openldap-bugs May 2020

openldap-bugs@openldap.org

1 participants
131 discussions

[Bug 9257] New: Abstract attribute types can be instantiated
by openldap-its＠openldap.org 25 May '20

25 May '20

https://bugs.openldap.org/show_bug.cgi?id=9257 Bug ID: 9257 Summary: Abstract attribute types can be instantiated Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- If you add 'name' or 'distinguishedName' attributes somewhere they are added seamlessly. However, these attributes are SLAP_AT_ABSTRACT, which > slap.h: #define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Issue 9267] New: libldap incorrectly accepts IP addresses in cert subject field as valid
by openldap-its＠openldap.org 23 May '20

23 May '20

https://bugs.openldap.org/show_bug.cgi?id=9267 Issue ID: 9267 Summary: libldap incorrectly accepts IP addresses in cert subject field as valid Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- With a cert that has no subjectAltName, and has an IP address in the subject, ldap client connections are still made instead of rejected. This appears to violate RFC 4513, section 3.1.3: The server's identity may also be verified by comparing the reference identity to the Common Name (CN) [RFC4519] value in the leaf Relative Distinguished Name (RDN) of the subjectName field of the server's certificate. This comparison is performed using the rules for comparison of DNS names in Section 3.1.3.1, below, with the exception that no wildcard matching is allowed. Although the use of the Common Name value is existing practice, it is deprecated, and Certification Authorities are encouraged to provide subjectAltName values instead. Note that the TLS implementation may represent DNs in certificates according to X.500 or other conventions. For example, some X.500 implementations order the RDNs in a DN using a left-to-right (most significant to least significant) convention instead of LDAP's right-to-left convention. I do know we have an exception to the above in relation to wildcards in subject, since many CAs only issue certs that way (or at least did so at the time). However that still revolves around DNS names. The acceptance of IP addresses is a separate matter and seems like it should be treated as a bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 7501] added TCP keepalive support to back_ldap
by openldap-its＠openldap.org 22 May '20

22 May '20

https://bugs.openldap.org/show_bug.cgi?id=7501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |FIXED Target Milestone|2.5.0 |--- --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #10) > Need to confirm that dynamic config conversion still works. conversion works > Need to ensure similar support in back-meta (back-asyncmeta too?) Support exists > Need to examine the bits that use #if 0 (comment#1) Looks fine Fixed in 2.4.34 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9059] session log parsing triggers cascading REFRESH
by openldap-its＠openldap.org 22 May '20

22 May '20

https://bugs.openldap.org/show_bug.cgi?id=9059 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 709d805f by Ondřej Kuzník at 2020-05-22T16:57:53+00:00 ITS#9059 Skip mincsn check if sessionlog replay was successful • f3952d94 by Ondřej Kuzník at 2020-05-22T16:57:53+00:00 ITS#9059 Document why we do FIND_CSN -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9165] Paged search results on FreeBSD exceed static buffer
by openldap-its＠openldap.org 20 May '20

20 May '20

https://bugs.openldap.org/show_bug.cgi?id=9165 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Side note: there were no security issues with the code, but it did have room for improvement which has now been done. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9165] Paged search results on FreeBSD exceed static buffer
by openldap-its＠openldap.org 20 May '20

20 May '20

https://bugs.openldap.org/show_bug.cgi?id=9165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 57d5aefe by Howard Chu at 2020-05-20T19:58:28+01:00 ITS#9165 Fix pageedResults cookie printing -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

https://bugs.openldap.org/show_bug.cgi?id=8376 --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Suspending until someone cares to work on this. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

https://bugs.openldap.org/show_bug.cgi?id=8376 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

1 0

[Issue 8835] update admin guide to use "openssl rehash" instead of c_rehash
by openldap-its＠openldap.org 19 May '20

19 May '20

https://bugs.openldap.org/show_bug.cgi?id=8835 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Target Milestone|2.5.0 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
...
5
6
7
8
9
10
11
...
14
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2020