openldap-bugs July 2018

openldap-bugs@openldap.org

15 participants
34 discussions

(ITS#8879) remove stale link in admin guide
by michael＠stroeder.com 17 Jul '18

17 Jul '18

Full_Name: Version: OS: URL: Submission from: (NULL) (213.240.182.26) There is a stale link in this section of the admin guide: https://www.openldap.org/doc/admin24/overlays.html#Password%20Policy%20Conf… Points to https://symas.com/blog/?page_id=66 which says "No Results Found" In general the admin guide should IMO not point to volatile external resources.

1 0

(ITS#8878) PBKDF2 Is Broken (1 in 64 hashes)
by jroose＠gmail.com 16 Jul '18

16 Jul '18

Full_Name: Jon Roose Version: HEAD OS: Linux URL: Submission from: (NULL) (68.134.180.197) The b64_to_ab64 function within the pbkdf2 password module is incorrect. When str[0] == '+' this function fails to convert that first character to a '.' The file in question is here: contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c and occurs at line 62 in the current version of the file. This occurs because when you write while (*p++), it changes the pointer and skips over the first character of str. This needs to be replaced with a for loop such as: for(char* p = str; *p; p++) This is a significant bug in this module, because it causes the hash algorithm to fail to be replicable by outside hash implementations 1 out of every 64 hashes on average.

1 0

Re: (ITS#8877) Issue while setting up openLDAP 2.4.44 with mdb
by ryan＠openldap.org 10 Jul '18

10 Jul '18

Hello, On Wed, Jul 11, 2018 at 02:16:16AM +0000, sakshi311(a)gmail.com wrote: >Issue while setting up openLDAP 2.4.44 with mdb. Getting following error when >trying to setup up mdb database instead of hdb using ansible - >fatal: [tokyo-ldap1]: FAILED! => {"changed": true, "cmd": ["ldapmodify", "-Y", >"EXTERNAL", "-H", "ldapi:///", "-f", "/tmp/db.ldif"], "delta": "0:00:00.009641", >"end": "2018-07-11 02:02:47.684653", "msg": "non-zero return code", "rc": 32, >"start": "2018-07-11 02:02:47.675012", "stderr": "SASL/EXTERNAL authentication >started\nSASL username: >gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: >0\nldap_modify: No such object (32)\n\tmatched DN: cn=config", "stderr_lines": >["SASL/EXTERNAL authentication started", "SASL username: >gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", >"ldap_modify: No such object (32)", "\tmatched DN: cn=config"], "stdout": >"modifying entry \"olcDatabase={2}mdb,cn=config\"", "stdout_lines": ["modifying >entry \"olcDatabase={2}mdb,cn=config\""]} The ITS is for reporting bugs in the software, not for user support. The command output clearly shows that you are attempting to modify an entity that does not exist. If you need assistance with configuring OpenLDAP, please contact the openldap-technical(a)openldap.org mailing list, or one of the support services listed at <https://www.openldap.org/support/>. This ITS will be closed.

1 0

(ITS#8877) Issue while setting up openLDAP 2.4.44 with mdb
by sakshi311＠gmail.com 10 Jul '18

10 Jul '18

Full_Name: Sakshi Mittal Version: 2.4.44 OS: Centos7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (110.161.122.132) Issue while setting up openLDAP 2.4.44 with mdb. Getting following error when trying to setup up mdb database instead of hdb using ansible - fatal: [tokyo-ldap1]: FAILED! => {"changed": true, "cmd": ["ldapmodify", "-Y", "EXTERNAL", "-H", "ldapi:///", "-f", "/tmp/db.ldif"], "delta": "0:00:00.009641", "end": "2018-07-11 02:02:47.684653", "msg": "non-zero return code", "rc": 32, "start": "2018-07-11 02:02:47.675012", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_modify: No such object (32)\n\tmatched DN: cn=config", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_modify: No such object (32)", "\tmatched DN: cn=config"], "stdout": "modifying entry \"olcDatabase={2}mdb,cn=config\"", "stdout_lines": ["modifying entry \"olcDatabase={2}mdb,cn=config\""]}

1 0

Re: (ITS#8876) Problems About LMDB
by hyc＠symas.com 10 Jul '18

10 Jul '18

wisbyme(a)gmail.com wrote: > Full_Name: Daniel.L > Version: LMDB 0.9.70 > OS: macOS or WIN10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (113.109.207.158) > > > Hello, > > I found some problems about LMDB from github. > Some problems in windows, I have posted the code behind. > The same code in macOS, getting data often fails. It always returns > MDB_NOTFOUND. > But I can't find the reason at all, is it not available in macOS? > > Thank you. No idea what the below means. Learn to use git, learn to use diff. > ------CODES MODIFIED---------------------------------------------------------------------- > > typedef LONG NTSTATUS, *PNTSTATUS; /// LJJ added 2018.07.10 > typedef NTSTATUS WINAPI NtCreateSectionFunc /// LJJ modified 2018.07.10 > (OUT PHANDLE sh, IN ACCESS_MASK acc, > IN void * oa OPTIONAL, > IN PLARGE_INTEGER ms OPTIONAL, > IN ULONG pp, IN ULONG aa, IN HANDLE fh OPTIONAL); > > static NtCreateSectionFunc *NtCreateSection; > > typedef enum _SECTION_INHERIT { > ViewShare = 1, > ViewUnmap = 2 > } SECTION_INHERIT; > > typedef NTSTATUS WINAPI NtMapViewOfSectionFunc /// LJJ modified 2018.07.10 > (IN PHANDLE sh, IN HANDLE ph, > IN OUT PVOID *addr, IN ULONG_PTR zbits, > IN SIZE_T cs, IN OUT PLARGE_INTEGER off OPTIONAL, > IN OUT PSIZE_T vs, IN SECTION_INHERIT ih, > IN ULONG at, IN ULONG pp); > > static NtMapViewOfSectionFunc *NtMapViewOfSection; /// LJJ modified 2018.07.10 > > > HMODULE h = GetModuleHandleA("NTDLL.DLL"); /// LJJ modified 2018.07.10 > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8876) Problems About LMDB
by wisbyme＠gmail.com 09 Jul '18

09 Jul '18

Full_Name: Daniel.L Version: LMDB 0.9.70 OS: macOS or WIN10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (113.109.207.158) Hello, I found some problems about LMDB from github. Some problems in windows, I have posted the code behind. The same code in macOS, getting data often fails. It always returns MDB_NOTFOUND. But I can't find the reason at all, is it not available in macOS? Thank you. ------CODES MODIFIED---------------------------------------------------------------------- typedef LONG NTSTATUS, *PNTSTATUS; /// LJJ added 2018.07.10 typedef NTSTATUS WINAPI NtCreateSectionFunc /// LJJ modified 2018.07.10 (OUT PHANDLE sh, IN ACCESS_MASK acc, IN void * oa OPTIONAL, IN PLARGE_INTEGER ms OPTIONAL, IN ULONG pp, IN ULONG aa, IN HANDLE fh OPTIONAL); static NtCreateSectionFunc *NtCreateSection; typedef enum _SECTION_INHERIT { ViewShare = 1, ViewUnmap = 2 } SECTION_INHERIT; typedef NTSTATUS WINAPI NtMapViewOfSectionFunc /// LJJ modified 2018.07.10 (IN PHANDLE sh, IN HANDLE ph, IN OUT PVOID *addr, IN ULONG_PTR zbits, IN SIZE_T cs, IN OUT PLARGE_INTEGER off OPTIONAL, IN OUT PSIZE_T vs, IN SECTION_INHERIT ih, IN ULONG at, IN ULONG pp); static NtMapViewOfSectionFunc *NtMapViewOfSection; /// LJJ modified 2018.07.10 HMODULE h = GetModuleHandleA("NTDLL.DLL"); /// LJJ modified 2018.07.10

1 0

Re: (ITS#8875) [Patch] Performance problems in back-mdb with large DITs and many aliases
by hyc＠symas.com 09 Jul '18

09 Jul '18

quanah(a)symas.com wrote: > --On Friday, July 06, 2018 11:20 PM +0000 hbohnenkamp(a)united-internet.de > wrote: > >> Full_Name: Henrik Bohnenkamp >> Version: >= 2.4.44, HEAD >> OS: Ubuntu 18.04, Coreos 7.5 >> URL: https://github.com/hbo/openldap-mdb-deref-problem >> Submission from: (NULL) (77.176.95.241) >> >> >> This is a followup to >> http://www.openldap.org/lists/openldap-technical/201805/msg00065.html > > Note that this is duplicate of ITS#7657. We may have to consider this for 2.5; since it changes the format of the dn2id index it's not something we can easily put in at this late stage of 2.4. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8875) [Patch] Performance problems in back-mdb with large DITs and many aliases
by quanah＠symas.com 06 Jul '18

06 Jul '18

--On Friday, July 06, 2018 11:20 PM +0000 hbohnenkamp(a)united-internet.de wrote: > Full_Name: Henrik Bohnenkamp > Version: >= 2.4.44, HEAD > OS: Ubuntu 18.04, Coreos 7.5 > URL: https://github.com/hbo/openldap-mdb-deref-problem > Submission from: (NULL) (77.176.95.241) > > > This is a followup to > http://www.openldap.org/lists/openldap-technical/201805/msg00065.html Note that this is duplicate of ITS#7657. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8875) [Patch] Performance problems in back-mdb with large DITs and many aliases
by hbohnenkamp＠united-internet.de 06 Jul '18

06 Jul '18

Full_Name: Henrik Bohnenkamp Version: >= 2.4.44, HEAD OS: Ubuntu 18.04, Coreos 7.5 URL: https://github.com/hbo/openldap-mdb-deref-problem Submission from: (NULL) (77.176.95.241) This is a followup to http://www.openldap.org/lists/openldap-technical/201805/msg00065.html When MDB is used as backend database and with large DITs (O(10^6)) with many alias entries (O(10^5)), search requests with deref=always and scope=sub will take prohibitively long. Servers with a high request rate might become utterly unresponsive. This problem is not present in the HDB backend. In this issue I want to contribute two things: - a means to demonstrate the problem; this in the form of two scripts (bash/python) which set up a large test DIT and start two slapds (one HDB, one MDB) to allow easy comparisons of the performance - a patch to fix the problem The patch is certainly not production ready (or, if it is, it needs still exhaustive testing to inspire confidence), however, I think it is far enough to at least discuss the approach. Both the scripts and the patch, together with instructions how to use the former can be found here: https://github.com/hbo/openldap-mdb-deref-problem I am looking forward to discuss the patch.

1 0

Re: (ITS#8874) --with-fetch incorrectly links libcom_err
by hyc＠symas.com 06 Jul '18

06 Jul '18

quanah(a)openldap.org wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.4.46 > OS: FreeBSD 11 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (47.208.148.239) > > > When building OpenLDAP on FreeBSD where the fetch library is available, slapd > picks up a dependency on libcom_err which shouldn't exist. > > This comes in from lines 934 and 944 of build/openldap.m4: > 934 LIBS="-lfetch -lcom_err $LIBS" > 944 ol_link_fetch="-lfetch -lcom_err" > > These should be updated appropriately and configure regenerated Careful here. There may still be releases of FreeBSD that linked libfetch against com_err, for whatever reason. You'd need to check that libfetch exists, and then check that linking against libfetch by itself succeeds or fails. (And if it fails, put com_err back in and try again.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs July 2018