openldap-bugs September 2020

openldap-bugs@openldap.org

4 participants
300 discussions

[Issue 9317] New: LDAPS connection fails to multi-IP DNS using DIGEST-MD5 mechanism
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9317 Issue ID: 9317 Summary: LDAPS connection fails to multi-IP DNS using DIGEST-MD5 mechanism Product: OpenLDAP Version: 2.4.46 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: paul.raines(a)gmail.com Target Milestone: --- Our MS AD ldap servers are in DNS using alias ldap.example.org at multiple IP addresses like so: # host ldap.example.org ldap.example.org has address 172.18.1.10 ldap.example.org has address 172.21.1.10 ldap.example.org has address 172.24.1.10 ldap.example.org has address 172.30.1.10 For CentOS 6 this was not a problem. But with CentOS 7 (2.4.44) and CentOS 8 (2.4.46) the following fails # ldapwhoami -d -1 -H ldaps://ldap.example.org -Y DIGEST-MD5 -U username -W with the error: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 80090303: LdapErr: DSID-0C090574, comment: The digest-uri does not match any LDAP SPN's registered for this server., data 0, v3839 ldap_free_connection 1 1 ldap_send_unbind If one reverse DNS IP lookups one of the IPs and uses the unique name (e.g. ldap01.example.org) instead it works fine I think openldap should work in this case with DNS aliases. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9315] New: FR: Support SPIFFE Certificate Provisioner
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9315 Issue ID: 9315 Summary: FR: Support SPIFFE Certificate Provisioner Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: dar(a)xoe.solutions Target Milestone: --- Created attachment 754 --> https://bugs.openldap.org/attachment.cgi?id=754&action=edit A SPIFFE samle certificate SPIFFE is a protocol for attesting workload identities. It implements a pull based workflow where clients request ad-hoc certificates about their identity from a unix domain socket. While there is a helper that can wrap clients it is uncertain how certificate rolls, which happen by default every few minutes, shall be signalled to the ldap client: https://github.com/spiffe/spiffe-helper I assume there is no signal which induces graceful reloading of the certificates. Therefore, it might be considerable adding direct spiffe support to the ldap client. See example: https://github.com/spiffe/c-spiffe/blob/master/c-spiffe.cc Please find attached a spiffe sample cert, for mere information. Note it does convey identity (exclusively) through SAN, which currently seems not be supported in OpenLDAP. I'm going to open another issue for that. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9310] New: slapd segmends when creating a new mdb database
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9310 Issue ID: 9310 Summary: slapd segmends when creating a new mdb database Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: p.childs(a)qmul.ac.uk Target Milestone: --- I'm attempting to upgrade out current openldap server from our rather old openldap running under SL6 onto something slightly more modern. I'm looking to start using multimaster and mdb rather than bdb etc etc. When I try and enable delta-replication to use mdb using I'm getting a segmentation fault. Thanks in advance. Peter Childs [ 5375.411805] slapd[8207]: segfault at 50 ip 00007fdf8846eb6c sp 00007fdf6da4cc90 error 4 in liblber-2.4.so.2.10.13[7fdf88466000+e000] 5f311f55 send_ldap_result: err=0 matched="" text="" 5f311f55 connection_get(15) 5f311f55 conn=1000 op=1 do_add: dn (olcDatabase={3}mdb,cn=config) => ldap_bv2dn(olcDatabase={3}mdb,cn=config,0) <= ldap_bv2dn(olcDatabase={3}mdb,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={3}mdb,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcDatabase={3}mdb,cn=config)=0 => ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 5f311f55 register_at: AttributeType "( olmMDBAttributes:1 NAME ( 'olmMDBPagesMax' ) DESC 'Maximum number of pages' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )": Inconsistent duplicate attributeType, 5f311f55 mdb_monitor_initialize: register_at failed for attributeType (( olmMDBAttributes:1 NAME ( 'olmMDBPagesMax' ) DESC 'Maximum number of pages' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )) => ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_bv2dn(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk,0) <= ldap_bv2dn(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk)=0 => ldap_bv2dn(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk,0) <= ldap_bv2dn(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk)=0 => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 5f311f55 mdb_db_open: "cn=accesslog" Segmentation fault (core dumped) this is after apply the following ldif dn: olcDatabase={3}mdb,cn=config changetype: add objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {3}mdb olcDbDirectory: /var/lib/ldap-accesslog olcSuffix: cn=accesslog olcAccess: {0}to dn.subtree="cn=accesslog" by dn.exact="cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk" read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcLimits: dn.exact="cn=replica,dc=hpc,dc=qmul,dc=ac,dc=uk" time=unlimited size=unlimited olcSizeLimit: unlimited olcTimeLimit: unlimited olcMonitoring: TRUE olcDbCheckpoint: 0 0 olcDbIndex: entryCSN eq olcDbIndex: objectClass eq olcDbIndex: reqEnd eq olcDbIndex: reqResult eq olcDbIndex: reqStart eq olcDbIndex: reqDN eq olcDbMode: 0600 olcDbSearchStack: 16 olcDbMaxsize: 85899345920 -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9306] New: clang UndefinedBehaviorSanitizer report
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9306 Issue ID: 9306 Summary: clang UndefinedBehaviorSanitizer report Product: LMDB Version: 0.9.24 Hardware: x86_64 OS: Mac OS Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: AskAlexSharov(a)gmail.com Target Milestone: --- Hello. We using LMDB from Golang application. Clang compiler with flag "-fsanitize=undefined" shows next report: mdb.c:7544:26: runtime error: member access within misaligned address 0x00d24759d53a for type 'MDB_page' (aka 'struct MDB_page'), which requires 8 byte alignment 0x00d24759d53a: note: pointer points here 00 00 00 01 c4 49 00 01 00 00 00 00 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7544:26 in mdb.c:7544:26: runtime error: member access within misaligned address 0x00d24759d546 for type 'union (anonymous union at mdb.c:826:2)', which requires 4 byte alignment 0x00d24759d546: note: pointer points here 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 c8 00 20 00 00 00 00 00 00 00 21 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7544:26 in mdb.c:7544:26: runtime error: member access within misaligned address 0x00d24759d546 for type 'struct (anonymous struct at mdb.c:827:3)', which requires 4 byte alignment 0x00d24759d546: note: pointer points here 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 c8 00 20 00 00 00 00 00 00 00 21 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7544:26 in mdb.c:7544:26: runtime error: load of misaligned address 0x00d24759d546 for type 'indx_t' (aka 'unsigned short'), which requires 4 byte alignment 0x00d24759d546: note: pointer points here 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 c8 00 20 00 00 00 00 00 00 00 21 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7544:26 in mdb.c:7545:3: runtime error: member access within misaligned address 0x00d24759d53a for type 'MDB_page' (aka 'struct MDB_page'), which requires 8 byte alignment 0x00d24759d53a: note: pointer points here 00 00 00 01 c4 49 00 01 00 00 00 00 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7545:3 in mdb.c:7545:3: runtime error: member access within misaligned address 0x00d24759d53a for type 'union (anonymous union at mdb.c:802:2)', which requires 8 byte alignment 0x00d24759d53a: note: pointer points here 00 00 00 01 c4 49 00 01 00 00 00 00 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mdb.c:7545:3 in mdb.c:7545:3: runtime error: load of misaligned address 0x00d24759d53a for type 'pgno_t' (aka 'unsigned long'), which requires 8 byte alignment 0x00d24759d53a: note: pointer points here 00 00 00 01 c4 49 00 01 00 00 00 00 00 00 52 00 20 00 20 00 6a 01 2e 01 f2 00 4a 00 9e 00 74 00 ^ -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9286] New: mdb_cursor_get MDB_GET_MULTIPLE key not populated
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9286 Issue ID: 9286 Summary: mdb_cursor_get MDB_GET_MULTIPLE key not populated Product: LMDB Version: 0.9.25 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: corey(a)kaylors.net Target Milestone: --- Reading the docs it says "Return key and up to a page of duplicate data items from current cursor position." when MDB_GET_MULTIPLE is used. I don't see the key being populated, but when I call MDB_GET_CURRENT after the use of MDB_GET_MULTIPLE the key is the value I expect. Looking through the code I don't see the key getting used in this path. Granted, I'm not proficient with C so I may have overlooked something. -- You are receiving this mail because: You are on the CC list for the issue.

2 5

[Issue 9268] New: Test065 fails due to invalid log level
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9268 Issue ID: 9268 Summary: Test065 fails due to invalid log level Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: andy(a)asjohnson.com Target Milestone: --- Line #109 of tests/scripts/test065-proxyauthz: $SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 & Results in this: must compile with LDAP_DEBUG for debugging unrecognized log level "pcache" (deferred) After which the test fails. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Bug 9250] New: librewrite only supports up to 9 submatches
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9250 Bug ID: 9250 Summary: librewrite only supports up to 9 submatches Product: OpenLDAP Version: 2.4.49 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: ryan(a)openldap.org Target Milestone: --- libraries/librewrite$ cat nine.conf rewriteEngine on rewriteContext default rewriteRule "(.)(.)(.)(.)(.)(.)(.)(.)(.)" "$9$8$7$6$5$4$3$2$1" : libraries/librewrite$ ./rewrite -f nine.conf abcdefghijklmnop abcdefghijklmnop -> ihgfedcba [0:ok] libraries/librewrite$ cat eleven.conf rewriteEngine on rewriteContext default rewriteRule "(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)" "$11$10$9$8$7$6$5$4$3$2$1" : libraries/librewrite$ ./rewrite -f eleven.conf abcdefghijklmnop abcdefghijklmnop -> a1a0ihgfedcba [0:ok] I guess no one has needed that many yet... :) -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 9185] New: glue entry
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9185 Bug ID: 9185 Summary: glue entry Product: OpenLDAP Version: 2.4.48 Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: gnoe(a)symas.com Target Milestone: --- -- You are receiving this mail because: You are watching someone on the CC list of the bug.

1 4

[Issue 8805] Documentation for LDAP_OPT_X_TLS_NEWCTX is wrong
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8805 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8113] Missing man page information for ldap_str2dn
by openldap-its＠openldap.org 17 Sep '20

17 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8113 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
...
19
20
21
22
23
24
25
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2020