openldap-bugs November 2021

openldap-bugs@openldap.org

1 participants
114 discussions

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 15 Nov '21

15 Nov '21

https://bugs.openldap.org/show_bug.cgi?id=8255 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.1 |2.6.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9744] New: Phoenix American Financial Services
by openldap-its＠openldap.org 10 Nov '21

10 Nov '21

https://bugs.openldap.org/show_bug.cgi?id=9744 Issue ID: 9744 Summary: Phoenix American Financial Services Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: robertleemaxpro(a)gmail.com Target Milestone: --- Phoenix American Financial Services provides full-service fund administration, fund accounting, transfer agent and investor services as well as sales and marketing reporting to fund sponsors in the alternative investment industry. Visit site: https://www.phxa.com/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9741] New: Meaningless out-of-bound read in ldif-filter.c
by openldap-its＠openldap.org 08 Nov '21

08 Nov '21

https://bugs.openldap.org/show_bug.cgi?id=9741 Issue ID: 9741 Summary: Meaningless out-of-bound read in ldif-filter.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: matthias.st.pierre(a)ncp-e.com Target Milestone: --- I just stumbled over the following compiler warning in ldif-filter.c (see [1]): 14:10:41 ldif-filter.c:209:16: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] 14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line) */ 14:10:41 ~~~~~~~^~~ 14:10:41 ldif-filter.c:209:16: note: use array indexing to silence this warning 14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line) */ 14:10:41 ^ 14:10:41 & [ ] While the expression is valid pointer arithmetic, it does not make sense to me, because it calculates some (possibly negative) offset to the literal string "\r\n" in memory, not the address of the beginning of some line, as the comment `sep = copy(line)` suggests. (Originally added in commit [2]). [1] https://git.openldap.org/openldap/openldap/-/blob/master/tests/progs/ldif-f… [2] https://git.openldap.org/openldap/openldap/-/commit/725743abdb -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9734] New: database ldap does not use SSL client certs as configured
by openldap-its＠openldap.org 03 Nov '21

03 Nov '21

https://bugs.openldap.org/show_bug.cgi?id=9734 Issue ID: 9734 Summary: database ldap does not use SSL client certs as configured Product: OpenLDAP Version: unspecified Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: daniel(a)ylitalo.io Target Milestone: --- Created attachment 849 --> https://bugs.openldap.org/attachment.cgi?id=849&action=edit Generated config I'm trying to setup openldap to proxy against our account on ldap.google.com with backend ldap but it does not seem like slapd uses the client cert and key eventhough it's configured. I'm receiving response "result: 50 Insufficient access" from local proxy/google and the only way you can get that response is by not providing the client cert and key. I'm attaching the config used and the slapd.conf used to generate this config, as you can see the olcDbStartTLS options are there in the ldif file but seems not to be used. (I've replaced our suffix with example.com) The debug log entry is; Nov 02 10:26:20 dev.example.com slapd[864482]:conn=1012 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=daniel.ylitalo)" Nov 02 10:26:20 dev.example.com slapd[864482]: ==> limits_get: conn=1012 op=1 self="[anonymous]" this="dc=example,dc=com" Nov 02 10:26:20 dev.example.com slapd[864482]: =>ldap_back_getconn: conn 0x7fb6101044b0 fetched refcnt=1. Nov 02 10:26:20 dev.example.com slapd[864482]: => ldap_back_munge_filter "(uid=daniel.ylitalo)" Nov 02 10:26:20 dev.example.com slapd[864482]: <= ldap_back_munge_filter "(uid=daniel.ylitalo)" (0) Nov 02 10:26:20 dev.example.com slapd[864482]: conn=1012 op=1 ldap_back_retry: retrying URI="ldaps://ldap.google.com:636" DN="" Nov 02 10:26:20 dev.example.com slapd[864482]: => ldap_back_munge_filter "(uid=daniel.ylitalo)" Nov 02 10:26:20 dev.example.com slapd[864482]: <= ldap_back_munge_filter "(uid=daniel.ylitalo)" (0) Nov 02 10:26:20 dev.example.com slapd[864482]: send_ldap_result: conn=1012 op=1 p=3 Nov 02 10:26:20 dev.example.com slapd[864482]: send_ldap_result: err=50 matched="" text="" Nov 02 10:26:20 dev.example.com slapd[864482]: send_ldap_response: msgid=2 tag=101 err=50 Nov 02 10:26:20 dev.example.com slapd[864482]: conn=1012 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text= While using ldapsearch against same endpoint works just fine with the certs; LDAPTLS_CERT=/etc/ldap/google.crt LDAPTLS_KEY=/etc/ldap/google.key ldapsearch -H ldaps://ldap.google.com -b dc=example,dc=com '(uid=daniel.ylitalo)' -- You are receiving this mail because: You are on the CC list for the issue.

1 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2021