openldap-bugs April 2021

openldap-bugs@openldap.org

1 participants
221 discussions

[Issue 9537] New: slap_timestamp() can give a duplicated timestamp across restarts
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9537 Issue ID: 9537 Summary: slap_timestamp() can give a duplicated timestamp across restarts Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- On busy sites, when a slapd restart takes <1s, accesslog can fail to log changes with LDAP_ALREADY_EXISTS. This is because slap_timestamp() only logs timestamps with a 1s precision, disambiguating the rest with a counter that's forgotten across restarts. It is possible my analysis in ITS#9487 is partially invalidated because of this. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9526] New: slapadd -w crashes
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9526 Issue ID: 9526 Summary: slapadd -w crashes Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Let slapd.conf is: > database mdb > suffix "o=Foo" > sync_use_subentry database is blank and we are adding this foo.ldif: > dn: o=FOO > objectClass:organization Let's load: > slapd -T add -v -l foo.ldif -w then on Solaris: > added: "o=FOO" (00000001) > Segmentation Fault (core dumped) ... on Linux: > added: "o=FOO" (00000001) > => mdb_next_id: get failed: Invalid argument (22) > => mdb_tool_next_id: next_id failed: Invalid argument (22) > => mdb_tool_entry_put: txn_aborted! Invalid argument (22) > slapadd: couldn't create context entry > Closing DB... This is because: * mdb_tool_next_id() takes dead global [tools.c`static MDB_cursor *mcp] for further operations * cursor is dead because mdb_tool_entry_put() didn't initialized it * mdb_tool_entry_put() didn't initialized cursor because it thinks it is initialized, because there is an active global [tools.c`MDB_txn *mdb_tool_txn] * transaction was initialized by mdb_tool_dn2id_get(), which doesn't care about cursors. Long story short: the global state in tools.c is not managed consistently and needs rethinking. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9529] New: pcache locking issue
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9529 Issue ID: 9529 Summary: pcache locking issue Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Since ITS#6954 commit ea228495148 the consistency_check function was changed to hold the template t_rwlock for the entire duration of a query expiration. There doesn't appear to be any valid reason for this change, and it causes the cache to be unresponsive to new searches while expiration is removing cached entries. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9295] New: ppolicy and replication: pwdLockedTime replication fails to replicate
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9295 Issue ID: 9295 Summary: ppolicy and replication: pwdLockedTime replication fails to replicate Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- If you have the following setup, a replica will hit an error during replication. a) ppolicy is configured on provider(s) and replicas. Replica has schemachecking=on in its syncrepl configuration b) account gets locked on the replica, so pwdAccountLockedTime is set on the replica but not on the provider(s) c) admin does a MOD/ADD op against a provider for the user entry to add a value to pwdAccountLockedTime dn: ... changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: ... d) provider accepts this modification. e) replica rejects this modification because the resulting change means that there would be two pwdAccountLockedTime values on the account in question Generally I believe that in this scenario, the MOD/ADD on the provider should be treated as a replace OP instead of an ADD op -- You are receiving this mail because: You are on the CC list for the issue.

1 18

[Issue 9530] New: double-free in options.c
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9530 Issue ID: 9530 Summary: double-free in options.c Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: norm.green(a)gemtalksystems.com Target Milestone: --- I've been seeing double-free errors in valgrind when calling ldap_set_option(lc, LDAP_OPT_DEFBASE) I tracked it down to code in ldap_create() in open.c. When we copy the global options to the new LDAP *, we create new versions of some but not all malloced options. The ldo_defbase and ldo_defbinddn option members are strings that are *not* reallocated (ldo_defbase may not be important). This diff appears to fix the problem: diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 5882b6336..0828d334e 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -139,6 +139,14 @@ ldap_create( LDAP **ldp ) ld->ld_options.ldo_defludp = NULL; ld->ld_options.ldo_conn_cbs = NULL; + /* Norm Green, April 20, 2021 - fix pointers that get copied. + * must realloc these to prevent double-free errors */ + + ld->ld_options.ldo_defbase = gopts->ldo_defbase ? + LDAP_STRDUP(gopts->ldo_defbase) : NULL; + ld->ld_options.ldo_defbinddn = gopts->ldo_defbinddn ? + LDAP_STRDUP(gopts->ldo_defbinddn) : NULL; + -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9521] New: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9521 Issue ID: 9521 Summary: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- OpenSSL 1.1 uses a separate API for configuring TLSv1.3 cipher suites. The current code in libldap doesn't call this API so those suites are always left at their compiled-in default. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9494] New: Segfault after modify olcDbMaxSize w/ autogroup
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9494 Issue ID: 9494 Summary: Segfault after modify olcDbMaxSize w/ autogroup Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: louis.chanouha(a)univ-toulouse.fr Target Milestone: --- Hello, Yet another crash when modifying olcDbMaxSize. Seems not to be related to other similar reports. autogroup works fine until : - attempt to modify olcDbMaxSize - attempt to modify olcAGattrSet (segfault to, need to delete the overlay and add it again) - do not rely on olcMemberOfMemberAD (extra memberof module) requested change --------------------------------------------: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcDbMaxSize olcDbMaxSize: 4294967296 openldap logs -----------------------------------------------: 6046b5c3 ==> autogroup_db_close 6046b5c3 ==> autogroup_db_close 6046b5c3 mdb_db_open: database "dc=domain,dc=fr": dbenv_open(/var/lib/ldap). 6046b5c3 ==> autogroup_db_open 6046b5c3 ==> autogroup_build_def_filter put_filter: "(objectClass=groupOfURLs)" put_filter: simple put_simple_filter: "objectClass=groupOfURLs" ber_scanf fmt ({mm}) ber: 6046b5c3 => mdb_search 6046b5c3 mdb_dn2entry("dc=domain,dc=fr") 6046b5c3 => mdb_dn2id("dc=domain,dc=fr") 6046b5c3 <= mdb_dn2id: got id=0x1 6046b5c3 => mdb_entry_decode: 6046b5c3 <= mdb_entry_decode 6046b5c3 search_candidates: base="dc=domain,dc=fr" (0x00000001) scope=2 6046b5c3 => mdb_equality_candidates (objectClass) 6046b5c3 => key_read 6046b5c3 <= mdb_index_read: failed (-30798) 6046b5c3 <= mdb_equality_candidates: id=0, first=0, last=0 6046b5c3 => mdb_equality_candidates (objectClass) 6046b5c3 => key_read 6046b5c3 <= mdb_index_read 5 candidates 6046b5c3 <= mdb_equality_candidates: id=5, first=18173, last=18177 6046b5c3 mdb_search_candidates: id=5 first=18173 last=18177 6046b5c3 => mdb_entry_decode: 6046b5c3 <= mdb_entry_decode 6046b5c3 ==> autogroup_group_add_cb <cn=cxxx,ou=groups,dc=domain,dc=fr> 6046b5c3 ==> autogroup_add_group <cn=xxx,ou=groups,dc=domain,dc=fr> Thread 3 "slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7feb7d42c700 (LWP 37453)] GDB dump -------------------------------------- (gdb) info frame Stack level 0, frame at 0x7feb7d297fd0: rip = 0x55b4569bcba0 in dnMatch; saved rip = 0x7feb9e5f768b called by frame at 0x7feb7d298070 Arglist at 0x7feb7d297f88, args: Locals at 0x7feb7d297f88, Previous frame's sp is 0x7feb7d297fd0 Saved registers: rbx at 0x7feb7d297f98, rbp at 0x7feb7d297fa0, r12 at 0x7feb7d297fa8, r13 at 0x7feb7d297fb0, r14 at 0x7feb7d297fb8, r15 at 0x7feb7d297fc0, rip at 0x7feb7d297fc8 (gdb) bt #0 0x000055b4569bcba0 in dnMatch () #1 0x00007feb9e5f768b in ?? () from /usr/lib/ldap/autogroup.so.0 #2 0x00007feb9e5f98fb in ?? () from /usr/lib/ldap/autogroup.so.0 #3 0x000055b4569b6eb8 in ?? () #4 0x000055b4569b8a31 in slap_send_search_entry () #5 0x00007feb9e63dbf6 in mdb_search () from /usr/lib/ldap/back_mdb-2.4.so.2 #6 0x000055b456a16c68 in overlay_op_walk () #7 0x000055b456a16d97 in ?? () #8 0x00007feb9e5f9be0 in ?? () from /usr/lib/ldap/autogroup.so.0 #9 0x000055b456a15dd8 in ?? () #10 0x00007feb9e632eb8 in ?? () from /usr/lib/ldap/back_mdb-2.4.so.2 #11 0x000055b4569908b6 in ?? () #12 0x000055b4569be8aa in fe_op_modify () #13 0x000055b4569c0930 in do_modify () #14 0x000055b4569a66ed in ?? () #15 0x000055b4569a722c in ?? () #16 0x00007feb9fa5ea03 in ?? () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #17 0x00007feb9f990609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #18 0x00007feb9f8b7293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 cn=config overlays ---------------------------------- 22 olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: top olcOverlay: memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf 23 olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy olcPPolicyDefault: cn=orga_default,ou=Policies,dc=domain,dc=fr olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: TRUE olcPPolicyForwardUpdates: TRUE 24 olcOverlay={2}syncprov,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {2}syncprov 25 olcOverlay={3}memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf objectClass: olcConfig olcOverlay: {3}memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member 26 olcOverlay={4}autogroup,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutomaticGroups olcOverlay: {4}autogroup olcAGattrSet: {0}groupOfURLs memberURL member olcAGmemberOfAd: memberOf 27 olcOverlay={5}memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf objectClass: olcConfig olcOverlay: {5}memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfURLs olcMemberOfMemberAD: member 28 olcOverlay={6}autogroup,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutomaticGroups olcOverlay: {6}autogroup olcAGattrSet: {0}groupOfURLs memberUidURL memberUid -- You are receiving this mail because: You are on the CC list for the issue.

1 14

[Issue 9541] New: Typos in ldap_pvt_gettimeofday() in libraries/libldap/util-int.c
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9541 Issue ID: 9541 Summary: Typos in ldap_pvt_gettimeofday() in libraries/libldap/util-int.c Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: brecht(a)sanders.org Target Milestone: --- In openldap 2.544 there appear to be some typos in libraries/libldap/util-int.c - there is an int between the ldap_pvt_gettimeofday() function definition and the next curly brace - tv_spec is not a member of struct timeval, should be tv_sec patch -ulbf libraries/libldap/util-int.c << EOF @@ -300,3 +300,2 @@ ldap_pvt_gettimeofday( struct timeval *tv, void *unused ) -int { @@ -304,3 +303,3 @@ ldap_pvt_clock_gettime( 0, &ts ); - tv->tv_sec = ts.tv_spec; + tv->tv_sec = ts.tv_sec; tv->tv_usec = ts.tv_nsec / 1000; EOF -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9531] New: change RootDSE
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9531 Issue ID: 9531 Summary: change RootDSE Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: niko(a)dwolfix.ru Target Milestone: --- Created attachment 816 --> https://bugs.openldap.org/attachment.cgi?id=816&action=edit RootDSE OS Linux Debian 10, slapd 2.4.57+dfsg-2 When installing openldap, a RootDSE is formed with the objectClass 'organization' (2.5.6.4). The root entry cannot be deleted. How can the RootDSE be changed so that the objectClass becomes 'domain' (0.9.2342.19200300.100.4.13)? -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 9539] New: ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(env, 0)
by openldap-its＠openldap.org 25 May '21

25 May '21

https://bugs.openldap.org/show_bug.cgi?id=9539 Issue ID: 9539 Summary: ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(env, 0) Product: LMDB Version: 0.9.28 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: igfoo(a)github.com Target Milestone: --- On Windows, with the attached program and the commands below, I am getting ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(env, 0) on the latest 0.9.28 release. The program works as expected on mdb.master. git clone https://github.com/LMDB/lmdb.git cd lmdb git reset --hard LMDB_0.9.28 cd .. call "c:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars64.bat" cl -Femain.exe -Ilmdb/libraries/liblmdb main.c lmdb/libraries/liblmdb/mdb.c lmdb/libraries/liblmdb/midl.c Advapi32.lib cl -Feloop.exe -Ilmdb/libraries/liblmdb loop.c lmdb/libraries/liblmdb/mdb.c lmdb/libraries/liblmdb/midl.c Advapi32.lib .\main.exe Example output: Loop 300000 400000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 500000 600000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 200000 300000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 400000 500000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 600000 700000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 100000 200000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 700000 800000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 900000 1000000 starting. Got ERROR_USER_MAPPED_FILE from mdb_env_set_mapsize(0). Loop 800000 900000 starting. Loop 800000 900000 done. Non-zero 0 exit code 1. Non-zero 1 exit code 1. Non-zero 2 exit code 1. Non-zero 3 exit code 1. Non-zero 4 exit code 1. Non-zero 5 exit code 1. Non-zero 6 exit code 1. Non-zero 8 exit code 1. All done. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

← Newer
1
...
5
6
7
8
9
10
11
...
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2021