December 2013 - openldap-bugs

(ITS#7767) Connection not reset when olcDbUri value changed in cn=config (ldap backend)

by coudot＠linagora.com

Full_Name: Clément OUDOT Version: 2.4.38 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.173.78.196) I configure the LDAP backend under a chain overlay to manage ppolicy-forward-updates configuration, the configuration is: dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectClass: top objectClass: olcConfig objectClass: olcChainConfig objectClass: olcOverlayConfig olcOverlay: {0}chain dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: {0}ldap olcDbIDAssertBind: bindmethod="simple" binddn="cn=admin,dc=example,dc=com" crede ntials="secret" mode="none" olcDbUri: ldap://localhost:389 When changing the value of olcDbUri trough an LDAP client, the connection to the server is not reset, so the configuration is not taken dynamically. All is ok if I restart OpenLDAP.

9 years, 5 months

1
0
0 / 0

(ITS#7766) Account unlocked in slave after two modifications on a master (overlay ppolicy)

by coudot＠linagora.com

Full_Name: Clément OUDOT Version: 2.4.38 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.173.78.196) I have a simple setup with a master (overlay syncprov + overlay ppolicy) and a slave (syncrepl client, overlay ppolicy). 1. I lock my account in the slave 2. I change the description attribute of my account a first time in the master 3. My account is still locked in the slave 4. I change the description attribute of my account a second time in the master 5. My account is no more locked in the slave: the password policy operational attributes pwdFailureTime and pwdAccountUnlockTime were erased by the one of the master Seems like a control is done the first time that syncrepl update the entry (the first time, pwdAccountLockTime and pwdFailureTime are not erased), but the second time the control is not done.

9 years, 5 months

1
0
0 / 0

(ITS#7765) Crash when adding syncrepl configuration in cn=config without search base

by coudot＠linagora.com

Full_Name: Clément OUDOT Version: 2.4.38 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.173.78.196) When adding an olcSyncrepl attribute in my cn=config, OpenLDAP crashed. The syslog output is: Dec 16 11:56:42 ader slapd[8707]: conn=1096 op=0 BIND dn="cn=config" method=128 Dec 16 11:56:42 ader slapd[8707]: conn=1096 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Dec 16 11:56:42 ader slapd[8707]: conn=1096 op=0 RESULT tag=97 err=0 text= Dec 16 11:56:42 ader slapd[8707]: conn=1096 op=1 MOD dn="olcDatabase={2}mdb,cn=config" Dec 16 11:56:42 ader slapd[8707]: conn=1096 op=1 MOD attr=olcaccess olcdbindex olcsyncrepl Dec 16 11:56:42 ader slapd[8707]: olcSyncrepl: value #0: Error: Malformed "syncrepl" line in slapd config file, missing searchbase. Dec 16 11:56:42 ader slapd[8707]: failed to add syncinfo Dec 16 11:56:42 ader slapd[8707]: ch_calloc of 1 elems of 0 bytes failed I have no gdb trace to give for now, if you think it is required, I will try to find time to do it. But it should be easy to reproduce the issue on your side.

9 years, 5 months

1
0
0 / 0

Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown

by hyc＠symas.com

nhosoi(a)gmail.com wrote: > Full_Name: Noriko Hosoi > Version: 2.4.35-4 > OS: Fedora 18 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.132.181.86) > > > We use the OpenLdap library in our software. LDAP clients could send too large > ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. We'd like to > learn how large the ber size we should prepare from the error. When we look > into the BerElement ber using gdb, ber->ber_len stores the value. But the value > is not returned to the caller when the API fails, e.g., by the overflow. Could > it be possible to have a way to retrieve the ber size under any condition? That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. Nor do we have any particular size limits on a BerElement, other than fitting into a long. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

9 years, 5 months

1
0
0 / 0

Re: (ITS#7763) undefined references during LTO enabled build

by nheghathivhistha＠gmail.com

Hello, Thank you. Markus Trippelsdorf told me in my bug report (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59505) what is the problem cause and how to solve it - it is not existing support for slim-LTO-model in binutils. AS=gcc-as AR=gcc-ar NM=gcc-nm RANLIB=gcc-ranlib did it for me for Openldap package in Gentoo too . Best regards, David. 2013/12/13 Howard Chu <hyc(a)symas.com>: > nheghathivhistha(a)gmail.com wrote: >> >> Full_Name: David Kredba >> Version: 2.4.38 >> OS: Linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (88.101.228.82) >> >> >> I am trying to rebuild my system with LTO enabled gcc. >> >> Compilation of Gentoo package /net-nds/openldap-2.4.38-r1 ended with: > > > You cut off the trace just at the crucial line. It should say, e.g.: > > ar ru librewrite.a config.o context.o info.o ldapmap.o map.o params.o rule.o > session.o subst.o var.o xmap.o version.o > ar: creating librewrite.a > > Anyway, I see no build errors here. Closing this ITS. Ask for help on the > -technical mailing list. > >> x86_64-pc-linux-gnu-ar: creating librewrite.a >> /bin/bash ../../libtool --mode=link x86_64-pc-linux-gnu-gcc -O2 -ggdb >> -pipe >> -march=native -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE >> -Wl,--as-needed -Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb >> -pipe >> -march=native -mtune=native -flto=4 -fuse-linker-plugin -o rewrite >> rewrite.o >> parse.o librewrite.a ../../libraries/liblutil/liblutil.a >> ../../libraries/libldap_r/libldap_r.la ../../libraries/liblber/liblber.la >> -lssl -lcrypto -lcrypt -lresolv -pthread >> libtool: link: x86_64-pc-linux-gnu-gcc -O2 -ggdb -pipe -march=native >> -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE -Wl,-O1 >> -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb -pipe -march=native >> -mtune=native -flto=4 -fuse-linker-plugin -o .libs/rewrite rewrite.o >> parse.o >> -pthread -Wl,--as-needed librewrite.a ../../libraries/liblutil/liblutil.a >> ../../libraries/libldap_r/.libs/libldap_r.so >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/liblber/.libs/liblber.so >> ../../libraries/liblber/.libs/liblber.so -lssl -lcrypto -lcrypt -lresolv >> -pthread >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: >> In >> function `rewrite_read': >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/parse.c:112: >> undefined reference to `rewrite_parse' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: >> In >> function `main': >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:141: >> undefined reference to `lutil_atoix' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: >> In >> function `apply': >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:52: >> undefined reference to `rewrite_info_init' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:58: >> undefined reference to `rewrite_param_set' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:60: >> undefined reference to `rewrite_session_init' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:75: >> undefined reference to `rewrite_session' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:120: >> undefined reference to `rewrite_session_delete' >> >> /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:122: >> undefined reference to `rewrite_info_delete' >> collect2: error: ld returned 1 exit status >> Makefile:290: recipe for target 'rewrite' failed >> make[2]: *** [rewrite] Error 1 >> make[2]: Leaving directory >> >> '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite' >> Makefile:296: recipe for target 'all-common' failed >> make[1]: *** [all-common] Error 1 >> make[1]: Leaving directory >> >> '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries' >> Makefile:312: recipe for target 'all-common' failed >> >> Coul you kindly please look into it? I think that header(s) can be missing >> in >> source files and library(ies) at link time. >> >> I uploaded david-kredba-20131213-build.log and >> david-kredba-20131213-config.log >> to your ftp server. >> >> Thank you in advance. >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/

9 years, 5 months

1
0
0 / 0

(ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown

by nhosoi＠gmail.com

Full_Name: Noriko Hosoi Version: 2.4.35-4 OS: Fedora 18 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (209.132.181.86) We use the OpenLdap library in our software. LDAP clients could send too large ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. We'd like to learn how large the ber size we should prepare from the error. When we look into the BerElement ber using gdb, ber->ber_len stores the value. But the value is not returned to the caller when the API fails, e.g., by the overflow. Could it be possible to have a way to retrieve the ber size under any condition?

9 years, 5 months

1
0
0 / 0

Re: (ITS#7763) undefined references during LTO enabled build

by hyc＠symas.com

nheghathivhistha(a)gmail.com wrote: > Full_Name: David Kredba > Version: 2.4.38 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (88.101.228.82) > > > I am trying to rebuild my system with LTO enabled gcc. > > Compilation of Gentoo package /net-nds/openldap-2.4.38-r1 ended with: You cut off the trace just at the crucial line. It should say, e.g.: ar ru librewrite.a config.o context.o info.o ldapmap.o map.o params.o rule.o session.o subst.o var.o xmap.o version.o ar: creating librewrite.a Anyway, I see no build errors here. Closing this ITS. Ask for help on the -technical mailing list. > x86_64-pc-linux-gnu-ar: creating librewrite.a > /bin/bash ../../libtool --mode=link x86_64-pc-linux-gnu-gcc -O2 -ggdb -pipe > -march=native -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE > -Wl,--as-needed -Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb -pipe > -march=native -mtune=native -flto=4 -fuse-linker-plugin -o rewrite rewrite.o > parse.o librewrite.a ../../libraries/liblutil/liblutil.a > ../../libraries/libldap_r/libldap_r.la ../../libraries/liblber/liblber.la > -lssl -lcrypto -lcrypt -lresolv -pthread > libtool: link: x86_64-pc-linux-gnu-gcc -O2 -ggdb -pipe -march=native > -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE -Wl,-O1 > -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb -pipe -march=native > -mtune=native -flto=4 -fuse-linker-plugin -o .libs/rewrite rewrite.o parse.o > -pthread -Wl,--as-needed librewrite.a ../../libraries/liblutil/liblutil.a > ../../libraries/libldap_r/.libs/libldap_r.so > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/liblber/.libs/liblber.so > ../../libraries/liblber/.libs/liblber.so -lssl -lcrypto -lcrypt -lresolv > -pthread > /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In > function `rewrite_read': > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/parse.c:112: > undefined reference to `rewrite_parse' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In > function `main': > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:141: > undefined reference to `lutil_atoix' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In > function `apply': > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:52: > undefined reference to `rewrite_info_init' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:58: > undefined reference to `rewrite_param_set' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:60: > undefined reference to `rewrite_session_init' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:75: > undefined reference to `rewrite_session' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:120: > undefined reference to `rewrite_session_delete' > /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:122: > undefined reference to `rewrite_info_delete' > collect2: error: ld returned 1 exit status > Makefile:290: recipe for target 'rewrite' failed > make[2]: *** [rewrite] Error 1 > make[2]: Leaving directory > '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite' > Makefile:296: recipe for target 'all-common' failed > make[1]: *** [all-common] Error 1 > make[1]: Leaving directory > '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries' > Makefile:312: recipe for target 'all-common' failed > > Coul you kindly please look into it? I think that header(s) can be missing in > source files and library(ies) at link time. > > I uploaded david-kredba-20131213-build.log and david-kredba-20131213-config.log > to your ftp server. > > Thank you in advance. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

9 years, 5 months

1
0
0 / 0

(ITS#7763) undefined references during LTO enabled build

by nheghathivhistha＠gmail.com

Full_Name: David Kredba Version: 2.4.38 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.101.228.82) I am trying to rebuild my system with LTO enabled gcc. Compilation of Gentoo package /net-nds/openldap-2.4.38-r1 ended with: x86_64-pc-linux-gnu-ar: creating librewrite.a /bin/bash ../../libtool --mode=link x86_64-pc-linux-gnu-gcc -O2 -ggdb -pipe -march=native -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE -Wl,--as-needed -Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb -pipe -march=native -mtune=native -flto=4 -fuse-linker-plugin -o rewrite rewrite.o parse.o librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/libldap_r.la ../../libraries/liblber/liblber.la -lssl -lcrypto -lcrypt -lresolv -pthread libtool: link: x86_64-pc-linux-gnu-gcc -O2 -ggdb -pipe -march=native -mtune=native -flto=4 -fuse-linker-plugin -D_GNU_SOURCE -Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -O2 -ggdb -pipe -march=native -mtune=native -flto=4 -fuse-linker-plugin -o .libs/rewrite rewrite.o parse.o -pthread -Wl,--as-needed librewrite.a ../../libraries/liblutil/liblutil.a ../../libraries/libldap_r/.libs/libldap_r.so /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/liblber/.libs/liblber.so ../../libraries/liblber/.libs/liblber.so -lssl -lcrypto -lcrypt -lresolv -pthread /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In function `rewrite_read': /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/parse.c:112: undefined reference to `rewrite_parse' /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In function `main': /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:141: undefined reference to `lutil_atoix' /var/tmp/portage/net-nds/openldap-2.4.38-r1/temp/ccTxyjV6.ltrans0.ltrans.o: In function `apply': /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:52: undefined reference to `rewrite_info_init' /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:58: undefined reference to `rewrite_param_set' /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:60: undefined reference to `rewrite_session_init' /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:75: undefined reference to `rewrite_session' /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:120: undefined reference to `rewrite_session_delete' /var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite/rewrite.c:122: undefined reference to `rewrite_info_delete' collect2: error: ld returned 1 exit status Makefile:290: recipe for target 'rewrite' failed make[2]: *** [rewrite] Error 1 make[2]: Leaving directory '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries/librewrite' Makefile:296: recipe for target 'all-common' failed make[1]: *** [all-common] Error 1 make[1]: Leaving directory '/var/tmp/portage/net-nds/openldap-2.4.38-r1/work/openldap-2.4.38/libraries' Makefile:312: recipe for target 'all-common' failed Coul you kindly please look into it? I think that header(s) can be missing in source files and library(ies) at link time. I uploaded david-kredba-20131213-build.log and david-kredba-20131213-config.log to your ftp server. Thank you in advance.

9 years, 5 months

1
0
0 / 0

Re: (ITS#7762) ldap_dn2bv_x misbehaves for "empty" dn

by hyc＠symas.com

marc.schmitzer(a)richard-wolf.com wrote: > Full_Name: Marc Schmitzer > Version: 2.4.28 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (217.6.229.211) > > > The ldap_dn2bv_x function misbehaves for the LDAPV2 and LDAPV3 formats when it > is passed an "empty" DN in the form of an LDAPRDN-array whose first element is > NULL. The "len" variable remains zero throughout the function, as no RDNS are > processed. Finally, the bv_len member of the output struct berval is set to > len-1. The result is a berval with bv_len = UINT_MAX. > > Tested with 2.4.28, but the problem appears to present in the current git master > as well. Thanks for the report, fixed now in git master. > > The following code snippet demonstrates the problem: > > #include <stdio.h> > #include <ldap.h> > > int main(int argc, char** argv) > { > LDAPRDN dn[1] = { NULL }; > struct berval bv = { 0, NULL }; > int res = ldap_dn2bv(dn, &bv, LDAP_DN_FORMAT_LDAPV3); > > printf("res: %d\n", res); > printf("len: %u\n", (unsigned int) bv.bv_len); > > return 0; > } > > > Output: > res: 0 > len: 4294967295 > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

9 years, 5 months

1
0
0 / 0

(ITS#7762) ldap_dn2bv_x misbehaves for "empty" dn

by marc.schmitzer＠richard-wolf.com

Full_Name: Marc Schmitzer Version: 2.4.28 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (217.6.229.211) The ldap_dn2bv_x function misbehaves for the LDAPV2 and LDAPV3 formats when it is passed an "empty" DN in the form of an LDAPRDN-array whose first element is NULL. The "len" variable remains zero throughout the function, as no RDNS are processed. Finally, the bv_len member of the output struct berval is set to len-1. The result is a berval with bv_len = UINT_MAX. Tested with 2.4.28, but the problem appears to present in the current git master as well. The following code snippet demonstrates the problem: #include <stdio.h> #include <ldap.h> int main(int argc, char** argv) { LDAPRDN dn[1] = { NULL }; struct berval bv = { 0, NULL }; int res = ldap_dn2bv(dn, &bv, LDAP_DN_FORMAT_LDAPV3); printf("res: %d\n", res); printf("len: %u\n", (unsigned int) bv.bv_len); return 0; } Output: res: 0 len: 4294967295

9 years, 5 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2013