openldap-bugs September 2017

openldap-bugs@openldap.org

35 participants
128 discussions

Re: (ITS#8638) Recursive mutex in libldap_r
by hyc＠symas.com 26 Sep '17

26 Sep '17

ondra(a)mistotebe.net wrote: >> IMO using recursive mutexes means your code is broken. We introduced these for >> accesslog.c but in fact we could avoid them at zero cost. Also I don't see the >> relevance of libevent to this discussion. We use our own event mechanism and >> it is more efficient than libevent. > > libevent is a dependency for the load balancer that I intend to propose > for integration into the project after all the relevant dependencies > have come in. > > There is a new version of this patch that provides an implementation on > each platform or defers to the existing one (as per each platform's > documentation). Untested except on POSIX and most of them seem pretty > arcane anyway. > > ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170918-ITS8638-libldap_r-re… > It looks like glibc still doesn't define PTHREAD_MUTEX_RECURSIVE by default, it requires compiling with either -D_GNU_SOURCE or -D_XOPEN_SOURCE. The feature itself appears to be part of UNIX98. It's likely that all pthread implementations available today support it, but it still seems a bit iffy. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8612) lmdb build fails on illumos / solaris
by lorban＠bitronix.be 23 Sep '17

23 Sep '17

--001a113f4a9a1feda10559dd9d6c Content-Type: text/plain; charset="UTF-8" LGTM. Thanks for the fix! On Fri, Sep 22, 2017 at 10:56 PM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, March 06, 2017 6:21 PM +0000 lorban(a)bitronix.be wrote: > > Full_Name: Ludovic Orban >> Version: >> OS: OmniOS r151020 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (2a02:a03f:1cdc:c300:384b:af79:f57c:b134) >> > > Thanks for the report! I was able to reproduce this issue under Solaris > as well. > > My proprosed fix is in: > > <https://github.com/quanah/openldap-scratch/tree/its8612> > > Regards, > Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > --001a113f4a9a1feda10559dd9d6c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">LGTM. Thanks for the fix!</div><div class=3D"gmail_extra">= <br><div class=3D"gmail_quote">On Fri, Sep 22, 2017 at 10:56 PM, Quanah Gib= son-Mount <span dir=3D"ltr"><<a href=3D"mailto:quanah@symas.com" target= =3D"_blank">quanah(a)symas.com</a>></span> wrote:<br><blockquote class=3D"= gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-= left:1ex">--On Monday, March 06, 2017 6:21 PM +0000 <a href=3D"mailto:lorba= n(a)bitronix.be" target=3D"_blank">lorban(a)bitronix.be</a> wrote:<br> <br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: Ludovic Orban<br> Version:<br> OS: OmniOS r151020<br> URL: <a href=3D"ftp://ftp.openldap.org/incoming/" rel=3D"noreferrer" target= =3D"_blank">ftp://ftp.openldap.org/incomin<wbr>g/</a><br> Submission from: (NULL) (2a02:a03f:1cdc:c300:384b:af79<wbr>:f57c:b134)<br> </blockquote> <br> Thanks for the report!=C2=A0 I was able to reproduce this issue under Solar= is as well.<br> <br> My proprosed fix is in:<br> <br> <<a href=3D"https://github.com/quanah/openldap-scratch/tree/its8612" rel= =3D"noreferrer" target=3D"_blank">https://github.com/quanah/ope<wbr>nldap-s= cratch/tree/its8612</a>><br> <br> Regards,<br> Quanah<br> <br> --<br> <br> Quanah Gibson-Mount<br> Product Architect<br> Symas Corporation<br> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:<br> <<a href=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">h= ttp://www.symas.com</a>><br> <br> </blockquote></div><br></div> --001a113f4a9a1feda10559dd9d6c--

1 0

Re: (ITS#8687) openldap fails to link w/ openssl 1.1 built w/ no-egd
by quanah＠symas.com 22 Sep '17

22 Sep '17

--On Friday, September 22, 2017 3:08 PM -0700 Daniel Kurtz=20 <djkurtz(a)google.com> wrote: > Yes, I'll try to find time to test it.=C2=A0 Thanks for looking into = this! > In fact, I think I already have one: > https://chromium-review.googlesource.com/#/c/563276/4/net-nds/openldap/fi > les/openldap-2.4.45-no-EGD.patch Ok, I'll take a look at your patch as well. Mine is at: <https://github.com/quanah/openldap-scratch/commit/e126bf7ea3c2c7046b0884269= 4fdbf750200894f> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8687) openldap fails to link w/ openssl 1.1 built w/ no-egd
by djkurtz＠google.com 22 Sep '17

22 Sep '17

--001a1141d7e85161e00559cd9fbe Content-Type: text/plain; charset="UTF-8" On Fri, Sep 22, 2017 at 8:05 AM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Wednesday, September 20, 2017 4:06 AM +0000 djkurtz(a)google.com wrote: > > Out of curiosity, what OS were you compiling on that didn't have >>> /dev/urandom available? >>> >> >> This occurs when cross compiling. See: >> https://github.com/openldap/openldap/blob/master/configure.in#L2197 >> > > Perfect, tyvm! Patch seems like it should be fairly straight forward. If > I send you one, would you be able to test it? Yes, I'll try to find time to test it. Thanks for looking into this! In fact, I think I already have one: https://chromium-review.googlesource.com/#/c/563276/4/net-nds/openldap/file… > > > --Quanah > > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > -- Daniel Kurtz | Software Engineer | djkurtz(a)google.com | 650.204.0722 <(650)%20204-0722> --001a1141d7e85161e00559cd9fbe Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo= te">On Fri, Sep 22, 2017 at 8:05 AM, Quanah Gibson-Mount <span dir=3D"ltr">= <<a href=3D"mailto:quanah@symas.com" target=3D"_blank">quanah(a)symas.com<= /a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:= 0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">= <span>--On Wednesday, September 20, 2017 4:06 AM +0000 <a href=3D"mailto:dj= kurtz(a)google.com" target=3D"_blank">djkurtz(a)google.com</a> wrote:<br> <br> </span><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;= border-left:1px solid rgb(204,204,204);padding-left:1ex"><span><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol= id rgb(204,204,204);padding-left:1ex"> Out of curiosity, what OS were you compiling on that didn't have<br> /dev/urandom available?<br> </blockquote> <br></span><span> This occurs when cross compiling.=C2=A0 See:<br> <a href=3D"https://github.com/openldap/openldap/blob/master/configure.in#L2= 197" rel=3D"noreferrer" target=3D"_blank">https://github.com/openldap/op<wb= r>enldap/blob/master/configure.i<wbr>n#L2197</a><br> </span></blockquote> <br> Perfect, tyvm!=C2=A0 Patch seems like it should be fairly straight forward.= =C2=A0 If I send you one, would you be able to test it?</blockquote><div><b= r></div><div>Yes, I'll try to find time to test it.=C2=A0 Thanks for lo= oking into this!</div><div>In fact, I think I already have one:</div><div><= a href=3D"https://chromium-review.googlesource.com/#/c/563276/4/net-nds/ope= nldap/files/openldap-2.4.45-no-EGD.patch">https://chromium-review.googlesou= rce.com/#/c/563276/4/net-nds/openldap/files/openldap-2.4.45-no-EGD.patch</a= ><br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"marg= in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e= x"><span class=3D"gmail-m_-7533148463480577044HOEnZb"><font color=3D"#88888= 8"><br> <br> --Quanah</font></span><div class=3D"gmail-m_-7533148463480577044HOEnZb"><di= v class=3D"gmail-m_-7533148463480577044h5"><br> <br> <br> <br> --<br> <br> Quanah Gibson-Mount<br> Product Architect<br> Symas Corporation<br> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:<br> <<a href=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">h= ttp://www.symas.com</a>><br> <br> </div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>= <div class=3D"gmail-m_-7533148463480577044gmail_signature"><span style=3D"f= ont-family:"Times New Roman";font-size:medium"><div style=3D"line= -height:1.5em;padding-top:10px;margin-top:10px;color:rgb(85,85,85);font-fam= ily:sans-serif;font-size:small"><span style=3D"border-width:2px 0px 0px;bor= der-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px"= >Daniel Kurtz=C2=A0|</span><span style=3D"border-width:2px 0px 0px;border-s= tyle:solid;border-color:rgb(51,105,232);padding-top:2px;margin-top:2px">=C2= =A0Software Engineer=C2=A0|</span><span style=3D"border-width:2px 0px 0px;b= order-style:solid;border-color:rgb(0,153,57);padding-top:2px;margin-top:2px= ">=C2=A0<a href=3D"mailto:djkurtz@google.com" target=3D"_blank">djkurtz@goo= gle.com</a>=C2=A0<wbr>|</span><span style=3D"border-width:2px 0px 0px;borde= r-style:solid;border-color:rgb(238,178,17);padding-top:2px;margin-top:2px">= =C2=A0<a href=3D"tel:(650)%20204-0722" value=3D"+16502040722" target=3D"_bl= ank">650.204.0722</a></span></div></span></div> </div></div> --001a1141d7e85161e00559cd9fbe--

1 0

Re: (ITS#8612) lmdb build fails on illumos / solaris
by quanah＠symas.com 22 Sep '17

22 Sep '17

--On Monday, March 06, 2017 6:21 PM +0000 lorban(a)bitronix.be wrote: > Full_Name: Ludovic Orban > Version: > OS: OmniOS r151020 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2a02:a03f:1cdc:c300:384b:af79:f57c:b134) Thanks for the report! I was able to reproduce this issue under Solaris as well. My proprosed fix is in: <https://github.com/quanah/openldap-scratch/tree/its8612> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8687) openldap fails to link w/ openssl 1.1 built w/ no-egd
by quanah＠symas.com 22 Sep '17

22 Sep '17

--On Wednesday, September 20, 2017 4:06 AM +0000 djkurtz(a)google.com wrote: >> Out of curiosity, what OS were you compiling on that didn't have >> /dev/urandom available? > > This occurs when cross compiling. See: > https://github.com/openldap/openldap/blob/master/configure.in#L2197 Perfect, tyvm! Patch seems like it should be fairly straight forward. If I send you one, would you be able to test it? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8737) LMDB allows creation of multiple databases in same directory
by hyc＠symas.com 22 Sep '17

22 Sep '17

Aleksey Kamensky wrote: > And on the other hand saying "not an issue because no one else does it this > way" is not a good approach IMO as it only stimulates copying and does not > help those offering improvements. Feel free to submit a patch improving the situation. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8739) Better check for fsync on FreeBSD
by gahr＠gahr.ch 22 Sep '17

22 Sep '17

Full_Name: Pietro Cerutti Version: lmdb 0.9.21 OS: FreeBSD 11.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (69.191.176.33) This patch allows for a finer-grained control over which FreeBSD versions support fdatasync. This allows us to get rid of a custom patch in our ports. --- mdb.c.orig 2017-06-01 16:51:10 UTC +++ mdb.c @@ -125,6 +125,8 @@ typedef SSIZE_T ssize_t; # define MDB_FDATASYNC fsync #elif defined(ANDROID) # define MDB_FDATASYNC fsync +#elif defined(__FreeBSD_version) && __FreeBSD_version < 1101000 +# define MDB_FDATASYNC fsync #endif #ifndef _WIN32

1 0

Re: (ITS#8737) LMDB allows creation of multiple databases in same directory
by aleksey.kamensky＠gmail.com 22 Sep '17

22 Sep '17

--94eb2c075988d198060559c39077 Content-Type: text/plain; charset="UTF-8" On Wed, Sep 20, 2017 at 7:28 PM, Howard Chu <hyc(a)symas.com> wrote: > aleksey.kamensky(a)gmail.com wrote: > >> Full_Name: Alexey Kamenskiy >> Version: 2.4.45 >> OS: CentOS Linux release 7.3.1611 (Core) >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (220.248.35.50) >> >> >> Setting up fresh 2.4.45 with MDB noticed that MDB does allow to create >> multiple >> databases in the same directory (noticed by mistake of creating multiple >> MDBs in >> default /var/lib/ldap). >> >> It shows no error and no any warning. After this ALL of the databases are >> writeable and readable. On reading the results returned for all 3 >> databases (and >> not for the DIT specified in ldapsearch -b). >> > > None of the other backends protect from this either. (Nor can they, since > any individual backend doesn't know anything about any other backend's > configuration.) Not a bug. You are right that other backends (I am talking here hdb/bdb) do not explicitly check for this, but those backends will produce error on attempt to read/write into database created in the directory where DB already exists. LMDB just works in this case and returns bad results if try to read. Even if not intentionally those errors serve as a reminder that one should not create two DBs in same directory. And on the other hand saying "not an issue because no one else does it this way" is not a good approach IMO as it only stimulates copying and does not help those offering improvements. --94eb2c075988d198060559c39077 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo= te">On Wed, Sep 20, 2017 at 7:28 PM, Howard Chu <span dir=3D"ltr"><<a hr= ef=3D"mailto:hyc@symas.com" target=3D"_blank">hyc(a)symas.com</a>></span> = wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord= er-left:1px #ccc solid;padding-left:1ex"><a href=3D"mailto:aleksey.kamensky= @gmail.com" target=3D"_blank">aleksey.kamensky(a)gmail.com</a> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: Alexey Kamenskiy<br> Version: 2.4.45<br> OS: CentOS Linux release 7.3.1611 (Core)<br> URL: <a href=3D"ftp://ftp.openldap.org/incoming/" rel=3D"noreferrer" target= =3D"_blank">ftp://ftp.openldap.org/incomin<wbr>g/</a><br> Submission from: (NULL) <a href=3D"tel:%28220.248.35.50" value=3D"+12202483= 550" target=3D"_blank">(220.248.35.50</a>)<br> <br> <br> Setting up fresh 2.4.45 with MDB noticed that MDB does allow to create mult= iple<br> databases in the same directory (noticed by mistake of creating multiple MD= Bs in<br> default /var/lib/ldap).<br> <br> It shows no error and no any warning. After this ALL of the databases are<b= r> writeable and readable. On reading the results returned for all 3 databases= (and<br> not for the DIT specified in ldapsearch -b).<br> </blockquote> <br> None of the other backends protect from this either. (Nor can they, since a= ny individual backend doesn't know anything about any other backend&#39= ;s configuration.) Not a bug.</blockquote><div><br></div><div>You are right= that other backends (I am talking here hdb/bdb) do not explicitly check fo= r this, but those backends will produce error on attempt to read/write into= database created in the directory where DB already exists. LMDB just works= in this case and returns bad results if try to read.</div><div><br></div><= div>Even if not intentionally those errors serve as a reminder that one sho= uld not create two DBs in same directory.</div><div><br></div><div>And on t= he other hand saying "not an issue because no one else does it this wa= y" is not a good approach IMO as it only stimulates copying and does n= ot help those offering improvements.</div><div>=C2=A0</div></div></div></di= v> --94eb2c075988d198060559c39077--

1 0

(ITS#8738) test066-autoca aborts with TLS error
by dieter＠dkluenter.de 20 Sep '17

20 Sep '17

Full_Name: Dieter Kluenter Version: OS: OpenSUSE URL: ftp://ftp.openldap.org/incoming/dkluenter-20-07-17-autoca.patch Submission from: (NULL) (93.214.247.185) test066-autoca aborts with adding new entry "cn=module,cn=config" adding new entry "olcOverlay=autoca,olcDatabase={1}mdb,cn=config" dn: cn=localhost,ou=Servers,dc=example,dc=com userCertificate;binary: userPrivateKey;binary: ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate this small patch solves this error

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2017