openldap-bugs October 2012

openldap-bugs@openldap.org

29 participants
84 discussions

Re: (ITS#7389) [PATCH] MozNSS: load certificates from certdb, fallback to PEM
by jvcelak＠redhat.com 31 Oct '12

31 Oct '12

I'm sorry, there is an updated version of the patch: ftp://ftp.openldap.org/incoming/jvcelak-20121031-update-moznss-load-certs-f… The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Red Hat. Red Hat has not assigned rights and/or interest in this work to any party. I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under the following terms. Red Hat hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites
by hyc＠symas.com 30 Oct '12

30 Oct '12

Rich Megginson wrote: > On 10/03/2012 10:18 AM, Howard Chu wrote: >> Thanks for your comments, Rich. >>> Maybe we could use nss_compat_ossl to do the mapping of cipher names >>> from openssl to moznss? >> >> That makes sense to me, although if as you say it hasn't been actively >> maintained, that sounds like another problem. But certainly if other >> apps are using it, then aren't they going to want new cipher suite >> support too? >> > Yes, and imho nss_compat_ossl is the place to do this. > > But, would it be possible to update the cipher suite list in tls_m.c > first, to bring it up to date, then work on updating the compat library? I discussed this with Kurt; the Project's policy on issues like this in the past has been not to commit any backward-compatibility fixes of this sort until the real fix has already been released. I.e., we should wait until nss_compat_ossl has been updated. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7423) [PATCH] Update slapo-constraint tests
by michael＠stroeder.com 29 Oct '12

29 Oct '12

This is a cryptographically signed message in MIME format. --------------ms040205010803070807010603 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable jsynacek(a)redhat.com wrote: > On 10/27/2012 12:53 PM, Michael Str=F6der wrote: >> jsynacek(a)redhat.com wrote: >>> This patch updates the slapo-constraint testsuit. It adds additional = tests for >>> any constraints using 'uri'. Furthermore, it improves testing of the = 'restrict' >>> parameter. >> >> In my RE24 working tree: >> >> git apply --stat jsynacek-20121025-constraint-tests-update.patch >> >> Then I expected >> ./run -b hdb test064 to fail (without the patch in ITS#7418) but it re= turned >> "Test succeeded". > I'm sorry, one hunk didn't apply correctly. >=20 > New URL: > ftp://ftp.openldap.org/incoming/jsynacek-20121029-constraint-tests-upda= te.patch >=20 > All the tests should fail without the patch in ITS#7418. I can confirm that it now works as expected. Thank you. Ciao, Michael. --------------ms040205010803070807010603 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/ kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB 1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0 Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1 c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/ BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3 LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2 KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4 B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt 5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z 5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1 3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV 0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9 ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDI5MTg1NzA4WjAjBgkq hkiG9w0BCQQxFgQUz+3vB7XiNjVbIeSJjJ5+VggGD/4wbAYJKoZIhvcNAQkPMV8wXTALBglg hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBoAYJKwYBBAGCNxAEMYGSMIGP MHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQL ExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRl ciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wgaIGCyqGSIb3DQEJEAILMYGS oIGPMHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENl bnRlciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wDQYJKoZIhvcNAQEBBQAE ggEAkvHorLvWhpJwgew8K8iwnc2cMUtOtcK4ZYYZCPThJIZSkfvVFhamuAO86D96VPsdU+rA +S6eohY9eGJwYHJJ+TqqVQXC7vl2odxBCLePbAkKVRaqTrgC3Mhl400pCWSVKVQjowGoVhfr xTSb1KGR09j4HnCGZhSSyTxHXTkQzrAIfY0ug8MFzliznTvI3WL+u1liy72a3sGn6HpZVCwe OgbIsv5Qz9PdtPuLRUNDmXLMP3dRZf0zoMpTtWZjEqgNifBUY9+mDlKUPaf1JHulz9FMdBU/ Qs7uTpByT7X52C4Oe5X9KlwmcdaLBYg3Z2NytP7m6pBPGQXT/iHIuRTYfwAAAAAAAA== --------------ms040205010803070807010603--

1 0

Re: (ITS#7423) [PATCH] Update slapo-constraint tests
by Sascha.Kuehndel＠deka.de 29 Oct '12

29 Oct '12

--_000_F12A906A1F17554CB9CDFC8F4779F3C469A05BD7F1EXCCREX9dekag_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello Jan, i tested the test-cases: without patch in 7418, all test cases of test064-constraint failed. with patch in 7418, test064-constraint was successful. Bye, Sascha --_000_F12A906A1F17554CB9CDFC8F4779F3C469A05BD7F1EXCCREX9dekag_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content= =3D"text/html; charset=3Diso-8859-1"><meta name=3DGenerator content=3D"Micr= osoft Word 14 (filtered medium)"><style></style></head><body lang=3DDE link=3Dblue vlink= =3Dpurple><div class=3DWordSection1>Hello Jan,<o:p></o:p><o:p> </o:p></span= >i t= ested the test-cases:<o:p></o:p><o:p> </o:p>without patch in 74= 18, all test cases of test064-constraint failed.<o:p></o:p>with patch in= 7418, test064-constraint was successful.<o:p></o:p><o:p> </o:p></s= pan>= Bye,<o:p></o:p>Sascha<o:p></o:p></div></body></html>= --_000_F12A906A1F17554CB9CDFC8F4779F3C469A05BD7F1EXCCREX9dekag_--

1 0

Re: (ITS#7423) [PATCH] Update slapo-constraint tests
by jsynacek＠redhat.com 29 Oct '12

29 Oct '12

On 10/27/2012 12:53 PM, Michael Ströder wrote: > jsynacek(a)redhat.com wrote: >> This patch updates the slapo-constraint testsuit. It adds additional tests for >> any constraints using 'uri'. Furthermore, it improves testing of the 'restrict' >> parameter. > > In my RE24 working tree: > > git apply --stat jsynacek-20121025-constraint-tests-update.patch > > Then I expected > ./run -b hdb test064 to fail (without the patch in ITS#7418) but it returned > "Test succeeded". > > Ciao, Michael. > I'm sorry, one hunk didn't apply correctly. New URL: ftp://ftp.openldap.org/incoming/jsynacek-20121029-constraint-tests-update.p… All the tests should fail without the patch in ITS#7418. Cheers, -- Jan Synacek Software Engineer, BaseOS team Brno, Red Hat

1 0

(ITS#7425) documentation for slapo-pcache when using slapd-config
by btb＠bitrate.net 28 Oct '12

28 Oct '12

Full_Name: ben blewett Version: 2.4.31 OS: ubuntu 12.10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (216.176.19.106) documentation in the admin guide and the man pages for setup of slapo-pcache when using slapd-config [cn=config] seems to be a bit sparse. just wanted to put this on the list if it's not already.

1 0

Re: (ITS#7424) Accept patch? Add option for not folding ldapsearch LDIF output lines
by masarati＠aero.polimi.it 28 Oct '12

28 Oct '12

Upgrade? This ITS will be closed. > No such option in OpenLDAP 2.4.23 as delivered with RHEL 6. > > man ldapsearch shows the only general option documented > is nettimeout > > ?? > > On 10/28/2012 3:45 PM, Pierangelo Masarati wrote: >> Use ldapsearch -o ldif-wrap=no instead. >> >> p. >> >>> Full_Name: >>> Version: >>> OS: >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (96.228.233.77) >>> >>> >>> RFC 2849 states: >>> >>> 2) Any non-empty line, including comment lines, in an LDIF file >>> MAY be folded by inserting a line separator (SEP) and a >>> SPACE. >>> Folding MUST NOT occur before the first character of the >>> line. >>> In other words, folding a line into two lines, the first of >>> which is empty, is not permitted. Any line that begins with >>> a >>> single space MUST be treated as a continuation of the >>> previous >>> (non-empty) line. When joining folded lines, exactly one >>> space >>> character at the beginning of each continued line must be >>> discarded. Implementations SHOULD NOT fold lines in the >>> middle >>> of a multi-byte UTF-8 character. >>> >>> OpenLDAP (ldapsearch at least) has taken implemented that folding >>> behavior for LDIF output. >>> >>> This causes trouble for anyone trying to use 'ldapsearch | grep >>> <something>' >>> for one simple example. >>> >>> Would you accept a patch to allow an option which disables line >>> folding? >>> >>> >>> >>> >> >> > > > > -- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano

1 0

Re: (ITS#7424) Accept patch? Add option for not folding ldapsearch LDIF output lines
by jblaine＠kickflop.net 28 Oct '12

28 Oct '12

No such option in OpenLDAP 2.4.23 as delivered with RHEL 6. man ldapsearch shows the only general option documented is nettimeout ?? On 10/28/2012 3:45 PM, Pierangelo Masarati wrote: > Use ldapsearch -o ldif-wrap=no instead. > > p. > >> Full_Name: >> Version: >> OS: >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (96.228.233.77) >> >> >> RFC 2849 states: >> >> 2) Any non-empty line, including comment lines, in an LDIF file >> MAY be folded by inserting a line separator (SEP) and a SPACE. >> Folding MUST NOT occur before the first character of the line. >> In other words, folding a line into two lines, the first of >> which is empty, is not permitted. Any line that begins with a >> single space MUST be treated as a continuation of the previous >> (non-empty) line. When joining folded lines, exactly one space >> character at the beginning of each continued line must be >> discarded. Implementations SHOULD NOT fold lines in the middle >> of a multi-byte UTF-8 character. >> >> OpenLDAP (ldapsearch at least) has taken implemented that folding >> behavior for LDIF output. >> >> This causes trouble for anyone trying to use 'ldapsearch | grep >> <something>' >> for one simple example. >> >> Would you accept a patch to allow an option which disables line folding? >> >> >> >> > >

1 0

Re: (ITS#7424) Accept patch? Add option for not folding ldapsearch LDIF output lines
by masarati＠aero.polimi.it 28 Oct '12

28 Oct '12

Use ldapsearch -o ldif-wrap=no instead. p. > Full_Name: > Version: > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (96.228.233.77) > > > RFC 2849 states: > > 2) Any non-empty line, including comment lines, in an LDIF file > MAY be folded by inserting a line separator (SEP) and a SPACE. > Folding MUST NOT occur before the first character of the line. > In other words, folding a line into two lines, the first of > which is empty, is not permitted. Any line that begins with a > single space MUST be treated as a continuation of the previous > (non-empty) line. When joining folded lines, exactly one space > character at the beginning of each continued line must be > discarded. Implementations SHOULD NOT fold lines in the middle > of a multi-byte UTF-8 character. > > OpenLDAP (ldapsearch at least) has taken implemented that folding > behavior for LDIF output. > > This causes trouble for anyone trying to use 'ldapsearch | grep > <something>' > for one simple example. > > Would you accept a patch to allow an option which disables line folding? > > > > -- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano

1 0

(ITS#7424) Accept patch? Add option for not folding ldapsearch LDIF output lines
by jblaine＠kickflop.net 28 Oct '12

28 Oct '12

Full_Name: Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (96.228.233.77) RFC 2849 states: 2) Any non-empty line, including comment lines, in an LDIF file MAY be folded by inserting a line separator (SEP) and a SPACE. Folding MUST NOT occur before the first character of the line. In other words, folding a line into two lines, the first of which is empty, is not permitted. Any line that begins with a single space MUST be treated as a continuation of the previous (non-empty) line. When joining folded lines, exactly one space character at the beginning of each continued line must be discarded. Implementations SHOULD NOT fold lines in the middle of a multi-byte UTF-8 character. OpenLDAP (ldapsearch at least) has taken implemented that folding behavior for LDIF output. This causes trouble for anyone trying to use 'ldapsearch | grep <something>' for one simple example. Would you accept a patch to allow an option which disables line folding?

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2012