openldap-bugs June 2021

openldap-bugs@openldap.org

1 participants
300 discussions

[Issue 9526] New: slapadd -w crashes
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9526 Issue ID: 9526 Summary: slapadd -w crashes Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Let slapd.conf is: > database mdb > suffix "o=Foo" > sync_use_subentry database is blank and we are adding this foo.ldif: > dn: o=FOO > objectClass:organization Let's load: > slapd -T add -v -l foo.ldif -w then on Solaris: > added: "o=FOO" (00000001) > Segmentation Fault (core dumped) ... on Linux: > added: "o=FOO" (00000001) > => mdb_next_id: get failed: Invalid argument (22) > => mdb_tool_next_id: next_id failed: Invalid argument (22) > => mdb_tool_entry_put: txn_aborted! Invalid argument (22) > slapadd: couldn't create context entry > Closing DB... This is because: * mdb_tool_next_id() takes dead global [tools.c`static MDB_cursor *mcp] for further operations * cursor is dead because mdb_tool_entry_put() didn't initialized it * mdb_tool_entry_put() didn't initialized cursor because it thinks it is initialized, because there is an active global [tools.c`MDB_txn *mdb_tool_txn] * transaction was initialized by mdb_tool_dn2id_get(), which doesn't care about cursors. Long story short: the global state in tools.c is not managed consistently and needs rethinking. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 6467] syncrepl enhancements
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=6467 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9552] New: slapo-accesslog should record new DN after rename
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9552 Issue ID: 9552 Summary: slapo-accesslog should record new DN after rename Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- To use accesslog as a sessionlog source, one needs to be able to resolve whether a modrdn moved an entry in/out of the search scope. Syncprov would either have to examine every modrdn request or, if accesslog were to log the final DN, it could check for entries which crossed the scope. A new attribute 'reqNewDN' should be tracked for modrdn ops. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9529] New: pcache locking issue
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9529 Issue ID: 9529 Summary: pcache locking issue Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Since ITS#6954 commit ea228495148 the consistency_check function was changed to hold the template t_rwlock for the entire duration of a query expiration. There doesn't appear to be any valid reason for this change, and it causes the cache to be unresponsive to new searches while expiration is removing cached entries. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9295] New: ppolicy and replication: pwdLockedTime replication fails to replicate
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9295 Issue ID: 9295 Summary: ppolicy and replication: pwdLockedTime replication fails to replicate Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- If you have the following setup, a replica will hit an error during replication. a) ppolicy is configured on provider(s) and replicas. Replica has schemachecking=on in its syncrepl configuration b) account gets locked on the replica, so pwdAccountLockedTime is set on the replica but not on the provider(s) c) admin does a MOD/ADD op against a provider for the user entry to add a value to pwdAccountLockedTime dn: ... changetype: modify add: pwdAccountLockedTime pwdAccountLockedTime: ... d) provider accepts this modification. e) replica rejects this modification because the resulting change means that there would be two pwdAccountLockedTime values on the account in question Generally I believe that in this scenario, the MOD/ADD on the provider should be treated as a replace OP instead of an ADD op -- You are receiving this mail because: You are on the CC list for the issue.

1 18

[Issue 9542] New: wrong OIDs for Authorization Identity Request and Response Controls
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9542 Issue ID: 9542 Summary: wrong OIDs for Authorization Identity Request and Response Controls Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- The OIDs for Authz Identity controls in ldap.h do not match the values in RFC 3829. This patch fixes it: diff --git a/include/ldap.h b/include/ldap.h index 6877d9fd11..be2d6d577a 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -273,8 +273,8 @@ typedef struct ldapcontrol { /* non-standard track controls */ #define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */ -#define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.4.16" /* RFC 3829 */ -#define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.4.15" /* RFC 3829 */ +#define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.3.4.16" /* RFC 3829 */ +#define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.3.4.15" /* RFC 3829 */ /* LDAP Content Synchronization Operation -- RFC 4533 */ #define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1" -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9530] New: double-free in options.c
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9530 Issue ID: 9530 Summary: double-free in options.c Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: norm.green(a)gemtalksystems.com Target Milestone: --- I've been seeing double-free errors in valgrind when calling ldap_set_option(lc, LDAP_OPT_DEFBASE) I tracked it down to code in ldap_create() in open.c. When we copy the global options to the new LDAP *, we create new versions of some but not all malloced options. The ldo_defbase and ldo_defbinddn option members are strings that are *not* reallocated (ldo_defbase may not be important). This diff appears to fix the problem: diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 5882b6336..0828d334e 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -139,6 +139,14 @@ ldap_create( LDAP **ldp ) ld->ld_options.ldo_defludp = NULL; ld->ld_options.ldo_conn_cbs = NULL; + /* Norm Green, April 20, 2021 - fix pointers that get copied. + * must realloc these to prevent double-free errors */ + + ld->ld_options.ldo_defbase = gopts->ldo_defbase ? + LDAP_STRDUP(gopts->ldo_defbase) : NULL; + ld->ld_options.ldo_defbinddn = gopts->ldo_defbinddn ? + LDAP_STRDUP(gopts->ldo_defbinddn) : NULL; + -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9521] New: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9521 Issue ID: 9521 Summary: libldap doesn't configure TLS1.3 ciphersuites for OpenSSL Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- OpenSSL 1.1 uses a separate API for configuring TLSv1.3 cipher suites. The current code in libldap doesn't call this API so those suites are always left at their compiled-in default. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9559] New: ldap_modify manpage LDAPMod incorrect
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=9559 Issue ID: 9559 Summary: ldap_modify manpage LDAPMod incorrect Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- ldap_modify(3) suggests that struct ldapmod has a mod_next parameter, where ldap.h defines no such thing, nor is it even mentioned in RFC1823 for what that's worth. So I think it is the manpage that needs updating. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8820] ldap_get_attribute_ber() function needs to be documented
by openldap-its＠openldap.org 03 Jun '21

03 Jun '21

https://bugs.openldap.org/show_bug.cgi?id=8820 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
...
21
22
23
24
25
26
27
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2021