openldap-bugs May 2021

openldap-bugs@openldap.org

1 participants
147 discussions

[Issue 9541] New: Typos in ldap_pvt_gettimeofday() in libraries/libldap/util-int.c
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9541 Issue ID: 9541 Summary: Typos in ldap_pvt_gettimeofday() in libraries/libldap/util-int.c Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: brecht(a)sanders.org Target Milestone: --- In openldap 2.544 there appear to be some typos in libraries/libldap/util-int.c - there is an int between the ldap_pvt_gettimeofday() function definition and the next curly brace - tv_spec is not a member of struct timeval, should be tv_sec patch -ulbf libraries/libldap/util-int.c << EOF @@ -300,3 +300,2 @@ ldap_pvt_gettimeofday( struct timeval *tv, void *unused ) -int { @@ -304,3 +303,3 @@ ldap_pvt_clock_gettime( 0, &ts ); - tv->tv_sec = ts.tv_spec; + tv->tv_sec = ts.tv_sec; tv->tv_usec = ts.tv_nsec / 1000; EOF -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9555] New: Introduce a default operations timeout for back-asyncmeta
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9555 Issue ID: 9555 Summary: Introduce a default operations timeout for back-asyncmeta Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: nivanova(a)symas.com Target Milestone: --- Currently, if no operation timeout is configured, the default asyncmeta behavior is to have no timeout. This is potentially unsafe - if for some reason a target server does not return a response, the operation will stay in the queue until the connection is reset due to some network error (idle-timeout is not honored if there are pending operations). In the case of many such operations, the queues can get filled up and asyncmeta will become unable to process new operations for some time. Therefore, a setting of "0" should be used carefully and with intent. To prevent accidental configuration of 0, the default operations timeout should be a value larger than 0. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9531] New: change RootDSE
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9531 Issue ID: 9531 Summary: change RootDSE Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: niko(a)dwolfix.ru Target Milestone: --- Created attachment 816 --> https://bugs.openldap.org/attachment.cgi?id=816&action=edit RootDSE OS Linux Debian 10, slapd 2.4.57+dfsg-2 When installing openldap, a RootDSE is formed with the objectClass 'organization' (2.5.6.4). The root entry cannot be deleted. How can the RootDSE be changed so that the objectClass becomes 'domain' (0.9.2342.19200300.100.4.13)? -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 9566] New: OpenLDAP Proxy crashes when idassertauthzfrom is set to dn:*
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9566 Issue ID: 9566 Summary: OpenLDAP Proxy crashes when idassertauthzfrom is set to dn:* Product: OpenLDAP Version: 2.4.56 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: nevillem(a)issquaredinc.com Target Milestone: --- Set olcDbIDAssertAuthzFrom to {0}dn:* Set olcDbIDAssertBind when flag is set to prescriptive or non-prescriptive Stop slapd Start slapd - It does not start, errors out. It works when olcDbIDAssertBind has flags set to flags=proxy-authz-non-critical -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9565] New: radlib.h: No such file or directory - passwd slapd-module
by openldap-its＠openldap.org 29 May '21

29 May '21

https://bugs.openldap.org/show_bug.cgi?id=9565 Issue ID: 9565 Summary: radlib.h: No such file or directory - passwd slapd-module Product: OpenLDAP Version: 2.5.4 Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: rguichardspam(a)Gmail.com Target Milestone: --- Hi, while compile passwd slapd-modules, I've got error on Radius compilation. gcc -DOPENLDAP_FD_SETSIZE=4096 -O2 -g -DSLAP_SCHEMA_EXPOSE -g -O2 -I/usr/kerberos/include -I../../../include -I../../../include -I../../../servers/slapd -c radius.c -fPIC -DPIC -o .libs/radius.o radius.c:27:20: fatal error: radlib.h: No such file or directory #include <radlib.h> I've searched which package could provide the radlib file but I didn't found it. Please confirm which package should be used .. or link to the source.. I'm on CentOS -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9567] New: Double free error after attempt to insert a duplicate entry
by openldap-its＠openldap.org 29 May '21

29 May '21

https://bugs.openldap.org/show_bug.cgi?id=9567 Issue ID: 9567 Summary: Double free error after attempt to insert a duplicate entry Product: LMDB Version: 0.9.17 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: wietse(a)porcupine.org Target Milestone: --- This problem was originally discovered by Adi Prasaja on Ubuntu with lmdb-0.9.24, and reproduced by me on Fedora with lmdb-0.9.25, as well as multiple source repo branches from github.com/openldap. The problem was introduced with lmdb version 0.9.17 and still exists in the 'head' version 0.9.70 as retrieved from github.com on May 28, 2021. Quick demo (any Postfix version with LMDB support): create a key-value store from a file containing one (key, value) per line. $ cat /tmp/aa aa 1 aa 2 $ postmap lmdb:/tmp/aa postmap: warning: lmdb:/tmp/aa: duplicate entry: "aa" <== Postfix message free(): double free detected in tcache 2 <== libc message Aborted (core dumped) Commenting out the free(env->me_txn0) call mdb_env_close0() will prevent the double free() error. Of course, that results in a memory leak when the input contains no duplicate line. The remainder of this message show the steps to reproduce this with lmdb version 0.9.70 (from github 'head') on Fedora 32 with postfix-3.7-20210424. These steps have been verified to also work for Postfix 3.2. The steps assume that the LMDB library and header files are installed in /usr/local, by using the default lmdb Makefile. $ cat >makemakefiles-lmdb-local <<'EOF' #!/bin/sh export OPT="" export CCARGS="-DNO_NIS" export AUXLIBS="" # Add LMDB export CCARGS="$CCARGS -DHAS_LMDB" export AUXLIBS_LMDB="-L/usr/local/lib -Wl,-rpath,/usr/local/lib -llmdb" unset shlib_directory make -f Makefile.in makefiles shared=no dynamicmaps=no CCARGS="-I/usr/local/include $CCARGS" AUXLIBS="$AUXLIBS $AUXLIBS_LMDB" EOF $ make tidy [some output] $ sh makemakefiles-lmdb-local $ make -j8 [lots of output] $ cat >/tmp/aa << EOF aa 1 aa 2 EOF $ valgrind --tool=memcheck bin/postmap lmdb:/tmp/aa ==340318== Memcheck, a memory error detector ==340318== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==340318== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info ==340318== Command: bin/postmap lmdb:/tmp/aa ==340318== postmap: warning: lmdb:/tmp/aa: duplicate entry: "aa" ==340318== Invalid free() / delete / delete[] / realloc() ==340318== at 0x483B9F5: free (vg_replace_malloc.c:538) ==340318== by 0x4858CFD: mdb_env_close0 (in /usr/local/lib/liblmdb.so) ==340318== by 0x4859B0C: mdb_env_close (in /usr/local/lib/liblmdb.so) ==340318== by 0x13CBC3: slmdb_close (slmdb.c:780) ==340318== by 0x13B297: dict_lmdb_close (dict_lmdb.c:475) ==340318== by 0x113DFF: mkmap_close (mkmap_open.c:211) ==340318== by 0x10F080: postmap (postmap.c:557) ==340318== by 0x1108E4: main (postmap.c:1140) ==340318== Address 0x7320c30 is 0 bytes inside a block of size 258 free'd ==340318== at 0x483B9F5: free (vg_replace_malloc.c:538) ==340318== by 0x48561DE: mdb_txn_commit (mdb.c:4130) ==340318== by 0x13CB7D: slmdb_close (slmdb.c:771) ==340318== by 0x13B297: dict_lmdb_close (dict_lmdb.c:475) ==340318== by 0x113DFF: mkmap_close (mkmap_open.c:211) ==340318== by 0x10F080: postmap (postmap.c:557) ==340318== by 0x1108E4: main (postmap.c:1140) ==340318== Block was alloc'd at ==340318== at 0x483CAE9: calloc (vg_replace_malloc.c:760) ==340318== by 0x48599F2: mdb_env_open (in /usr/local/lib/liblmdb.so) ==340318== by 0x13CD91: slmdb_open (slmdb.c:851) ==340318== by 0x13B6C6: dict_lmdb_open (dict_lmdb.c:612) ==340318== by 0x113F50: mkmap_open (mkmap_open.c:283) ==340318== by 0x10EC02: postmap (postmap.c:438) ==340318== by 0x1108E4: main (postmap.c:1140) ==340318== ==340318== ==340318== HEAP SUMMARY: ==340318== in use at exit: 27,608 bytes in 634 blocks ==340318== total heap usage: 1,430 allocs, 797 frees, 3,356,293 bytes allocated ==340318== ==340318== LEAK SUMMARY: ==340318== definitely lost: 0 bytes in 0 blocks ==340318== indirectly lost: 0 bytes in 0 blocks ==340318== possibly lost: 27,582 bytes in 633 blocks ==340318== still reachable: 26 bytes in 1 blocks ==340318== suppressed: 0 bytes in 0 blocks ==340318== Rerun with --leak-check=full to see details of leaked memory ==340318== ==340318== For lists of detected and suppressed errors, rerun with: -s ==340318== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Similar errors happen with lmdb-0.9.17. The problem does not exist in lmdb-0.9.16 or earlier versions. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9564] New: Race condition with freeing the spilled pages from transaction
by openldap-its＠openldap.org 27 May '21

27 May '21

https://bugs.openldap.org/show_bug.cgi?id=9564 Issue ID: 9564 Summary: Race condition with freeing the spilled pages from transaction Product: LMDB Version: 0.9.29 Hardware: Other OS: Mac OS Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: kriszyp(a)gmail.com Target Milestone: --- Created attachment 825 --> https://bugs.openldap.org/attachment.cgi?id=825&action=edit Free the spilled pages and dirty overflows before unlocking the write mutex The spilled pages (a transaction's mt_spill_pgs) is freed *after* a write transaction's mutex is unlocked (in mdb.master3). This can result in a race condition where a second transaction can start and subsequently assign a new mt_spill_pgs list to the transaction structure that it reuses. If this occurs after the first transaction unlocks the mutex, but before it performs the free operation on mt_spill_pgs, then the first transaction will end up calling a free on the same spilled page list as the second transaction, resulting in a double free (and crash). It would seem to be an extremely unlikely scenario to actually happen, since the free call is literally the next operation after the mutex is unlocked, and the second transaction would need to make it all the way to the point of saving the freelist before a page spill list is likely to be allocated. Consequently, this probably has rarely happened. However, one of our users (see https://github.com/DoctorEvidence/lmdb-store/issues/48 for the discussion) has noticed this occurring, and it seems that it may be particularly likely to happen on MacOS on the new M1 silicon. Perhaps there is some peculiarity to how the threads are more likely to yield execution after a mutex unlock, I am not sure. I was able to reproduce the issue by intentionally manipulating the timing (sleeping before the free) to verify that the race condition is technically feasible, and apparently this can happen "in the wild" on MacOS, at least with an M1. It is also worth noting that this is due to (or a regression from) the fix for ITS#9155 (https://github.com/LMDB/lmdb/commit/cb256f409bb53efeda4ac69ee8165a0b4fc1a277) where the free call was moved outside the conditional (for having a parent) that had previously never been executed after the mutex is unlocked, but now is called after the unlock. Anyway, the solution is relatively simple, the free call simply has to be moved above the unlock. In my patch, I also moved the free call for mt_dirty_ovs. I am not sure what OVERFLOW_NOTYET/mt_dirty_ovs is for, but presumably it should be handled the same. This could alternately be solved by saving the reference to these lists before unlocking, and freeing after unlocking, which would slightly decrease the amount of processing within the mutex guarded code. Let me know if you prefer a patch that does that. -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9563] New: OpenLDAP enable TLS1.3
by openldap-its＠openldap.org 26 May '21

26 May '21

https://bugs.openldap.org/show_bug.cgi?id=9563 Issue ID: 9563 Summary: OpenLDAP enable TLS1.3 Product: OpenLDAP Version: 2.4.45 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: santhu227(a)gmail.com Target Milestone: --- How we can enable TLS1.3 on OopenLDAP for ubuntu 18.04.5 LTS. Package details : OS PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" OpenSSL 1.1.1g 21 Apr 2020. grep -R olcTLS /etc/ldap/slapd.d/ /etc/ldap/slapd.d/cn=config.ldif:olcTLSCRLCheck: none /etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 3.4 /etc/ldap/slapd.d/cn=config.ldif:olcTLSCipherSuite: NORMAL /etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: try /etc/ldap/slapd.d/cn=config.ldif:olcTLSCACertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/ldap/sasl2/ldap_server_new_13.key /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt dpkg -s slapd | grep Version Version: 2.4.45+dfsg-1ubuntu1.10 Is there any possibility to enable TLS1.3 on slapd service(OpenLDAP server) for above configuration. If need to upgrade any package will it be possible to upgrade or update on Ubuntu 18.04.5. openssl client output where openssl is not able to connecte with TLS1.3. Same will list ciphers for TLS1.2 openssl s_client -connect <host>:636 -tls1_3 CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 215 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9562] New: Unable to setup TLS1.3
by openldap-its＠openldap.org 26 May '21

26 May '21

https://bugs.openldap.org/show_bug.cgi?id=9562 Issue ID: 9562 Summary: Unable to setup TLS1.3 Product: OpenLDAP Version: 2.4.45 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: santhu227(a)gmail.com Target Milestone: --- How we can enable TLS1.3 on OopenLDAP for ubuntu 18.04.5 LTS. Package details : OS PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" OpenSSL 1.1.1g 21 Apr 2020. grep -R olcTLS /etc/ldap/slapd.d/ /etc/ldap/slapd.d/cn=config.ldif:olcTLSCRLCheck: none /etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 3.3 /etc/ldap/slapd.d/cn=config.ldif:olcTLSCipherSuite: NORMAL /etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: try /etc/ldap/slapd.d/cn=config.ldif:olcTLSCACertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/ldap/sasl2/ldap_server_new_13.key /etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/ldap/sasl2/ldap_server_new_13.crt dpkg -s slapd | grep Version Version: 2.4.45+dfsg-1ubuntu1.10 Is there any possibility to enable TLS1.3 on slapd service(OpenLDAP server) for above configuration. If need to upgrade any package will it be possible to upgrade or update on Ubuntu 18.04.5. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9560] New: Dead images in documentation
by openldap-its＠openldap.org 25 May '21

25 May '21

https://bugs.openldap.org/show_bug.cgi?id=9560 Issue ID: 9560 Summary: Dead images in documentation Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: shea.ramage(a)gmail.com Target Milestone: --- Created attachment 823 --> https://bugs.openldap.org/attachment.cgi?id=823&action=edit Screenshot of broken images Documentation release 2.5 (https://www.openldap.org/doc/admin25) contains several dead image links. One example (Figure 3.1) https://www.openldap.org/doc/admin25/config_local.png results in a 404 not found error, however changing the '5' in the URL to a '4' loads an image correctly. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

← Newer
1
...
7
8
9
10
11
12
13
14
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2021