openldap-bugs September 2017

openldap-bugs@openldap.org

35 participants
128 discussions

(ITS#8749) Proxy: LDAP-querry doesn't work for e.g (userAccountControl:1.2.840.113556.1.4.803:=2)
by steffen.krahl＠nexio.de 30 Sep '17

30 Sep '17

Full_Name: Steffen Krahl Version: 2.4-2 OS: Ubuntu 16.04.3 LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.168.136.108) I'm using OpenLDAP with LDAP-backend as proxy for ActiveDirectory It's working well so far, only LDAP-queries which should exclude deactivated users don't work. It seems slapd does not accept queries like (attribute:OID:=value) in particular (&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fails due to the part ":1.2.840.113556.1.4.803:". The query itself works fine for ActiveDirectory itself. to make blind test: (userAccountControl:1.2.840.113556.1.4.803:=2) will not get any object back (but should) I'm quite new to OpenLDAP, but it seems an issue. performing upper query gets: Oct 1 00:45:33 nxld01 slapd[3002]: str2filter "(&(sAMAccountType= 805306368)(?=error))" Oct 1 00:45:33 nxld01 kernel: [49436.933735] slapd[3005]: segfault at 18 ip 00007ff4f783d512 sp 00007ff4f1afc810 error 4 in libc-2.23.so[7ff4f77b9000+1c0000] performing the following query (&(objectClass=*)(userAccountControl:1.2.840.113556.1.4.803:=2)) will get following log wntry: Oct 1 00:49:07 nxld01 slapd[3033]: str2filter "(&(objectClass=*)(!(objectClass=*)))" seems a little bit strange BR Steffen

1 0

Re: (ITS#8745) Need to join Windows server 2012 R2 to open lapd as a client
by ryan＠openldap.org 29 Sep '17

29 Sep '17

On Thu, Sep 28, 2017 at 07:11:35AM +0000, ramkumar(a)mgtechsoft.com wrote: >Request you to inform whether can we join windows 2012 server to Open Ldap as >client? > >and if it is possible please share the procedure with us. The ITS system is for reporting software bugs, not for support questions. If you have a question about OpenLDAP, please contact the openldap-technical(a)openldap.org mailing list. In your specific case, it sounds like your question is actually about Samba, not about OpenLDAP. As well, "opeldap.sdef.com" sounds like it might be a typo, so please check your spelling carefully. This ITS will be closed.

1 0

Re: (ITS#8748)
by quanah＠symas.com 29 Sep '17

29 Sep '17

--On Friday, September 29, 2017 9:19 PM +0000 rouzier(a)gmail.com wrote: > --94eb2c1913c4df2dad055a59bed1 > Content-Type: text/plain; charset="UTF-8" > > I, James Rouzier, hereby place the following modifications to OpenLDAP > Software (and only these modifications) into the public domain. Hence, > these modifications may be freely used and/or redistributed for any > purpose with or without attribution and/or other notice. Thanks! --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8748)
by rouzier＠gmail.com 29 Sep '17

29 Sep '17

--94eb2c1913c4df2dad055a59bed1 Content-Type: text/plain; charset="UTF-8" I, James Rouzier, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. --94eb2c1913c4df2dad055a59bed1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div><div>I, James Rouzier, hereby place the following mod= ifications to OpenLDAP Software (and only these modifications) into the pub= lic domain. Hence, these modifications may be freely used and/or redistribu= ted for any purpose with or without attribution and/or other notice.</div><= /div><div><br></div></div> --94eb2c1913c4df2dad055a59bed1--

1 0

Re: (ITS#8748) New feature for LMDB
by quanah＠symas.com 29 Sep '17

29 Sep '17

--On Friday, September 29, 2017 8:53 PM +0000 rouzier(a)gmail.com wrote: > Full_Name: James Rouzier > Version: N/A > OS: N/A > URL: ftp://ftp.openldap.org/incoming/rouzier-170929.patch > Submission from: (NULL) (192.222.197.109) > > > Add the ability to not block when opening a write transaction for LMDB Hi James, This submission is missing an IPR as per: <http://www.openldap.org/devel/contributing.html#notice> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8748) New feature for LMDB
by rouzier＠gmail.com 29 Sep '17

29 Sep '17

Full_Name: James Rouzier Version: N/A OS: N/A URL: ftp://ftp.openldap.org/incoming/rouzier-170929.patch Submission from: (NULL) (192.222.197.109) Add the ability to not block when opening a write transaction for LMDB

1 0

(ITS#8747) LDAP load balancer daemon (lloadd)
by ondra＠openldap.org 28 Sep '17

28 Sep '17

Full_Name: Ondrej Kuznik Version: master OS: URL: https://github.com/mistotebe/openldap/tree/lloadd Submission from: (NULL) (82.10.24.68) The 'lloadd' branch linked above contains the load balancer code that is now ready for review. This adds a new server to the OpenLDAP project, a load balancing proxy (prototype). Also, the tls branch contains the work in progress toward StartTLS/ldaps support (which works apart from certificate checking) and can be merged once ITS#8746 has been closed. To test, make sure you have libevent >= 2.0 installed and regenerate the configure script which now accepts the --enable-balancer option. The code in question has only been compiled/tested on Linux so far.

1 0

(ITS#8746) Add ldap_pvt_tls_connect()
by ondra＠openldap.org 28 Sep '17

28 Sep '17

Full_Name: Ondrej Kuznik Version: master OS: URL: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170928-ldap_pvt_tls_connect… Submission from: (NULL) (82.10.24.68) There is no way to reuse the libldap implementation to set up a client TLS layer on a Sockbuf. This exposes ldap_int_tls_connect through ldap_pvt.h as ldap_pvt_tls_connect. Needless to say, skipping the full libldap infrastructure means it is up to the user to do certificate verification etc. when using this API.

1 0

(ITS#8745) Need to join Windows server 2012 R2 to open lapd as a client
by ramkumar＠mgtechsoft.com 28 Sep '17

28 Sep '17

Full_Name: Ramkumar Raman Version: 2.4.28 OS: Ubuntu 12.04 LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (14.143.3.78) Hello Team, I configured open ldap 2.4.28 with samba version 3.6.25 on Ubuntu 12.04 LTS server. And now window 7 to Windows 2008 R2 server I could able to join with open ldap. But, When we try to join windows server 2012 R2 server it is not happening and error which I am facing is as follows, Error: /// The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "opeldap.sdef.com": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.opeldap.sdef.com Common causes of this error include the following: - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: XXX.XX.XX.X XXX.XX.XX.XXX - One or more of the following zones do not include delegation to its child zone: opeldap.sdef.com sdef.com com . (the root zone) // Request you to inform whether can we join windows 2012 server to Open Ldap as client? and if it is possible please share the procedure with us. Thanks for your reply in advance. Regards, Ramkumar R

1 0

Re: (ITS#8732) LDAP_CIRCLEQ improvements
by hyc＠symas.com 27 Sep '17

27 Sep '17

okuznik(a)symas.com wrote: > On Tue, Sep 26, 2017 at 02:00:40PM +0100, Howard Chu wrote: >> Nothing in this patch says "rotate" anywhere. Please add some more >> descriptive comments describing the purpose of each new macro. > > A version with the circular queue description extended to cover the > rotation macros is available here: > > ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170926-LDAP_CIRCLEQ.patch OK. Go ahead and merge. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2017