openldap-bugs December 2015

openldap-bugs@openldap.org

25 participants
52 discussions

Start a nNew thread

Re: (ITS#8333) NAME 'internationalISDNNumber' (RFC 4519)
by michael＠stroeder.com 05 Dec '15

05 Dec '15

Just in case the attachement gets messed up by ITS: ftp://ftp.openldap.org/incoming/openldap-its-8333.patch

1 0

Re: (ITS#8333) NAME 'internationalISDNNumber' (RFC 4519)
by michael＠stroeder.com 05 Dec '15

05 Dec '15

This is a multi-part message in MIME format. --------------080406050505060905010701 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: 7bit The attached patch (git master) fixes this. --------------080406050505060905010701 Content-Type: text/x-patch; name="openldap-its-8333.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="openldap-its-8333.patch" diff --git a/servers/slapd/schema/core.ldif b/servers/slapd/schema/core.ldif index aed7349..5abb7f0 100644 --- a/servers/slapd/schema/core.ldif +++ b/servers/slapd/schema/core.ldif @@ -193,7 +193,7 @@ olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) # -olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' +olcAttributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch @@ -377,7 +377,7 @@ olcObjectClasses: ( 2.5.6.4 NAME 'organization' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) # @@ -388,7 +388,7 @@ olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) # @@ -403,7 +403,7 @@ olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) # @@ -413,7 +413,7 @@ olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) @@ -430,7 +430,7 @@ olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ) @@ -497,7 +497,7 @@ olcObjectClasses: ( 2.5.6.20 NAME 'dmd' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) # diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema index 0257cff..3e44488 100644 --- a/servers/slapd/schema/core.schema +++ b/servers/slapd/schema/core.schema @@ -195,7 +195,7 @@ attributetype ( 2.5.4.24 NAME 'x121Address' SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) -attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' +attributetype ( 2.5.4.25 NAME 'internationalISDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch @@ -385,7 +385,7 @@ objectclass ( 2.5.6.4 NAME 'organization' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) @@ -396,7 +396,7 @@ objectclass ( 2.5.6.5 NAME 'organizationalUnit' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) @@ -411,7 +411,7 @@ objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) @@ -421,7 +421,7 @@ objectclass ( 2.5.6.8 NAME 'organizationalRole' MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) @@ -438,7 +438,7 @@ objectclass ( 2.5.6.10 NAME 'residentialPerson' MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ) @@ -505,7 +505,7 @@ objectclass ( 2.5.6.20 NAME 'dmd' MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) --------------080406050505060905010701--

1 0

Re: (ITS#8333) NAME 'internationalISDNNumber' (RFC 4519)
by hyc＠symas.com 05 Dec '15

05 Dec '15

michael(a)stroeder.com wrote: > Full_Name: Michael Str.der > Version: HEAD > OS: > URL: > Submission from: (NULL) (213.240.180.113) > > > Very minor nit-pick: > > It seems the attribute type description for 'internationalISDNNumber' is still > taken from: > > https://tools.ietf.org/html/rfc2256#section-5.26 > this has NAME 'internationaliSDNNumber' > > Instead of: > https://tools.ietf.org/html/rfc4519#section-2.15 > > There are several items in core.schema that need to be updated to RFC 45xx. Patches welcome. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8333) NAME 'internationalISDNNumber' (RFC 4519)
by michael＠stroeder.com 05 Dec '15

05 Dec '15

Full_Name: Michael Str.der Version: HEAD OS: URL: Submission from: (NULL) (213.240.180.113) Very minor nit-pick: It seems the attribute type description for 'internationalISDNNumber' is still taken from: https://tools.ietf.org/html/rfc2256#section-5.26 this has NAME 'internationaliSDNNumber' Instead of: https://tools.ietf.org/html/rfc4519#section-2.15

1 0

Re: (ITS#8332) [LMDB][PATCH] Fix creating mandir
by hyc＠symas.com 04 Dec '15

04 Dec '15

timo.gurr(a)gmail.com wrote: > Full_Name: Timo Gurr > Version: > OS: Linux > URL: http://dpaste.com/19XBCGN.txt > Submission from: (NULL) (217.7.202.108) > > > Now that lmdb-0.9.17 creates the destination directories it fails with: Already fixed in git. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8332) [LMDB][PATCH] Fix creating mandir
by timo.gurr＠gmail.com 04 Dec '15

04 Dec '15

Full_Name: Timo Gurr Version: OS: Linux URL: http://dpaste.com/19XBCGN.txt Submission from: (NULL) (217.7.202.108) Now that lmdb-0.9.17 creates the destination directories it fails with: for f in mdb_stat.1 mdb_copy.1 mdb_dump.1 mdb_load.1; do cp $f /var/tmp/paludis/build/dev-db-lmdb-0.9.17/image//usr/share/man/man1; done Makefile:42: recipe for target 'install' failed%mamake -j5 -j1 DESTDIR=/var/tmp/paludis/build/dev-db-lmdb-0.9.17/image/ prefix=/usr/x86_64-pc-linux-gnu mandir=/usr/share/man install cp: cannot create regular file '/var/tmp/paludis/build/dev-db-lmdb-0.9.17/image//r%r/share/man/man1': No such file or directory cp: cannot create regular file '/var/tmp/paludis/build/dev-db-lmdb-0.9.17/image//usr/share/man/man1': No such file or directory cp: cannot create regular file '/var/tmp/paludis/build/dev-db-lmdb-0.9.17/image//usr/share/man/man1': No such file d directory cp: cannot create regular file '/var/tmp/paludis/build/dev-db-lmdb-0.9.17/image//usr/share/man/man1': No such file or directory make: *** [install] Error 1 due to not respecting the path from the newly introduced mandir variable, the patch in URL fixes the issue.

1 0

(ITS#8331) Download mirror list needs updating
by andrew.findlay＠skills-1st.co.uk 04 Dec '15

04 Dec '15

Full_Name: Andrew Findlay Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:8b0:8d0:f7e1::94) The Netherlands mirror has vanished: ftp.nl.uu.net does not resolve in DNS.

1 0

Re: (ITS#8328) Information leak in slapo-auditlog
by hyc＠symas.com 03 Dec '15

03 Dec '15

moritz(a)wikimedia.org wrote: > Full_Name: Moritz M.hlenhoff > Version: 2.4.40 > OS: Debian > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (91.96.145.189) > > > I setup a test system which made use of the slapo-auditlog overlay using these > config options: > > moduleload auditlog > overlay auditlog > auditlog /var/lib/ldap/slapd-audit.log > > The /var/lib/ldap/slapd-audit.log was created with world-readable permissions, > which constitutes a security issue since that file also logs sensitive > attributes which are otherwise protected by ACLs (such as password hashes). > > > Proposed patch: > > diff -aur openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c > openldap-2.4.40+dfsg/rvrvers/slapd/overlays/auditlog.c > --- openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c 2014-09-19 > 01:48:49.000000000 +0000 > +++ openldap-2.4.40+dfsg/servers/slapd/overlays/auditlog.c 2015-12-02 > 11:08:24.331146770 +0000 > @@ -121,6 121,7 @@ > > peername = op->o_conn->c_peer_name; > ldap_pvt_thread_mutex_lock(&ad->ad_mutex); > + umask(027); > if((f = fopen(ad->ad_logfile, "a")) == NULL) { > ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); > return SLAP_CB_CONTINUE; > > > The patch is unacceptable, umask() is process-wide and persistent. No slapd code should be overriding any umask that may have been set when slapd was launched. The correct fix for this is to set the desired umask in whatever startup script you use to start slapd. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8330) Fix robust mutex detection for glibc 2.10 and 2.11
by hyc＠symas.com 03 Dec '15

03 Dec '15

sebastien(a)slaunay.fr wrote: > Full_Name: Sebastien Launay > Version: LMDB 0.9.17 > OS: Ubuntu 10.04.4 LTS x86_64 > URL: https://gist.githubusercontent.com/slaunay/3252415fad66d641e5b1/raw/356a57a… > Submission from: (NULL) (104.36.15.110) > > > I am having trouble compiling version 0.9.17 as well as the master branch of > LMDB with Ubuntu Lucid. > > When compiling the project under Ubuntu Lucid x86_64 (glibc 2.11), I get the > following errors: Thanks, fixed in git mdb.master > The exact version of the glibc is the following: > > $ ldd --version > ldd (Ubuntu EGLIBC 2.11.1-0ubuntu7.21) 2.11.1 > Copyright (C) 2009 Free Stwtware Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > Written by Roland McGrath and Ulrich Drepper. > $ lsb_release -a > No LSB modules are available. > Distribut I ID: Ubuntu > Description: Ubuntu 10.04.4 LTS > Release: 10.04 > Codename: lucid > > I noticed that pthread_mutexattr_setrobust and pthread_mutex_consistent are > provided since 2.12 not 2.10: > https://github.molgen.mpg.de/git-mirror/glibc/commit/402cd98775db1478f64c9b… > https://github.molgen.mpg.de/git-mirror/glibc/commit/78ee21859939ff75ccf8bb… > > After applying the provided fix against master (see attached patch URL), the > compilation and runtime are working properly. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8329) id_query config in the back_sql module
by hyc＠symas.com 03 Dec '15

03 Dec '15

paterry(a)gmx.com wrote: > Full_Name: Paul Terry > Version: 2.4.43 > OS: Red Hat Enterprise Server 6.7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (85.91.5.16) > > > If the following line is in slapd.conf for the back_sql.la module: > > id_query "SELECT id, keyval, oc_map_id, dn FROM ldap_entries WHERE pusername = > ?" > > Then slapd will not start and logs the following error: > > Nov 30 12:00:59 testbrazilldap01 slapd[24111]: /etc/openldap/slapd.conf: line > 36: unknown directive <id_query> inside backend database definition. > > This worked correctly in version 2.4.23. > > After looking through the code, the 'id_query' configuration appears to be > missing from servers/slapd/back-sql/config.c, while it was present in that file > for version 2.4.23. > > I've sent a patch for config.c named paul-terry-151203.patch > > Thanks for the patch. It's incomplete though, the olcSqlIdQuery attribute also needs to be added to the config objectclass. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2015