openldap-bugs January 2019

openldap-bugs@openldap.org

21 participants
77 discussions

(ITS#8969) LMDB page_split tweak
by hyc＠openldap.org 30 Jan '19

30 Jan '19

Full_Name: Howard Chu Version: LMDB 0.9 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.233.38.213) Submitted by: hyc In mdb_page_split, we should use the fine-grained search for split point a little more often, to avoid MDB_PAGE_FULL errors.

1 0

(ITS#8968) Async connect mode does not work on Solaris
by vsmith＠interlinknetworks.com 30 Jan '19

30 Jan '19

Full_Name: Vernon Smith Version: 2.4.47 OS: Solaris 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2601:40d:4300:679a:c0c9:ced:d06f:39a4) I have managed to upgrade to version 2.4.47 libldap libraries using the Linux OS and async connect mode works fine. But when I tried to upgrade to 2.4.47 using Solaris OS and use async connect mode, no connections could be established to the ldap server. The libldap code did not even send the ldap request to the ldap server. The ldap debug trace showed it just freeing the request and returned an unable to connect. I traced the issue to the routine ldap_int_flush_request which checks the sock_errno return code for EAGAIN but Solaris 10 returns ENOTCONN. This error code seems to mean the same thing as EAGAIN. I changed the code to test for either return code and the async connect works for both Linux and Solaris now. Here is may patch. diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c index 9355d7e..321b79f 100644 --- a/libraries/libldap/request.c +++ b/libraries/libldap/request.c @@ -184,7 +184,7 @@ ldap_int_flush_request( LDAP_ASSERT_MUTEX_OWNER( &ld->ld_conn_mutex ); if ( ber_flush2( lc->lconn_sb, lr->lr_ber, LBER_FLUSH_FREE_NEVER ) != 0 ) { - if ( sock_errno() == EAGAIN ) { + if (( sock_errno() == EAGAIN ) || ( sock_errno() == ENOTCONN )) { /* need to continue write later */ lr->lr_status = LDAP_REQST_WRITING; ldap_mark_select_write( ld, lc->lconn_sb ); Thanks, Vern

1 0

(ITS#8967) back-mdb "unchecked" limit broken vs. search scope
by h.b.furuseth＠usit.uio.no 30 Jan '19

30 Jan '19

Full_Name: Hallvard Breien Furuseth Version: 2.4.47 OS: Linux URL: Submission from: (NULL) (2001:700:100:202::105) The size.unchecked limit does not seem to consider search scope other than 'base' in back-mdb. $ ldapsearch -LLL -xh localhost:3890 -b l=there '(l=over)' 1.1 dn: l=over,l=here,l=there $ ldapsearch -LLL -xh localhost:3890 -b l=over,l=here,l=there 1.1 Administrative limit exceeded (11) $ ldapsearch -LLL -xh localhost:3890 -b l=over,l=here,l=there -s base 1.1 dn: l=over,l=here,l=there $ cat test.ldif dn: l=there objectClass: locality dn: l=here,l=there objectClass: locality dn: l=over,l=here,l=there objectClass: locality dn: l=under,l=here,l=there objectClass: locality $ cat test.conf include schema/core.schema loglevel 0 sizelimit size.unchecked=3 database mdb directory test.db suffix l=there index l,objectClass eq

1 0

Re: (ITS#8957)
by quanah＠symas.com 30 Jan '19

30 Jan '19

--On Wednesday, January 30, 2019 1:44 AM -0500 Vernon Smith <vsmith(a)interlinknetworks.com> wrote: > I Tried to upload it to the openldap ftp server but was not successful so > I am trying the patch again here. > > diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c > index bb81d86..20b3dfc 100644 > --- a/libraries/libldap/open.c > +++ b/libraries/libldap/open.c > @@ -489,7 +489,7 @@ ldap_int_open_connection( > #endif > > #ifdef HAVE_TLS > - if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || > + if ((rc == 0 || rc == -2) && ( ld->ld_options.ldo_tls_mode == > LDAP_OPT_X_TLS_HARD || strcmp( srv->lud_scheme, "ldaps" ) == 0 )) > { > ++conn->lconn_refcnt; /* avoid premature free */ That worked, thanks! --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8957)
by vsmith＠interlinknetworks.com 29 Jan '19

29 Jan '19

I Tried to upload it to the openldap ftp server but was not successful so I am trying the patch again here. diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index bb81d86..20b3dfc 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -489,7 +489,7 @@ ldap_int_open_connection( #endif #ifdef HAVE_TLS - if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || + if ((rc == 0 || rc == -2) && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || strcmp( srv->lud_scheme, "ldaps" ) == 0 )) { ++conn->lconn_refcnt; /* avoid premature free */ Thanks, Vern On Tue, January 29, 2019 12:29 pm, Quanah Gibson-Mount wrote: > --On Tuesday, January 29, 2019 4:51 PM +0000 vsmith(a)interlinknetworks.com > wrote: > > > > >> --- openldap-2.4.47/libraries/libldap/open.c?????? 2018-12-19 >> 10:57:06.000000000 -0500 >> +++ openldap-2.4.47.mod/libraries/libldap/open.c?????? 2019-01-26 >> 18:24:48.000000000 -0500 >> @@ -440,7 +440,7 @@ >> ??#endif >> >> >> ??#ifdef HAVE_TLS >> -?????? if (rc == 0 && ( ld->ld_options.ldo_tls_mode == >> LDAP_OPT_X_TLS_HARD || +?????? if ((rc == 0 || rc == -2) && ( >> ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || ???????? ?????? strcmp( >> srv->lud_scheme, "ldaps" ) == 0 )) ???????? { >> ???????? ?????? ++conn->lconn_refcnt;?????? /* avoid premature free */ >> > > This is not a valid patch. I don't know if it's your email client that is > destroying the patch? I suggest uploading it to the FTP site and responding with the > link to the file. > > Thanks, > Quanah > > > > -- > > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > > >

1 0

(ITS#8966) changelog support for syncrepl
by hyc＠openldap.org 29 Jan '19

29 Jan '19

Full_Name: Howard Chu Version: 2.5 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.233.38.213) Submitted by: hyc The syncrepl consumer has had stubs for changelog support ever since delta-syncrepl was added using the accesslog overlay. Time to flesh out the rest of it.

1 0

Re: (ITS#8957)
by quanah＠symas.com 29 Jan '19

29 Jan '19

--On Tuesday, January 29, 2019 4:51 PM +0000 vsmith(a)interlinknetworks.com wrote: > --- openldap-2.4.47/libraries/libldap/open.c?????? 2018-12-19 > 10:57:06.000000000 -0500 > +++ openldap-2.4.47.mod/libraries/libldap/open.c?????? 2019-01-26 > 18:24:48.000000000 -0500 > @@ -440,7 +440,7 @@ > ??#endif > > ??#ifdef HAVE_TLS > -?????? if (rc == 0 && ( ld->ld_options.ldo_tls_mode == > LDAP_OPT_X_TLS_HARD || +?????? if ((rc == 0 || rc == -2) && ( > ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || > ???????? ?????? strcmp( srv->lud_scheme, "ldaps" ) == 0 )) > ???????? { > ???????? ?????? ++conn->lconn_refcnt;?????? /* avoid premature free */ This is not a valid patch. I don't know if it's your email client that is destroying the patch? I suggest uploading it to the FTP site and responding with the link to the file. Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8957)
by vsmith＠interlinknetworks.com 29 Jan '19

29 Jan '19

I reviewed some of the initial discussion about this same issue which lead to this fix in version 2.4.26, "Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at the code that Ian Puleston suggested should be fixed in ldap_int_open_connection. This routine does have the code to do what was need for TSL to work but was not called since it received an error code of -2 not 0. The -2 simply indicated that this was an asynchronous call. I changed the test to call the TSL setup if the return code was either 0 or -2. This fixes my issue. Here is my patch. --- openldap-2.4.47/libraries/libldap/open.c 2018-12-19 10:57:06.000000000 -0500 +++ openldap-2.4.47.mod/libraries/libldap/open.c 2019-01-26 18:24:48.000000000 -0500 @@ -440,7 +440,7 @@ #endif #ifdef HAVE_TLS - if (rc == 0 && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || + if ((rc == 0 || rc == -2) && ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || strcmp( srv->lud_scheme, "ldaps" ) == 0 )) { ++conn->lconn_refcnt; /* avoid premature free */ Thanks, Vernon

1 0

(ITS#8965) ldap proxy segmentation fault
by praveen.adini＠fireeye.com 29 Jan '19

29 Jan '19

Full_Name: Praveen Adini Version: 2.4.47-r2 OS: Alpine Containers URL: Submission from: (NULL) (209.135.212.252) I'm trying to setup a openldap proxy wherein the proxy denies any search requests for uid=root. When i tried using the rwm overlay to stop the operation(#), i'm getting a segmentation fault although i see the unwilling to perform operation 53 message being printed. here is the snippet of the conf that i'm using. overlay rwm rwm-rewriteEngine on rwm-rewriteContext searchFilter rwm-rewriteRule "(.*)(uid=root)(.*)" "$1$2$3" "#"

1 0

Re: (ITS#8957)
by quanah＠symas.com 29 Jan '19

29 Jan '19

Hi, Please read: <https://www.openldap.org/devel/contributing.html> and re-submit the patch accordingly. Please do not use HTML email. Thanks! --On Tuesday, January 29, 2019 6:05 AM +0000 vsmith(a)interlinknetworks.com wrote: > <html> > <head> > > <meta http-equiv="content-type" content="text/html; charset=UTF-8"> > </head> > <body text="#000000" bgcolor="#FFFFFF"> > I reviewed some of the initial discussion > about this same issue which lead to this fix in version 2.4.26, > "Fixed libldap ASYNC TLS setup (ITS#6828)", and looked at > the code that Ian Puleston suggested should be fixed in > ldap_int_open_connection. This routine does have the code to do > what was need for TSL to work but was not called since it received > an error code of -2 not 0. The -2 simply indicated that this was > an asynchronous call. I changed the test to call the TSL setup if > the return code was either 0 or -2. This fixes my issue. Here is > my patch. > --- openldap-2.4.47/libraries/libldap/open.c?????? 2018-12-19 > 10:57:06.000000000 -0500 > +++ openldap-2.4.47.mod/libraries/libldap/open.c?????? 2019-01-26 > 18:24:48.000000000 -0500 > @@ -440,7 +440,7 @@ > ??#endif > ?? > ??#ifdef HAVE_TLS > -?????? if (rc == 0 && ( ld->ld_options.ldo_tls_mode == > LDAP_OPT_X_TLS_HARD || > +?????? if ((rc == 0 || rc == -2) && ( > ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || > ???????? ?????? strcmp( srv->lud_scheme, "ldaps" ) == 0 )) > ???????? { > ???????? ?????? ++conn->lconn_refcnt;?????? /* avoid premature > free */ > Thanks, > Vern > > </body> > </html> > > > -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2019