September 2011 - openldap-bugs

(ITS#7036) ldapsearch should attempt DNS-based fallback if possible

by seanius＠seanius.net

Full_Name: Sean Finney Version: 2.4.21-0ubuntu5.5 OS: Ubuntu Lucid URL: Submission from: (NULL) (213.115.10.98) We have an ldap.conf with URI ldap://corp.net where corp.net resolves to a list of about 20 round-robin balanced A records, all of which are windows-based domain controllers for the site. Recently, a hiccup in change control ended up with 3 of these servers being offline but remaining in DNS. Therefore, with about 3/20 probability ldapsearch and friends will just sit and hang waiting for packets to return from the void until the TCP/IP RTT timeout is reached. It would be nice if ldapsearch could, either by default or as an option, have some way of iteratively trying all of the returned DNS records in the face of such failure (which could also be from some form of network hiccup, or a crashed server). Bonus points if it could somehow be pre-emptive (i.e. not waiting for the entire TCP/IP RTT timeout before trying another server). Of course another alternative would be for us to duplicate the information from DNS into multiple servers listed in URI, but that seems... duplicative. But in any event I did a quick search of the issue system and didn't see a documented position on the matter so I figured I could at least post this and see what you think :)

12 years

1
0
0 / 0

Re: (ITS#7025) "the backglue code doesn't install a handler for the Abandon operation"

by hans.moser＠ofd-z.niedersachsen.de

Hi, hans.moser(a)ofd-z.niedersachsen.de schrieb am 26.08.2011 16:49 Uhr: > hyc(a)symas.com schrieb am 24.08.2011 23:54 Uhr: > >> A patch for backglue.c is in git master, please test. Thanks. > Does not help. :( Any new patch to test? Marc

12 years

1
0
0 / 0

(ITS#7035) libldap wait4msg loops forever

by hyc＠OpenLDAP.org

Full_Name: Howard Chu Version: git master OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.94.188.8) Submitted by: hyc In test060 slapd-mtread will frequently get into an endless loop if slapd dies during the multi-threaded reader+writer test. poll() returns a POLL_HANGUP event but libldap only handles POLL_WRITE and POLL_READ; since nothing handles the hangup event poll keeps returning the event. Patch coming shortly.

12 years

1
0
0 / 0

Re: (ITS#7034) Patch - Mozilla NSS - SSL_ForceHandshake not thread safe with PEM module

by rmeggins＠redhat.com

Found another thread-safety problem with SSL_ConfigServerSessionIDCache() updated patch: ftp://ftp.openldap.org/incoming/0001-use-mutex-for-connection-handshake-w...

12 years

1
0
0 / 0

(ITS#7034) Patch - Mozilla NSS - SSL_ForceHandshake not thread safe with PEM module

by rmeggins＠redhat.com

Full_Name: Rich Megginson Version: current tip of master branch OS: RHEL6 URL: ftp://ftp.openldap.org/incoming/0001-use-mutex-for-connection-handshake-w... Submission from: (NULL) (76.26.104.137) The establishment of the TLS/SSL connection (accept or connect) using SSL_ForceHandshake() is not thread safe when using the PEM module. This patch adds a mutex to protect the call. These patch files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Red Hat. Red Hat has not assigned rights and/or interest in this work to any party. I, Rich Megginson am authorized by Red Hat, my employer, to release this work under the following terms. Red Hat hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

12 years

1
0
0 / 0

Re: (ITS#7033) suffix invalid dn :21

by Pierangelo Masarati

The OpenLDAP-ITS address is for reporting bugs in OpenLDAP software. Nothing in your report is indicative of a bug in OpenLDAP. If you have questions about use of OpenLDAP Software which are not answered in the documentation, FAQ, and archives, use the OpenLDAP-technical list (subscription required; instructions here <http://www.openldap.org/lists/mm/listinfo/openldap-technical>). This issue report will be closed. p.

12 years

1
0
0 / 0

(ITS#7033) suffix invalid dn :21

by mvraobadri＠gmail.com

Full_Name: veerabhadrarao Version: 2.4.24 OS: solaris10 (9/10) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (223.177.104.45) Dear sir, i m configure the open ldap server in my solaris10(9/10). but i run the slapd -T test command one error message is coming i.e suffix invalid dn:21.please help how to rectify this error. Regrads veerabhadrao

12 years

1
0
0 / 0

Re: (ITS#7032) LDAP Server not answering a request

by quanah＠zimbra.com

--On Wednesday, August 31, 2011 5:24 PM +0000 pantelis.petridis(a)yahoo.com wrote: > Do you have some information about what happened? Is there any > explanation why the LDAP Server does not answer an LDAP request? Is there > a workaround? Please confirm whether or not the issue exists in the current OpenLDAP release (2.4.26). Thanks! --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

12 years

1
0
0 / 0

RE: (ITS#6995) Request for Contribution of Identity Access Management Software to OpenLDAP Project

by shawn.mckinney＠jtstools.com

Hello, Two packages have been uploaded to the incoming folder on openldap's public ftp site. The package names are: fortressCore.zip and fortressRealm.zip of sizes 1.1 MB and 74.8 KB respectively. The two packages contain the source code that form the basis for the Fortress Java SDK (fortessCore) and Java EE container security plug-in component (fortressRealm). Thanks, Shawn

12 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2011