openldap-bugs August 2020

openldap-bugs@openldap.org

2 participants
185 discussions

[Issue 9321] New: ldapsearch nettimeout doesn't work with startTls when the server address is not reachable
by openldap-its＠openldap.org 21 Aug '20

21 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9321 Issue ID: 9321 Summary: ldapsearch nettimeout doesn't work with startTls when the server address is not reachable Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: allen.zhang(a)audiocodes.com Target Milestone: --- We found that ldapsearch doesn't return with failure according to the nettimeout when the server address is not valid. it fails only after TCP timeout (about 120 seconds in my environment). we dug into in to the source code and found that : in common.c, we set the nettimeout after ldap_start_tls_s is called. We tried to call "ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, (void *) &nettimeout )" before ldap_start_tls_s and it works well! -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 20 Aug '20

20 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9266 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- See also https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/t… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9266 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dar(a)xoe.solutions --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 9318 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9309] New: slapd exits on failed assertion in ppolicy.c: 912 ctrls_cleanup
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9309 Issue ID: 9309 Summary: slapd exits on failed assertion in ppolicy.c: 912 ctrls_cleanup Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: jakealexis(a)gmail.com Target Milestone: --- Created attachment 753 --> https://bugs.openldap.org/attachment.cgi?id=753&action=edit slapd debug -1 output When trying to authenticate against slapd, it exits with an assertion failure: `slapd: ppolicy.c:912: ctrls_cleanup: Assertion `rs->sr_ctrls != NULL' failed.` I have searched quite extensively, and have found multiple previous bug reports with similar symptoms, often to do with the ppolicy overlay. Most of these have been marked as closed and fixed, but I'm using the latest version and still getting the same problem. I have found one RedHat bug with similar symptoms that described it as a config error, but with no details of what the config error is - and the assert statement doesn't help me narrow it down. I have tested this on 2.4.46 and 2.4.50, same behaviour. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9308] New: slapo-allow contrib module increments uninitialized variable
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9308 Issue ID: 9308 Summary: slapo-allow contrib module increments uninitialized variable Product: OpenLDAP Version: 2.4.51 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Line 335 declares "i" with no default value line 345 increments it Need to fix the for loop at 339 to ensure it is initialized before incrementation -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9304] New: Archived-At: -> 404
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9304 Issue ID: 9304 Summary: Archived-At: -> 404 Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- I appreciate this mailing list message header: Archived-At: <https://openldap.org/hyperkitty/list/openldap-technical@openldap.org/messag…> But unfortunately the link returns 404. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9294] New: ppolicy and replication: Multiple values for pwdLockedTime in violation of schema
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9294 Issue ID: 9294 Summary: ppolicy and replication: Multiple values for pwdLockedTime in violation of schema Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- If you have the following setup, a replica can end up with user entries in a non-schema compliant state: a) ppolicy is configured on provider(s) and replicas. Replica has schemachecking=off in its syncrepl configuration b) account gets locked on the replica, so pwdAccountLockedTime is set on the replica but not on the provider(s) c) admin does a MOD/ADD op against a provider for the user entry to add a value to pwdAccountLockedTime dn: ... changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: ... d) provider accepts this modification. e) replica accepts this modification f) account entry on replica now has two values for pwdAccountLockedTime in violation of it being a single valued attribute: "( 1.3.6.1.4.1.42.2.27.8.1.17 " "NAME ( 'pwdAccountLockedTime' ) " "DESC 'The time an user account was locked' " "EQUALITY generalizedTimeMatch " "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE " -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9289] New: Broken link to dmoz.org
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9289 Issue ID: 9289 Summary: Broken link to dmoz.org Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: cleydyr(a)gmail.com Target Milestone: --- At https://www.openldap.org/doc/admin24/intro.html, there's the following paragraph: --- A web directory, such as provided by the Open Directory Project <http://dmoz.org>, is a good example of a directory service. These services catalog web pages and are specifically designed to support browsing and searching. --- However, the Dmoz site is not at http://dmoz.org anymore. The user is redirected to an error page of a AWS S3 service if they try to access the link. Currently Dmoz has an archived version at https://dmoz-odp.org/ -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9287] New: ldap_create cause 10s delay in some scenario
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9287 Issue ID: 9287 Summary: ldap_create cause 10s delay in some scenario Product: OpenLDAP Version: 2.4.44 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: happy.mu(a)nokia-sbell.com Target Milestone: --- hi LDAP guys there has some issue in our product when we integrate ipv6. scenario: ipv4 internal + ipv6 external after ldap search finish, we need build ldap message by ldap_create function. some times the ldap_create message will cause 10s delay. for example: the ldap search has 4 ocs, and only the first oc's ldap_create will cause 10s delay, the fellowing ocs is within 0.0001s. we just think it may because the mutext is global and locked by other thread. could you help on this ? LOGs: there has 10s delay, and only execute ldap_create between them. 2020/07/08-16:32:11.942114-[INFO] 13 (DBL) [DBL_LlbSearchResponse:76]LLB replied successfully with [4] entries 2020/07/08-16:32:11.942181- [INFO] 13 (DBL) [DBL_LlbSearchResponse:125]Entry Buffer[0] : l_entryBerBufferPtr="0x64820136xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" 2020/07/08-16:32:21.957488 [INFO] 13 (DBL) [DBL_LlbSearchResponse:138]Successfully created LDAP dummy handle -- You are receiving this mail because: You are on the CC list for the issue.

1 16

[Issue 9285] New: Expose ppolicy control in the rootDSE
by openldap-its＠openldap.org 19 Aug '20

19 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9285 Issue ID: 9285 Summary: Expose ppolicy control in the rootDSE Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Currently the rootDSE does not expose the ppolicy control when ppolicy is instantiated. Generally the project has had a policy of not exposing controls for items that are not on a released RFC/standard. However, at this point, ppolicy is widely used, been around for years, and (eventually) the draft should get finalized. It would be useful to expose the control at this point. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs August 2020