openldap-bugs October 2009

openldap-bugs@openldap.org

34 participants
223 discussions

Re: ITS#3526 chaining enhancements
by masarati＠aero.polimi.it 30 Oct '09

30 Oct '09

hyc(a)symas.com wrote: > Looks to me like the mentioned features have been implemented and this ITS > should be closed. OK? Not sure, need to check. p.

1 0

ITS#3526 chaining enhancements
by hyc＠symas.com 29 Oct '09

29 Oct '09

Looks to me like the mentioned features have been implemented and this ITS should be closed. OK? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6346) syncrepl problems with 2.4.19
by hyc＠symas.com 29 Oct '09

29 Oct '09

openldap(a)science-computing.de wrote: > Full_Name: Christoph Herrmann > Version: 2.4.19 > OS: SLES11 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (193.17.244.2) > > > > we did some stress tests to an openldap-2.4.19 test infrastructure. > we are running the tests in a single master environment with 5 slave servers, > all with openldap-2.4.19. All machines are running ntpd and are in sync: Thanks for this report, very helpful. A proposed fix for this is now in CVS HEAD overlays/syncprov.c. Please test and let us know your results, thanks. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#6340) What should I do it well?
by quanah＠zimbra.com 28 Oct '09

28 Oct '09

Hello, kbind is obsolete, and has been for quite some time. You should be using SASL/GSSAPI instead. In any case, this question is not a bug report, so it does not belong in the ITS system. I would suggest you use the openldap-technical list if you have further questions about developing applications with the OpenLDAP libraries. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links
by quanah＠zimbra.com 28 Oct '09

28 Oct '09

--On Tuesday, October 27, 2009 8:30 AM +0000 steffen.gruner(a)basf.com wrote: > Full_Name: Steffen Gruner > Version: 2.3.43 The 2.3 release series is no longer supported. I suggest upgrading to the latest stable release (2.4.19) and trying there. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6352) Not all certificates are read if the TLS_CACERTDIR contains broken links
by hyc＠symas.com 28 Oct '09

28 Oct '09

steffen.gruner(a)basf.com wrote: > Full_Name: Steffen Gruner > Version: 2.3.43 > OS: Gentoo Linux > URL: > Submission from: (NULL) (84.171.177.13) > > > If in the TLS_CACERTDIR (/etc/ssl/certs/ on by box) contains broken symbolic > links the ldapsearch command stops on the first broken link and doesn't use all > the other certificates. This functionality is provided by the OpenSSL library; you should file this bug report with them. In the meantime, now you know yet another reason why we recommend using TLS_CACERT instead of TLS_CACERTDIR. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#6354) Regex-based authzTo example in docs, section 15.3.3.1, is incorrect.
by tim＠stoo.org 28 Oct '09

28 Oct '09

Full_Name: Tim Stewart Version: 2.4.x OS: N/A URL: Submission from: (NULL) (65.200.62.8) The OpenLDAP documentation at: http://www.openldap.org/doc/admin24/sasl.html#SASL%20Authentication describes an example of using a regular expression to describe a set of distinguished names as opposed to using an ldap:// URL. The example is authzTo: dn.regex=^uid=[^,]*,dc=example,dc=com$ which will produce a syntax error. Instead, the example should read like authzTo: dn.regex:^uid=[^,]*,dc=example,dc=com$ (the first `=' is replaced with `:') which is accepted by the server.

1 0

(ITS#6353) berval->string conversions ignore \0
by h.b.furuseth＠usit.uio.no 28 Oct '09

28 Oct '09

Full_Name: Hallvard B Furuseth Version: HEAD, RE24 OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard Conversion from a binary blob (struct berval*, BerElement read) to a char* string typically just grabs bv.bv_val even when the value may contain embedded '\0's. In these cases, correct operation may require that the conversion fails if bv_len != (bv_val ? strlen(bv_val) : 0). Or if bv_val is not \0-terminated, to check if memchr(bv_val, '\0', bv_len) == NULL. Examples: liblber/decode.c: ber_get_stringa, ber_get_stringb, ber_get_bitstringa, ber_scanf "aAv" Similarly, a lot of code requires a berval to be \0-terminated, but some also - sometimes unwarranted - also that the first \0 it encounters when walking the value is the terminating \0. For example, libldap/getdn.c has some exported functions that look for \0 without checking bv_len, some which checks bv_len but not a terminating \0, and some which does both. I really don't know which of these functions can expect there is no embedded \0. I think we need to introduce 'typedef struct berval BerString', used to document that bv_len == (bv_val ? strlen(bv_val) : 0) for the particular berval in question (e.g. in a function prototype). And maybe a typedef BerData for the opposite.

1 0

Re: (ITS#6334) hang during ldapmodify
by quanah＠zimbra.com 27 Oct '09

27 Oct '09

--On Tuesday, October 27, 2009 2:57 PM +0000 mkd(a)cs.brown.edu wrote: > One last question... what upstream stable release will include this fix? 2.4.20 will. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6334) hang during ldapmodify
by mkd＠cs.brown.edu 27 Oct '09

27 Oct '09

One last question... what upstream stable release will include this fix? Thanks! Mark Howard Chu wrote: > You're welcome, thanks for your help digging into the problem. >

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2009