openldap-bugs February 2021

openldap-bugs@openldap.org

1 participants
523 discussions

[Issue 9433] New: ldapsearch -Z fails to continue when StartTLS fails
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9433 Issue ID: 9433 Summary: ldapsearch -Z fails to continue when StartTLS fails Product: OpenLDAP Version: 2.4.56 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- Created attachment 783 --> https://bugs.openldap.org/attachment.cgi?id=783&action=edit ldapsearch debug log When -Z is passed to an OpenLDAP utility, it will try to establish a TLS connection with StartTLS, and in case it fails to do so it should continue without the TLS layer. OpenLDAP version: openldap-2.4.56-4.fc34.x86_64 (but it also doesn't work on older versions too) How reproducible: Always Steps to Reproduce: 1. Run `ldapsearch ...' against a server and see successful operation result. 2. Run `ldapsearch -Z ...' against a server whose certificate is not trusted (e.g. a hostname mismatch) and observe it fails to connect as in point 1. Actual results: ~~~ ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate # and it hangs there ~~~ Expected results: The line ~~~ ldap_result: Can't contact LDAP server (-1) ~~~ is not present and the utility successfully continues with plain LDAP protocol as expected. Additional info: I'm attaching a full debug log (-d -1) to this bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Bug 9199] New: Disable IPv6 makes listener work on IP address but hostname or localhost
by openldap-its＠openldap.org 02 Mar '21

02 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9199 Bug ID: 9199 Summary: Disable IPv6 makes listener work on IP address but hostname or localhost Product: OpenLDAP Version: 2.4.49 Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: st-wong(a)cuhk.edu.hk Target Milestone: --- Hi, We're compiling 2.4.49 on CentOS8. Make test fails at "test000-rootdse" with error Can't contact LDAP server. Debug log shows error "Address already in use". We're quite sure the port (9011) is not in use. Starting slapd with test command verified the error: ../servers/slapd/slapd -f testrun/slapd.1.conf -h ldap://localhost:9011 Found that it's okay to start slapd if listener URL is using IP address instead. Checked ldap_url_parse* call may not work as expected with V6 disabled (configure option --disable-ipv6). Re-do configuration and make without "--disable-ipv6" works as expected. Would you help? Thanks. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 9192] New: slapo-rwm: assert triggered with invalid UUID filter
by openldap-its＠openldap.org 02 Mar '21

02 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9192 Bug ID: 9192 Summary: slapo-rwm: assert triggered with invalid UUID filter Product: OpenLDAP Version: 2.4.48 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- slapo-rwm triggers an assert when a filter with an invalid UUID syntax is used. For example: /opt/symas/bin/ldapsearch -x -H ldaps://ldap0.example.com -D "cn=admin,dc=example,dc=com" -W -b dc=example,dc=com idmUUID=b58540b2-f16c-41c9-8147-83068004dd0a,ou=People,dc=example,dc=com Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: idmUUID=b58540b2-f16c-41c9-8147-83068004dd0a,ou=People,dc=example,dc=com # requesting: ALL # The above search will trigger an assert. Note that idmUUID is a custom attribute defined as: # idmUUID attributetype ( 1.3.6.1.4.1.29179.2.3.3 NAME 'idmUUID' DESC 'RFC4122 Univeral Unique Identifier for idM' EQUALITY uuidMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) which is using the RFC4530 definition for UUID. On the slapd side, we see: #4 0x0000000000468650 in UUIDNormalize (usage=<optimized out>, syntax=<optimized out>, mr=<optimized out>, val=0x7f1c58003110, normalized=0x7f1c677fc5c0, ctx=<optimized out>) at /home/build/sold/openldap/servers/slapd/schema_init.c:3019 No locals. #5 0x00007f447599c55d in map_attr_value (dc=dc@entry=0x7f1c677fc730, adp=adp@entry=0x7f1c677fc658, mapped_attr=mapped_attr@entry=0x7f1c677fc660, value=0x7f1c58003110, mapped_value=mapped_value@entry=0x7f1c677fc670, memctx=0x7f1c58002810, remap=0) at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:471 vtmp = {bv_len = 0, bv_val = 0x0} freeval = 0 ad = 0x1947630 mapping = 0x0 #6 0x00007f447599ccc6 in rwm_int_filter_map_rewrite (op=op@entry=0x7f1c580028f0, dc=dc@entry=0x7f1c677fc730, f=0x7f1c58003170, fstr=fstr@entry=0x7f1c677fc720) at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:559 i = <optimized out> p = <optimized out> ad = 0x1947630 atmp = {bv_len = 7, bv_val = 0x1900bb0 "idmUUID"} vtmp = {bv_len = 139759712219536, bv_val = 0x7f1c58003240 "c"} tmp = <optimized out> ber_bvfalse = {bv_len = 18, bv_val = 0x7f447599f816 "(!(objectClass=*))"} ber_bvtf_false = {bv_len = 3, bv_val = 0x7f447599f829 "(|)"} ber_bvtrue = {bv_len = 15, bv_val = 0x7f447599f802 "(objectClass=*)"} ber_bvtf_true = {bv_len = 3, bv_val = 0x7f447599f812 "(&)"} ber_bverror = {bv_len = 9, bv_val = 0x7f447599f7f8 "(?=error)"} ber_bvunknown = {bv_len = 11, bv_val = 0x7f447599f7ec "(?=unknown)"} ber_bvnone = {bv_len = 8, bv_val = 0x7f447599f82d "(?=none)"} len = <optimized out> __PRETTY_FUNCTION__ = "rwm_int_filter_map_rewrite" #7 0x00007f447599d7a8 in rwm_filter_map_rewrite (op=op@entry=0x7f1c580028f0, dc=dc@entry=0x7f1c677fc730, f=<optimized out>, fstr=fstr@entry=0x7f1c677fc720) at /home/build/sold/openldap/servers/slapd/overlays/rwmmap.c:824 rc = <optimized out> fdc = <optimized out> ftmp = {bv_len = 26355712, bv_val = 0x7f4475224500 "\002"} #8 0x00007f4475999c5b in rwm_op_search (op=0x7f1c580028f0, rs=0x7f1c677fda60) at /home/build/sold/openldap/servers/slapd/overlays/rwm.c:976 on = 0x1922620 rwmap = 0x1922800 rc = 0 dc = {rwmap = 0x1922800, conn = 0x7f4475224500, ctx = 0x7f447599f090 "searchFilterAttrDN", rs = 0x7f1c677fda60} fstr = {bv_len = 0, bv_val = 0x0} f = 0x0 an = 0x0 text = 0x0 roc = 0x7f1c58003218 #9 0x000000000049776a in overlay_op_walk (op=op@entry=0x7f1c580028f0, rs=rs@entry=0x7f1c677fda60, which=which@entry=op_search, oi=oi@entry=0x1924430, on=0x1922620) at /home/build/sold/openldap/servers/slapd/backover.c:671 func = 0x1922678 rc = 32768 #10 0x00000000004978be in over_op_func (op=0x7f1c580028f0, rs=0x7f1c677fda60, which=op_search) at /home/build/sold/openldap/servers/slapd/backover.c:747 oi = 0x1924430 on = <optimized out> be = 0x728420 <slap_frontendDB> db = {bd_info = 0x1922620, bd_self = 0x728420 <slap_frontendDB>, be_ctrls = "\000", '\001' <repeats 17 times>, '\000' <repeats 14 times>, be_flags = 768, be_restrictops = 0, be_requires = 0, be_ssf_set = {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x18cb690, be_nsuffix = 0x18cb6e0, be_schemadn = {bv_len = 12, bv_val = 0x1955c20 "cn=Subschema"}, be_schemandn = {bv_len = 12, bv_val = 0x1955370 "cn=subschema"}, be_rootdn = { bv_len = 0, bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0}, be_rootpw = {bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit = {lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 50, lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x1925890, be_dfltaccess = ACL_READ, be_extra_anlist = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x0, be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x7200e8 <cf_ocs+392>, be_private = 0x0, be_next = {stqe_next = 0x18cbcc0}} sc = <optimized out> cb = 0x7f1c580031e8 rc = 32768 __PRETTY_FUNCTION__ = "over_op_func" #11 0x0000000000431006 in do_search (op=0x7f1c580028f0, rs=0x7f1c677fda60) at /home/build/sold/openldap/servers/slapd/search.c:247 base = {bv_len = 14, bv_val = 0x7f1c580025c7 "dc=example,dc=com"} siz = 0 off = 0 i = <optimized out> #12 0x000000000042ede5 in connection_operation (ctx=ctx@entry=0x7f1c677fdbd0, arg_v=arg_v@entry=0x7f1c580028f0) at /home/build/sold/openldap/servers/slapd/connection.c:1167 rc = 80 cancel = <optimized out> op = 0x7f1c580028f0 rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} tag = 99 opidx = SLAP_OP_SEARCH conn = 0x7f4475224500 memctx = 0x7f1c58002810 memctx_null = 0x0 memsiz = 1048576 __PRETTY_FUNCTION__ = "connection_operation" #13 0x000000000042f0ea in connection_read_thread (ctx=0x7f1c677fdbd0, argv=0x16) at /home/build/sold/openldap/servers/slapd/connection.c:1314 rc = <optimized out> cri = {op = 0x7f1c580028f0, func = 0x0, arg = 0x0, ctx = <optimized out>, nullop = <optimized out>} s = <optimized out> #14 0x00007f447a585353 in ldap_int_thread_pool_wrapper (xpool=0x18b1340) at /home/build/sold/openldap/libraries/libldap_r/tpool.c:963 pq = 0x18b1340 pool = 0x18b1250 task = 0x7f1c68000da0 work_list = <optimized out> ctx = {ltu_pq = 0x18b1340, ltu_id = 139759972247296, ltu_key = {{ltk_key = 0x42cbf0 <conn_counter_init>, ltk_data = 0x7f1c58002700, ltk_free = 0x42ccb0 <conn_counter_destroy>}, { ltk_key = 0x47fef0 <slap_sl_mem_init>, ltk_data = 0x7f1c58002810, ltk_free = 0x47fdb0 <slap_sl_mem_destroy>}, {ltk_key = 0x1ae4a40, ltk_data = 0x7f1c58102f30, ltk_free = 0x7f44763ff550 <mdb_reader_free>}, {ltk_key = 0x4416f0 <slap_op_free>, ltk_data = 0x0, ltk_free = 0x441650 <slap_op_q_destroy>}, {ltk_key = 0x0, ltk_data = 0x7f1c58000a80, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 27 times>}} kctx = <optimized out> keyslot = <optimized out> hash = <optimized out> pool_lock = 0 freeme = 0 __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #15 0x00007f4478d42ea5 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #16 0x00007f4478a6b8cd in clone () from /lib64/libc.so.6 No symbol table info available. (gdb) -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Issue 8977] Make IDL sizes configurable in back-mdb
by openldap-its＠openldap.org 27 Feb '21

27 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8977 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |TEST -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8977] Make IDL sizes configurable in back-mdb
by openldap-its＠openldap.org 27 Feb '21

27 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8977 --- Comment #14 from Howard Chu <hyc(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #8) > --On Thursday, June 27, 2019 8:56 PM +0000 quanah(a)symas.com wrote: > > > --On Thursday, June 27, 2019 8:35 PM +0000 hyc(a)symas.com wrote: > > > >> No, because order is irrelevant for these. > > > > Cool, thanks! I'll continue on with deeper testing then. :) > > Given the current implementation of OpenLDAP, this feature is impossible to > use w/o recompiling OpenLDAP when a change to the IDL size is made. This > is because LDAP_PVT_THREAD_STACK_SIZE must be adjusted as well and that > requires a recompile. This is actually not correct. The stack size was only required because IDLs were of constant size and some were allocated on the stack. But with this patch, since IDL sizes are variable they must all be dynamically allocated using ch_malloc, and so has no impact on the stack any more. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7509] 2.4 Admin Guide olcDatabase={0}config Clarification w.r.t. olcRootDN
by openldap-its＠openldap.org 26 Feb '21

26 Feb '21

1 0

[Issue 7425] documentation for slapo-pcache when using slapd-config
by openldap-its＠openldap.org 26 Feb '21

26 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7425 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7129] slapo-valsort(5) missing description of LDAP_CONTROL_VALSORT
by openldap-its＠openldap.org 26 Feb '21

26 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7129 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7036] ldapsearch should attempt DNS-based fallback if possible
by openldap-its＠openldap.org 26 Feb '21

26 Feb '21

1 0

[Issue 6277] Missing documentation for cn=config
by openldap-its＠openldap.org 26 Feb '21

26 Feb '21

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
53
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2021