openldap-bugs May 2021

openldap-bugs@openldap.org

1 participants
148 discussions

[Issue 9529] New: pcache locking issue
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9529 Issue ID: 9529 Summary: pcache locking issue Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Since ITS#6954 commit ea228495148 the consistency_check function was changed to hold the template t_rwlock for the entire duration of a query expiration. There doesn't appear to be any valid reason for this change, and it causes the cache to be unresponsive to new searches while expiration is removing cached entries. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9295] New: ppolicy and replication: pwdLockedTime replication fails to replicate
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9295 Issue ID: 9295 Summary: ppolicy and replication: pwdLockedTime replication fails to replicate Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- If you have the following setup, a replica will hit an error during replication. a) ppolicy is configured on provider(s) and replicas. Replica has schemachecking=on in its syncrepl configuration b) account gets locked on the replica, so pwdAccountLockedTime is set on the replica but not on the provider(s) c) admin does a MOD/ADD op against a provider for the user entry to add a value to pwdAccountLockedTime dn: ... changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: ... d) provider accepts this modification. e) replica rejects this modification because the resulting change means that there would be two pwdAccountLockedTime values on the account in question Generally I believe that in this scenario, the MOD/ADD on the provider should be treated as a replace OP instead of an ADD op -- You are receiving this mail because: You are on the CC list for the issue.

1 18

[Issue 9542] New: wrong OIDs for Authorization Identity Request and Response Controls
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9542 Issue ID: 9542 Summary: wrong OIDs for Authorization Identity Request and Response Controls Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- The OIDs for Authz Identity controls in ldap.h do not match the values in RFC 3829. This patch fixes it: diff --git a/include/ldap.h b/include/ldap.h index 6877d9fd11..be2d6d577a 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -273,8 +273,8 @@ typedef struct ldapcontrol { /* non-standard track controls */ #define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */ -#define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.4.16" /* RFC 3829 */ -#define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.4.15" /* RFC 3829 */ +#define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.3.4.16" /* RFC 3829 */ +#define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.3.4.15" /* RFC 3829 */ /* LDAP Content Synchronization Operation -- RFC 4533 */ #define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1" -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9530] New: double-free in options.c
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9530 Issue ID: 9530 Summary: double-free in options.c Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: norm.green(a)gemtalksystems.com Target Milestone: --- I've been seeing double-free errors in valgrind when calling ldap_set_option(lc, LDAP_OPT_DEFBASE) I tracked it down to code in ldap_create() in open.c. When we copy the global options to the new LDAP *, we create new versions of some but not all malloced options. The ldo_defbase and ldo_defbinddn option members are strings that are *not* reallocated (ldo_defbase may not be important). This diff appears to fix the problem: diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 5882b6336..0828d334e 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -139,6 +139,14 @@ ldap_create( LDAP **ldp ) ld->ld_options.ldo_defludp = NULL; ld->ld_options.ldo_conn_cbs = NULL; + /* Norm Green, April 20, 2021 - fix pointers that get copied. + * must realloc these to prevent double-free errors */ + + ld->ld_options.ldo_defbase = gopts->ldo_defbase ? + LDAP_STRDUP(gopts->ldo_defbase) : NULL; + ld->ld_options.ldo_defbinddn = gopts->ldo_defbinddn ? + LDAP_STRDUP(gopts->ldo_defbinddn) : NULL; + -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9521] New: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9521 Issue ID: 9521 Summary: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- OpenSSL 1.1 uses a separate API for configuring TLSv1.3 cipher suites. The current code in libldap doesn't call this API so those suites are always left at their compiled-in default. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9559] New: ldap_modify manpage LDAPMod incorrect
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9559 Issue ID: 9559 Summary: ldap_modify manpage LDAPMod incorrect Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- ldap_modify(3) suggests that struct ldapmod has a mod_next parameter, where ldap.h defines no such thing, nor is it even mentioned in RFC1823 for what that's worth. So I think it is the manpage that needs updating. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9554] New: Finish retiring configure.in in OpenLDAP 2.5 and later
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9554 Issue ID: 9554 Summary: Finish retiring configure.in in OpenLDAP 2.5 and later Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Update configure.in to configure.ac for contrib modules: ./contrib/ldaptcl/configure.in ./contrib/ldapc++/configure.in -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9494] New: Segfault after modify olcDbMaxSize w/ autogroup
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9494 Issue ID: 9494 Summary: Segfault after modify olcDbMaxSize w/ autogroup Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: louis.chanouha(a)univ-toulouse.fr Target Milestone: --- Hello, Yet another crash when modifying olcDbMaxSize. Seems not to be related to other similar reports. autogroup works fine until : - attempt to modify olcDbMaxSize - attempt to modify olcAGattrSet (segfault to, need to delete the overlay and add it again) - do not rely on olcMemberOfMemberAD (extra memberof module) requested change --------------------------------------------: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcDbMaxSize olcDbMaxSize: 4294967296 openldap logs -----------------------------------------------: 6046b5c3 ==> autogroup_db_close 6046b5c3 ==> autogroup_db_close 6046b5c3 mdb_db_open: database "dc=domain,dc=fr": dbenv_open(/var/lib/ldap). 6046b5c3 ==> autogroup_db_open 6046b5c3 ==> autogroup_build_def_filter put_filter: "(objectClass=groupOfURLs)" put_filter: simple put_simple_filter: "objectClass=groupOfURLs" ber_scanf fmt ({mm}) ber: 6046b5c3 => mdb_search 6046b5c3 mdb_dn2entry("dc=domain,dc=fr") 6046b5c3 => mdb_dn2id("dc=domain,dc=fr") 6046b5c3 <= mdb_dn2id: got id=0x1 6046b5c3 => mdb_entry_decode: 6046b5c3 <= mdb_entry_decode 6046b5c3 search_candidates: base="dc=domain,dc=fr" (0x00000001) scope=2 6046b5c3 => mdb_equality_candidates (objectClass) 6046b5c3 => key_read 6046b5c3 <= mdb_index_read: failed (-30798) 6046b5c3 <= mdb_equality_candidates: id=0, first=0, last=0 6046b5c3 => mdb_equality_candidates (objectClass) 6046b5c3 => key_read 6046b5c3 <= mdb_index_read 5 candidates 6046b5c3 <= mdb_equality_candidates: id=5, first=18173, last=18177 6046b5c3 mdb_search_candidates: id=5 first=18173 last=18177 6046b5c3 => mdb_entry_decode: 6046b5c3 <= mdb_entry_decode 6046b5c3 ==> autogroup_group_add_cb <cn=cxxx,ou=groups,dc=domain,dc=fr> 6046b5c3 ==> autogroup_add_group <cn=xxx,ou=groups,dc=domain,dc=fr> Thread 3 "slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7feb7d42c700 (LWP 37453)] GDB dump -------------------------------------- (gdb) info frame Stack level 0, frame at 0x7feb7d297fd0: rip = 0x55b4569bcba0 in dnMatch; saved rip = 0x7feb9e5f768b called by frame at 0x7feb7d298070 Arglist at 0x7feb7d297f88, args: Locals at 0x7feb7d297f88, Previous frame's sp is 0x7feb7d297fd0 Saved registers: rbx at 0x7feb7d297f98, rbp at 0x7feb7d297fa0, r12 at 0x7feb7d297fa8, r13 at 0x7feb7d297fb0, r14 at 0x7feb7d297fb8, r15 at 0x7feb7d297fc0, rip at 0x7feb7d297fc8 (gdb) bt #0 0x000055b4569bcba0 in dnMatch () #1 0x00007feb9e5f768b in ?? () from /usr/lib/ldap/autogroup.so.0 #2 0x00007feb9e5f98fb in ?? () from /usr/lib/ldap/autogroup.so.0 #3 0x000055b4569b6eb8 in ?? () #4 0x000055b4569b8a31 in slap_send_search_entry () #5 0x00007feb9e63dbf6 in mdb_search () from /usr/lib/ldap/back_mdb-2.4.so.2 #6 0x000055b456a16c68 in overlay_op_walk () #7 0x000055b456a16d97 in ?? () #8 0x00007feb9e5f9be0 in ?? () from /usr/lib/ldap/autogroup.so.0 #9 0x000055b456a15dd8 in ?? () #10 0x00007feb9e632eb8 in ?? () from /usr/lib/ldap/back_mdb-2.4.so.2 #11 0x000055b4569908b6 in ?? () #12 0x000055b4569be8aa in fe_op_modify () #13 0x000055b4569c0930 in do_modify () #14 0x000055b4569a66ed in ?? () #15 0x000055b4569a722c in ?? () #16 0x00007feb9fa5ea03 in ?? () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #17 0x00007feb9f990609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #18 0x00007feb9f8b7293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 cn=config overlays ---------------------------------- 22 olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: top olcOverlay: memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf 23 olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy olcPPolicyDefault: cn=orga_default,ou=Policies,dc=domain,dc=fr olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: TRUE olcPPolicyForwardUpdates: TRUE 24 olcOverlay={2}syncprov,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {2}syncprov 25 olcOverlay={3}memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf objectClass: olcConfig olcOverlay: {3}memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfNames olcMemberOfMemberAD: member 26 olcOverlay={4}autogroup,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutomaticGroups olcOverlay: {4}autogroup olcAGattrSet: {0}groupOfURLs memberURL member olcAGmemberOfAd: memberOf 27 olcOverlay={5}memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf objectClass: olcConfig olcOverlay: {5}memberof olcMemberOfDangling: ignore olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfURLs olcMemberOfMemberAD: member 28 olcOverlay={6}autogroup,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutomaticGroups olcOverlay: {6}autogroup olcAGattrSet: {0}groupOfURLs memberUidURL memberUid -- You are receiving this mail because: You are on the CC list for the issue.

1 14

[Issue 9561] New: Error doing 'make test': fails on 'test001-slapadd for mdb' test
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9561 Issue ID: 9561 Summary: Error doing 'make test': fails on 'test001-slapadd for mdb' test Product: OpenLDAP Version: 2.5.4 Hardware: x86_64 OS: FreeBSD Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: sydbarrett74(a)gmail.com Target Milestone: --- FreeBSD 13.0 x86_64 I was attempting to build the latest version in the master git branch and when I issued the 'gmake test' command, I got the following errors: >>>>> Starting test001-slapadd for mdb... running defines.sh Running slapadd to build slapd database... Fatal error 'mutex 0x801018040 own 0x0 is on list 0x5952414e49422d58 0x312e312e' at line 154 in file /usr/src/lib/libthr/thread/thr_mutex.c (errno = 0) Abort trap (core dumped) slapadd failed (134)! >>>>> test001-slapadd failed for mdb after 1 seconds (exit 134) gmake[2]: *** [Makefile:301: mdb-yes] Error 134 gmake[2]: Leaving directory '/usr/home/bsduser/openldap/tests' gmake[1]: *** [Makefile:287: test] Error 2 gmake[1]: Leaving directory '/usr/home/bsduser/openldap/tests' gmake: *** [Makefile:299: test] Error 2 Please advise. TIA. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9548] New: argon2 module is not installed
by openldap-its＠openldap.org 04 Jun '21

04 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9548 Issue ID: 9548 Summary: argon2 module is not installed Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: ryan(a)openldap.org Target Milestone: --- 2.5.4, configured with --enable-argon2. 'make install' installs the argon2 man page, but not the module itself. Confirmed by Quanah. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

← Newer
1
...
6
7
8
9
10
11
12
...
15
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2021