openldap-bugs November 2013

openldap-bugs@openldap.org

18 participants
55 discussions

Re: (ITS#7750) bdb/hdb modify olcDbConfig is broken
by hyc＠symas.com 18 Nov '13

18 Nov '13

hyc(a)OpenLDAP.org wrote: > Full_Name: Howard Chu > Version: 2.4.38 > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (78.192.187.24) > Submitted by: hyc > > > Modifying olcDbConfig deletes the old DB_CONFIG file but doesn't write any new > values out because the new values got freed before we reopen the backend. A fix > is coming shortly. This appears to be a regression due to ITS#7338 which was released in 2.4.32. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7750) bdb/hdb modify olcDbConfig is broken
by hyc＠OpenLDAP.org 18 Nov '13

18 Nov '13

Full_Name: Howard Chu Version: 2.4.38 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.192.187.24) Submitted by: hyc Modifying olcDbConfig deletes the old DB_CONFIG file but doesn't write any new values out because the new values got freed before we reopen the backend. A fix is coming shortly.

1 0

Re: (ITS#7739) Include of include badly handled while converting from slapd.conf to slapd.d
by jsynacek＠redhat.com 18 Nov '13

18 Nov '13

On 11/05/2013 04:36 PM, hyc(a)symas.com wrote: > Raphaël Ouazana-Sustowski wrote: >> Hi, >> >> Le 04/11/2013 17:06, Howard Chu a écrit : >>> raphael.ouazana(a)linagora.com wrote: >>>> Full_Name: Raphael Ouazana >>>> Version: 2.4.37 >>>> OS: Linux >>>> URL: ftp://ftp.openldap.org/incoming/ >>>> Submission from: (NULL) (88.173.78.196) >>>> >>>> >>>> Hi, >>>> >>>> If I have for example a main slapd.conf with: >>>> include <path>schema.conf >>>> >>>> And a simple schema.conf: >>>> include <path>core.schema >>>> include <path>cosine.schema >>>> include <path>inetorgperson.schema >>>> >>>> When I try to convert slapd.conf to slapd.d with slaptest, the >>>> resulting >>>> configuration is incorrect: the schema file are not included. >>>> >>> >>> Try again, using a different name than "schema.conf" >> >> It doesn't work neither. >> >> Steps to reproduce: >> >> 1. basic slapd.conf, but: >> a. replace include <schemapath>core.schema by include >> <configpath>morethings.conf >> b. add index sn eq at the end >> >> 2. create <configpath>morethings.conf including only >> <schemapath>core.schema > > Fixed now in master. > Thanks, http://www.openldap.org/its/index.cgi?findid=7626. -- Jan Synacek Software Engineer, Red Hat

1 0

Re: (ITS#7746) adding weird cert crashes slapd
by michael＠stroeder.com 15 Nov '13

15 Nov '13

This is a cryptographically signed message in MIME format. --------------ms040200020805010901060104 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Yupp. Works ok now. Ciao, Michael. --------------ms040200020805010901060104 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFfzCC BXswggNjoAMCAQICAwxOfTANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMjEw MDIyMDE3MDlaFw0xNDEwMDIyMDE3MDlaMD8xGDAWBgNVBAMUD01pY2hhZWwgU3Ry9mRlcjEj MCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDo2SKth5GhtaDrCyfGtyUG+/hAAa/J52L0NFN4SSRvTtdGf9HfWwwd NCtgae0TVGWk2lKDbXA9d5vmyIiRhuwxd90H6FLErhRBeB9G67qtw87E8WUoXt2DwPQEUTWV hqHpPadlmgFw3+i3TGQQTe3O3W9MMMd4GJNhObem2VGRuCD37OXnzBksTcq0FPJgcWAhe3d/ 0ItOkNWBqgq8Mf3p7WFBhaQ0a27BC/mKtH8fI3kPcS305imPRja69Msq3EwUZBc9ToVp6FRQ NYKjfOBybDUzVkmRZl3H8xutQP2w8Zxb8m5f7Q1BfLLrIFScfYvIDgOERxTCd4lab8+/09XH AgMBAAGjggFEMIIBQDAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91 ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0Fj ZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMCA6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMC BgorBgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIG CCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ry b2VkZXIuY29tMA0GCSqGSIb3DQEBBQUAA4ICAQC9ouXq3p/bDWMM4tBKgD3tl4HY5H0eECl8 q9/nqk0UL6YeWkrCiQdrDtNPW7DcGqNYtzdgtzmyTr1GhiAX+igrOjdk/ge5NRcQOpONK/4b zrmpQEcIUyxSSDKLWh211/kcFfxxLEiJ5teF4GL8Fc1qbrLP4+DCvJXWfYaaR5NLjZMqm2VP yKTv3qpXWnGohiRkGTwS/11QM2XCfIGdRsQT9a8mO4m2fn2tGPp2TEIoCLrDDrbGVeDWaOWB OIeTrp4wa3Q4OI6yCptJhEqKvjhV96IBRYgM76nTBqsqnDzwxExAyhhWiUS5DunRHOr/+NyF pUpD4883RBLO0g9kUEGOhtZNF1u+8zEL0YgMGvifAom9JEklLOXZuqj0MThypKs/3d/OyOQb 4gURnu6oZwcKZ7LskytWnlRKUxF6o0A8grtmyKkqe14TS7cQbg0NTaIYXPkHR+dfFmb3uEqn BBjvpJXFcEtWI2lQXC/ET+au991pK797ExBOmpQwjIn3SjiW80vw/UoL6DMvqY/6JhVhyNTP MJ2W5AX5kc27DIbVtVGZs8J4AYhuNALJUq9N9Ka7rPRj3RcYDrfehDLOkM5iMnarpmtuOpLK d1SvZhqj/0N/JWGIDpPSTkTFOPP6ZN9I9Rqyf+9NGqb2sjo4DkIiZcHxt735/GJLwus5KLBl 2DGCA6EwggOdAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93 d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8G CSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMMTn0wCQYFKw4DAhoFAKCCAfUwGAYJ KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMxMTE1MTcyNDU2WjAj BgkqhkiG9w0BCQQxFgQU3N8utepUae8wnwRY20s3A3uanpswbAYJKoZIhvcNAQkPMV8wXTAL BglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBkQYJKwYBBAGCNxAEMYGD MIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9y ZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS c3VwcG9ydEBjYWNlcnQub3JnAgMMTn0wgZMGCyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNV BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnAgMMTn0wDQYJKoZIhvcNAQEBBQAEggEAB+9B4BRKGs+yyS2AHwWe3EiF7snpezo/ RPyEcsrJVPaVdQhwOcyESLgGxW+iMzsos8O/0gq8GHgK+tcMxVMsGMbGl3NlOGDCqBDp1/xH lQtl8eQKR/7KLlCdzaYUj46y073KilymDnjZa1GEBsXjmIsjepz3KjnstcKkxLDJcPReHFHE TpOtWqndwMCp6CZEswvd/BsKHXUlclbY84c0Iina3Ny/oXox39e/FpGymaE1EELe/Irzt0Vh OBh3gGCrCeFWTnx4Xf7xFO9tNtzZlbRb8zSXeAgqwbMt8L0m6CObNsan/O6ZkO0PYbjZ5j2x jYO2B+wCWPLgEqqfxdw/4QAAAAAAAA== --------------ms040200020805010901060104--

1 0

(ITS#7749) assert in back-mdb/syncprov
by hyc＠OpenLDAP.org 14 Nov '13

14 Nov '13

Full_Name: Howard Chu Version: 2.4.37+ OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.155.233.73) Submitted by: hyc Seeing an assert in mdb_opinfo_get() coming thru syncprov_findbase(). It does not happen every time. A fix is coming shortly.

1 0

(ITS#7748) rare failure of test058
by michael＠stroeder.com 14 Nov '13

14 Nov '13

Full_Name: Version: git master 5328340d35562a082d22a64716583bb2052a5cf9 OS: URL: Submission from: (NULL) (212.227.35.93) Checking contextCSN after site2 servers repopulated... Found 1 errors Failed after 76 of 100 iterations tests/ will follow...

1 0

Re: (ITS#7746) adding weird cert crashes slapd
by michael＠stroeder.com 14 Nov '13

14 Nov '13

On Thu, 14 Nov 2013 16:51:09 GMT hyc(a)symas.com wrote > michael(a)stroeder.com wrote: > > Yes, this cert is weird. And I also consider empty subject-DN as invalid. > > But you never know what people want to add. > > That's essentially declaring "I am anonymous" - who the heck uses a cert to > do that? And who would trust a self-signed cert for an anonymous CA? As said: *I* do not consider this to be a valid cert in any case. I'm just playing around with weird test certs I find here and there to check robustness (mainly of my own software). If e.g. 'userCertificate' is a self-service attribute (ACL with by self write) then slapd must not crash no matter what stupid input the user provides. So, thanks for fixing it. There are so many stupid PKI things out there: E.g. a "official" CA issued a CRL without nextUpdate probably because they stopped issuing CRLs but did not want to disturb existing services (sigh!). Ciao, Michael.

1 0

Re: (ITS#7746) adding weird cert crashes slapd
by hyc＠symas.com 14 Nov '13

14 Nov '13

michael(a)stroeder.com wrote: > Yes, this cert is weird. And I also consider empty subject-DN as invalid. > But you never know what people want to add. That's essentially declaring "I am anonymous" - who the heck uses a cert to do that? And who would trust a self-signed cert for an anonymous CA? > > Thanks for fixing the crash. > > Will test git master this evening. > > Ciao, Michael. > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7746) adding weird cert crashes slapd
by michael＠stroeder.com 14 Nov '13

14 Nov '13

Yes, this cert is weird. And I also consider empty subject-DN as invalid. But you never know what people want to add. Thanks for fixing the crash. Will test git master this evening. Ciao, Michael.

1 0

Re: (ITS#7746) adding weird cert crashes slapd
by hyc＠symas.com 14 Nov '13

14 Nov '13

michael(a)stroeder.com wrote: > Full_Name: > Version: 2.4.37 > OS: Debian Squeeze > URL: > Submission from: (NULL) (212.227.35.93) > > > Adding the following weird test cert to attribute 'userCertificate' of an > existing entry crashed slapd. I will provide more details later if needed. > > -----BEGIN CERTIFICATE----- > MIIBfjCCASSgAwIBAgIBATAKBggqhkjOPQQDAjAAMB4XDTEzMTExNDA4NTgzNloX > DTEzMTIxNDA4NTgzNlowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCaMbYk9 > kWfPT3gEKoIlQD6FPT+ea3PeB91l4c6reksafBuzWqG6tjZ9JhGf/AZNQEPhuaBg > KvppUO+AVpZXls6jgY4wgYswCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcD > AQYIKwYBBQUHAwIwHQYDVR0OBBYEFFh0Ssh8tqESHytVtEPHU1IoTSmbMCgGA1Ud > IwQhMB+AFFh0Ssh8tqESHytVtEPHU1IoTSmboQSkAjAAggEBMBYGA1UdEQQPMA2C > C2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCICZVDrN0xlLkOv8odyXQASYy > Vy68ynjW3vZQndia3gQSAiEAvOn2JZEJmlfwPr3EglREs8CnXeqYfREqYfIfVufC > 0zM= > -----END CERTIFICATE----- > > This cert has a 0-length issuerDN. Didn't think that was allowed, but anyway, fixed now in master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2013