openldap-bugs June 2008

openldap-bugs@openldap.org

46 participants
176 discussions

(ITS#5564) Use largest contextCSN to determine staleness?
by rein＠OpenLDAP.org 16 Jun '08

16 Jun '08

Full_Name: Rein Tollevik Version: CVS head OS: linux and solaris URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.93.160.250) Submitted by: rein Scenario: A syncrepl consumer replicates a backend DB where it has at least one entry that is up to date when it starts, but there are newer entries on the producer. The oldest contextCSN presented by the consumer is older than all entryCSN values in the replicated backend on the producer.. When syncprov_findcsn() is called with … [View More]

1 0

Re: (ITS#5555) authzTo ACL check for wrong principal
by andrew.findlay＠skills-1st.co.uk 16 Jun '08

16 Jun '08

On Mon, Jun 16, 2008 at 02:45:43PM +0200, Hallvard B Furuseth wrote: > If non-anonymous access is needed, the slapd.access(5) manpage needs an > update too. (Or instead, to avoid duplicating text.) Currently it just > says: > > Auth (=x) privileges are also required on the authzTo attribute > of the authorizing identity and/or on the authzFrom attribute of > the authorized identity. > > but it doesn't mention to who needs that auth access. It is the … [View More]

1 0

Re: (ITS#5561) SEGV using TLS/SASL
by h.b.furuseth＠usit.uio.no 16 Jun '08

16 Jun '08

Please post your ldap.conf and slapd.conf, minus any passwords. > The pastebin URL contains the post SSL negotiation debug > lines from "slapd -d -1". No need to pastebin data as short as that. -- Hallvard

1 0

Re: (ITS#5555) authzTo ACL check for wrong principal
by h.b.furuseth＠usit.uio.no 16 Jun '08

16 Jun '08

andrew.findlay(a)skills-1st.co.uk writes: > You are right: if I just grant 'auth' access to 'authzTo' the proxy > authorisation succeeds. The philisophy makes sense so I will try to > come up with a suitable patch to the Admin Guide describing how to use > it. At the moment the only note about this is in the ACL Examples > (7.2.5 at present) which says that authentication/authorization > is always done anonymously - obviously not entirely true. If non-anonymous access is … [View More]

1 0

(ITS#5563) Seg. fault if URL used in ServerID without any listener
by rein＠OpenLDAP.org 16 Jun '08

16 Jun '08

Full_Name: Rein Tollevik Version: CVS head OS: linux and solaris URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.93.160.250) Submitted by: rein Slapd will seg. fault if the URL form of ServerID is used without any active listeners. I stumbled upon this by adding "-d ?" to my regular command line. I.e not exactly a critical bug.. I'll commit a trivial fix shortly. Rein Tollevik Basefarm AS

1 0

Re: (ITS#5555) authzTo ACL check for wrong principal
by andrew.findlay＠skills-1st.co.uk 16 Jun '08

16 Jun '08

On Sat, Jun 14, 2008 at 03:59:37PM +0200, Pierangelo Masarati wrote: > AFAIK, access to that attribute is checked using AUTH rather than read. > The idea is that ACLs should allow to fine-grain control who is > allowed to exploit the authorization feature while giving up as little > as possible (e.g. AUTH instead of READ). You are right: if I just grant 'auth' access to 'authzTo' the proxy authorisation succeeds. The philisophy makes sense so I will try to come up with a … [View More]

1 0

Re: (ITS#5554) slapd.conf man page missing TLSCipherSuite
by ghenry＠suretecsystems.com 16 Jun '08

16 Jun '08

hyc(a)symas.com wrote: > ghenry(a)OpenLDAP.org wrote: >> Full_Name: Gavin Henry >> Version: HEAD >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (212.159.59.85) >> >> >> http://www.openldap.org/software/man.cgi?query=slapd.conf&sektion=5&apropos… >> missing TLSCipherSuite >> >> >> > No. The Admin Guide is missing the note about GnuTLS under the TLSCipherSuite > description. The … [View More]

1 0

Re: (ITS#5562) SEGV using TLS/SASL
by lea.anthony＠meirion-dwyfor.ac.uk 16 Jun '08

16 Jun '08

Duplicate. Please close. ----- Original Message ----- From: openldap-its(a)OpenLDAP.org To: "lea anthony" <lea.anthony(a)meirion-dwyfor.ac.uk> Sent: Monday, June 16, 2008 10:00:49 AM (GMT) Europe/London Subject: Re: (ITS#5562) SEGV using TLS/SASL *** THIS IS AN AUTOMATICALLY GENERATED REPLY *** Thanks for your report to the OpenLDAP Issue Tracking System. Your report has been assigned the tracking number ITS#5562. One of our support engineers will look at your report in due course. … [View More]

1 0

(ITS#5562) SEGV using TLS/SASL
by lea.anthony＠meirion-dwyfor.ac.uk 16 Jun '08

16 Jun '08

Full_Name: Lea Anthony Version: 2.3.40 OS: Arch Linux URL: http://pastebin.com/f6b680f22 Submission from: (NULL) (194.82.229.100) I have TLS setup as follows: TLSCertificateFile /etc/openldap/certs/cert.pem TLSCertificateKeyFile /etc/openldap/certs/key.pem TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3 The server starts fine and doing "ldapsearch -x -ZZ" will do an anonymous bind fine. However, doing "ldapsearch -ZZ" will cause a segfault on the server. The pastebin URL contains the post … [View More]

1 0

(ITS#5561) SEGV using TLS/SASL
by lea.anthony＠meirion-dwyfor.ac.uk 16 Jun '08

16 Jun '08

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
18
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2008