openldap-bugs August 2009

openldap-bugs@openldap.org

35 participants
225 discussions

Re: (ITS#6163) back-sql DoS when searching for empty attr
by masarati＠aero.polimi.it 03 Aug '09

03 Aug '09

The bug is in the fact that (cn=) is an invalid filter, because cn's syntax is directoryString, which does not allow the empty string. As such, the filter evaluates to undefined, and this is not properly handled by back-sql. A fix is in HEAD, please test (you only need to patch back-sql/search.c and the patch should apply to almost any OpenLDAP 2.4 version). p.

1 0

Re: (ITS#6181) slapo-unique: slaptest fails in case unique_uri is prepended the keywords "strict" or "ignore"
by masarati＠aero.polimi.it 03 Aug '09

03 Aug '09

The "strict" and the "ignore" keywords must be part of a single argument. In fact, the unique_uri statement only takes one argument, consisting of the optional "strict" and "ignore" keywords followed by a list of URIs. In order to be recognized as a single argument, the whole thing needs to be included in double quotes, like unique_uri "strict ldap:///dc=example,dc=com?uid?sub?(objectClass=account)" p.

1 0

Re: (ITS#6217) proxycache not returning cached data
by masarati＠aero.polimi.it 03 Aug '09

03 Aug '09

As far as I recall, this is a known issue, although I could not locate early postings discussing this issue. What happens is that proxy cache makes use of the first item in the filter to discriminate between responses. In your filter template, the first item is the objectClass equality, which means that any filter with that objectClass value, regardless of the uid value, is treated as a duplicate of the first one. If you reverse the order of the equality filters you'll get the expected behavior. There should be another open ITS for this issue, but I can't locate it right now. p.

1 0

Re: (ITS#6231) The same problem: sasl realms don't work with digest-md5
by masarati＠aero.polimi.it 03 Aug '09

03 Aug '09

Software usage questions should be directed to the appropriate mailing lists, unless there is clear evidence of a software/documentation bug. This ITS will be closed. p.

1 0

Re: (ITS#6152) proxycache enhancements
by hyc＠symas.com 01 Aug '09

01 Aug '09

masarati(a)aero.polimi.it wrote: > Just in case, before it becomes totally incompatible with HEAD code, I > have a patch I never committed, it's about making pcache admin-friendly if > it makes any sense. > > It adds: > > - a (persistent) counter that reports, for each query, how many times it > evaluated to answerable > > - "proxycache-" prefixed statements are passed to the private database. > This allows to avoid ambiguities when applying general database directives > in slapd.conf. In fact, it is not clear whether they apply to the proxy > database or to the cache database. > > If they make sense, I'd like to commit them before slapo-pcache > enhancement begins. Go ahead! -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2009