openldap-bugs September 2020

openldap-bugs@openldap.org

4 participants
300 discussions

[Issue 6136] replicated slapd.d interrupts syncrepl refresh
by openldap-its＠openldap.org 08 Sep '20

08 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=6136 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |replication -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 08 Sep '20

08 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |replication -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5973] Syncrepl can update more than one csn value
by openldap-its＠openldap.org 08 Sep '20

08 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=5973 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |replication -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8125] MMR throws away valid changes causing drift
by openldap-its＠openldap.org 08 Sep '20

08 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8125 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |replication -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8769] Docs: Fix oid search extension syntax
by openldap-its＠openldap.org 04 Sep '20

04 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8769 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST Keywords|has_patch, OL_2_5_REQ | --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • c8ba729f by Lukas Juhrich at 2020-09-04T22:39:53+00:00 Issue#8769 - Fix oid search extension syntax in documentation -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 04 Sep '20

04 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9043 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.4.53 Resolution|TEST |FIXED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • ef3c62e7 by Ondřej Kuzník at 2020-09-03T23:11:41+00:00 ITS#9043 Improve replication loggging 3 changed files: • servers/slapd/ctxcsn.c • servers/slapd/overlays/syncprov.c • servers/slapd/syncrepl.c -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9336] New: Add native support for SASL/EXTERNAL to the client tools
by openldap-its＠openldap.org 04 Sep '20

04 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9336 Issue ID: 9336 Summary: Add native support for SASL/EXTERNAL to the client tools Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- While slapd has built in support for SASL/EXTERNAL if built without Cyrus SASL support, the client tools lack this support. This means you end up in a scenario where you can only use SASL/EXTERNAL on the client side if cyrus-sasl is linked in, but the server can function without it. This lack of support on the client side also prevents validation of the server side SASL/EXTERNAL support in the test suite, since we can't use ldapwhoami, etc, to confirm SASL/EXTERNAL is functioning correctly. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8047] TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
by openldap-its＠openldap.org 03 Sep '20

03 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8047 --- Comment #8 from Allen Zhang <allen.zhang(a)audiocodes.com> --- We have some new findings as below. We tested two scenarios: The first test has a setup as below: 1. the server's IP is accessible. 2. server listens on the port but no response to any incoming data (so no ssl) Test result: ldapsearch will not timeout whatever timeout value we set. The second test has a setup below: 1. the server's IP is NOT accessible. Test result: ldapsearch will timeout only after TCP timeout (about 120 seconds) but not timeout at the timeout value we set. With our "fix version", ldapsearch will timeout according to our timeout value. So we believe there are two issues in the implementation. 1. No timeout for TCP connection(when startTLS is used) -- this is a bug. 2. No timeout for ssl connection. this is an openssl lib limitation. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9302] New: ppolicy pwdFailureTime race condition leaves acccount unlocked, violating pwdLockout policy
by openldap-its＠openldap.org 03 Sep '20

03 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9302 Issue ID: 9302 Summary: ppolicy pwdFailureTime race condition leaves acccount unlocked, violating pwdLockout policy Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: requate(a)univention.de Target Milestone: --- Multiple concurrent ldap binds with invalid passwords against a user account sometimes don't trigger account lockout, even though the number of failed attempts exceeds the configured pwdLockout policy of the ppolicy overlay. How to reproduce: 1. Configure ppolicy overlay with pwdLockout: TRUE 2. set pwdMaxFailure to some value, e.g. 5 3. Create a test user account and start just enough (or more) parallel ldapsearch processes to make the account get locked, e.g. like this in bash/sh (note the backgrounding): for i in $(seq 6); do ldapsearch -x -D "uid=testuser1,$ldap_base" -w invalid >/dev/null 2>&1 & done 4. Check relevant ppolicy attributes, like: ldapsearch -x -H LDAPI:// -b "uid=testuser1,$ldap_base" + \ grep -E '^(pwdFailureTime|pwdAccountLockedTime):' This often shows no pwdAccountLockedTime but enough (or more) pwdFailureTime values to meet the lockout policy. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9320] New: ldapsearch nettimeout doesn't work with startTls when the server address is not reachable
by openldap-its＠openldap.org 03 Sep '20

03 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=9320 Issue ID: 9320 Summary: ldapsearch nettimeout doesn't work with startTls when the server address is not reachable Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: allen.zhang(a)audiocodes.com Target Milestone: --- We found that ldapsearch doesn't return with failure according to the nettimeout when the server address is not valid. it fails only after TCP timeout (about 120 seconds in my environment). we dug into in to the source code and found that : in common.c, we set the nettimeout after ldap_start_tls_s is called. We tried to call "ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, (void *) &nettimeout )" before ldap_start_tls_s and it works well! -- You are receiving this mail because: You are on the CC list for the issue.

1 11

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2020