.conf:
  slapd_enable="YES"
  slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
  slapd_sockets="/var/run/openldap/ldapi"

Then start the server with
  /usr/local/etc/rc.d/slapd start
or reboot.

Try `man slapd' and the online manual at
  http://www.OpenLDAP.org/doc/
for more information.
  
slapd runs under a non-privileged user id (by default `ldap'),
see /usr/local/etc/rc.d/slapd for more information.

************************************************************

Comment 4 Xin LI 2015-08-15 23:11:13 UTC

By the way, modern OpenLDAP now supports using ldapi:/// ldap:/// to accomplish the same unless you only want IPv4 listening and IPv6 is available.

(In reply to Xin LI from comment #3)

Thank you for testing.

I installed from pkg, not ports.
(e.g. # pkg install openldap-server)

As output below.

# uname -r
10.1-RELEASE-p16
# pkg info -D openldap-server
openldap-server-2.4.41:
************************************************************

The OpenLDAP server package has been successfully installed.

In order to run the LDAP server, you need to edit
  /usr/local/etc/openldap/slapd.conf
to suit your needs and add the following lines to /etc/rc.conf:
  slapd_enable="YES"
  slapd_flags='-h "ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/"'
  slapd_sockets="/var/run/openldap/ldapi"

Then start the server with
  /usr/local/etc/rc.d/slapd start
or reboot.

Try `man slapd' and the online manual at
  http://www.OpenLDAP.org/doc/
for more information.

slapd runs under a non-privileged user id (by default `ldap'),
see /usr/local/etc/rc.d/slapd for more information.

************************************************************


Ok. As pointed out, "%25" is extra.
Based on your reply, it was confirmed that used encoded URI operates correctly.

The incorrect argument is included in the message, it was understanding and pkg of problem.

"%" is URI encoded to %25.
If openldap-server package is created automation, might be occur dual escape in the messages.

Comment 7 Xin LI 2015-08-16 04:07:16 UTC

(In reply to ruy from comment #5)
Ah Okay, now I see where this comes.

Will investigate why, thanks for reporting.

Comment 8 Xin LI 2015-08-16 04:08:21 UTC

(In reply to ruy from comment #6)
It's possible, but I use poudriere for quite some time and didn't see it before.  I've started my local builder and will check if I can reproduce it with bulk build.

Comment 9 Xin LI 2015-08-16 06:26:40 UTC

I think this is a bug with pkgng and have a proposed patch at:

https://github.com/freebsd/pkg/pull/1306

Over to maintainer.

(In reply to Xin LI from comment #9)
I should have been reported since the investigation in detail.
Thank you for taking the time.

Comment 11 Baptiste Daroussin 2015-08-16 09:03:30 UTC

I have merged the code in the master branch.

I will merge it and test it in the release 1.5 branch and issue a new release asap.

Thank you!

Comment 12 Mark Linimon 2015-09-05 01:51:47 UTC

bapt has looked at this himself, so reassign away from group alias.

Comment 13 Baptiste Daroussin 2016-02-29 12:35:26 UTC

Fixed long ago and forgot to close