openldap-bugs March 2021

openldap-bugs@openldap.org

1 participants
317 discussions

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9474] New: ldap_install_tls() should return meaningful error code
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9474 Issue ID: 9474 Summary: ldap_install_tls() should return meaningful error code Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- The description of my findings (take a note that these are OpenLDAP logs that happen under the application that uses libldap): [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_write: want=610, written=610 ... [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:SSLv3 flush data [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_read: want=5 error=Interrupted system call [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS: can't connect: . [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection 1 1 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_send_unbind [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ber_flush2: 7 bytes to sd 23 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 00 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_write: want=7, written=7 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 01 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection: actually freed So, 'error=Interrupted system call' is caught by this: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/liblber/… It is only the debug message that comes from the caller itself so we can see what is passed to OpenSSL. And 'Interrupted system call' is just an EINTR string representation. What we should do is to catch the error that OpenSSL returns to us after it is interrupted. As we can see from the logs: "libldap: TLS: can't connect: ." This line returns nothing: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… So 'ld->ld_error' is set to empty value. If we go deeper into the 'tls_imp->ti_session_errmsg' call we can reach the point where ERR_peek_error() is called: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… In the conclusion: ldap_install_tls() should return meaningful error code that would allow to figure out a reason for the failure, especially network IO fail due to EITR. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also|https://bugs.openldap.org/s | |how_bug.cgi?id=9495 | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9325] New: Expand SSL test suite for multiple EC support and SAN checks
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9325 Issue ID: 9325 Summary: Expand SSL test suite for multiple EC support and SAN checks Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Need to expand the TLS test suite with some additional certs and EC support to ensure proper testing of issue#9054 and issue#9318 -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- debug levels are what gets passed to slapd via the -d option. They share the same namespace as the loglevels, but some items are only valid as a debug option (such as packets). I'll work on clarifying the admin guide. --Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8707] slapd: Add systemd service notification support
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8707 --- Comment #28 from Quanah Gibson-Mount <quanah(a)openldap.org> --- With this patch, the test suite takes an extremely long amount of time. I suspect there are some significant issues with it, as it shouldn't increase the amount of time it takes slapd to execute. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #40 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to HoweverAT from comment #39) > Created attachment 807 [details] > Add SOCKET_BIND_ADDRESSES Option > > New patch against latest master > > Changed: > - Debug Improvements (Add client address in ldap_dump_connection, also print > binded address in DEBUG_TRACE if used) > - Bugfix I would suggest submitting a merge request via your existing account at https://git.openldap.org for review to ease the review process. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 HoweverAT <laeufer4321(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #804 is|0 |1 obsolete| | --- Comment #39 from HoweverAT <laeufer4321(a)gmx.at> --- Created attachment 807 --> https://bugs.openldap.org/attachment.cgi?id=807&action=edit Add SOCKET_BIND_ADDRESSES Option New patch against latest master Changed: - Debug Improvements (Add client address in ldap_dump_connection, also print binded address in DEBUG_TRACE if used) - Bugfix Thank you for your feedback in advance Lukas The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Lukas Wimmer laeufer4321(a)gmx.at. I have not assigned rights and/or interest in this work to any party. I, Lukas Wimmer, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 9d5267e1 by Quanah Gibson-Mount at 2021-03-09T19:12:49+00:00 ITS#9079 - Fix minor issues with slapo-unique man page -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
...
17
18
19
20
21
22
23
...
32
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2021