https://bugs.openldap.org/show_bug.cgi?id=9669
Issue ID: 9669
Summary: Incorrect Heimdal download site in OpenLDAP
Administrator's Guide
Product: OpenLDAP
Version: 2.5.7
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: dewayne.geraghty(a)heuristicsystems.com.au
Target Milestone: ---
In section 4.2.3 page 18 of latest OpenLDAP 2.5 Admin Guide has Heimdal
available from http://www.pdc.kth.se/heimdal/ which is a dead link.
The more correct location is
https://github.com/heimdal/heimdal
(Thank-you for your great software!)
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9646
Issue ID: 9646
Summary: slapd-meta: deprecations in 2.4: “try-propagate is
highly deprecated”
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: dpa-openldap(a)aegee.org
Target Milestone: ---
The upgrade instructions from 2.4 at
https://www.openldap.org/doc/admin25/appendix-upgrading.html says
> B.4. ldap and meta backends
>
> Several deprecated configuration directives for slapd-ldap(5) and slapd-meta(5) have been removed. Configurations using those directive must be updated to use supported directives prior to upgrade. See the slapd-ldap(5) and slapd-meta(5) man pages from OpenLDAP 2.4 for a list of deprecated directives.
The slapd-meta(5) for 2.4 says at
https://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektio…
, when I search for “deprecated”:
> tls {[try-]start|[try-]propagate}
> The try- prefix instructs the proxy to continue operations if the StartTLS operation failed; its use is highly deprecated.
...
> DEPRECATED STATEMENTS
> The following statements have been deprecated and should no longer be used.
> pseudorootdn <substitute DN in case of rootdn bind>
> Use idassert-bind instead.
>
> pseudorootpw <substitute password in case of rootdn bind>
> Use idassert-bind instead.
I object the wording “highly deprecated”. It should be “highly discouraged”.
With the current wording it is not very clear, whether the try- variants
disappeared in 2.5
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9656
Issue ID: 9656
Summary: slapd (2.5.7) crashes when ppm settings don't exist in
the schema
Product: OpenLDAP
Version: unspecified
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: ktmdms(a)gmail.com
Target Milestone: ---
using ppolicy with ppm causes slapd to crash (2.5.7. I would have selected
that as the version but it's not available to be selected) when
pwdCheckModuleArg doesn't exist in the schema and/or the full path to ppm.so
isn't defined in pwdCheckModule. at the time slapd would crash, pwdCheckModule
was set to ppm.so not the full path of /usr/local/libexec/openldap/ppm.so and
the pwdCheckModuleArg attribute didn't exist at all. whenever I would attempt
to change my user password, slapd would crash. setting the full path and
creating and setting the Arg attribute has stopped that behavior but I'm unsure
if it was simply added the attribute or some combination of setting the full
path, creating the attribute, and populating the attribute. fwiw, the
attribute is set as:
bWluUXVhbGl0eSA0Cm1heExlbmd0aCAwCmNoZWNrUkROIDEKZm9yYmlkZGVuQ2hhcnMgCmNsYXNz
LXVwcGVyQ2FzZSBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAxIDEKY2xhc3MtbG93ZXJDYXNl
IGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDEgMQpjbGFzcy1kaWdpdCAwMTIzNDU2Nzg5IDEg
MQpjbGFzcy1zcGVjaWFsIDw+LD87LjovIcKnw7klKsK1XsKoJMKjwrImw6l+IiMneyhbLXzDqGBf
XMOnXsOgQCldwrA9fSsgMSAxCgo=
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9644
Issue ID: 9644
Summary: provide a man page for ppm
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: contrib
Assignee: bugs(a)openldap.org
Reporter: david.coutadeur(a)gmail.com
Target Milestone: ---
Provide a man page for ppm
proposed PR is coming
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9648
Issue ID: 9648
Summary: 'MAXPATHLEN' undeclared on some systems
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: bugs(a)openldap.org
Reporter: git(a)freundtech.com
Target Milestone: ---
Created attachment 834
--> https://bugs.openldap.org/attachment.cgi?id=834&action=edit
Docker reproduction
I'm trying to compile OpenLDAP 2.5.7 on Alpine Linux, but have verified that
the problem exists since 2.5.4. Version 2.4.59 compiles correctly with
everything else equal.
Compilation fails with
In file included from ldap-int.h:119,
from request.c:53:
request.c: In function 'ldap_dump_connection':
../../include/ldap_pvt.h:181:25: error: 'MAXPATHLEN' undeclared (first use in
this function)
181 | #define LDAP_IPADDRLEN (MAXPATHLEN + sizeof("PATH="))
| ^~~~~~~~~~
request.c:859:17: note: in expansion of macro 'LDAP_IPADDRLEN'
859 | char from[LDAP_IPADDRLEN];
| ^~~~~~~~~~~~~~
../../include/ldap_pvt.h:181:25: note: each undeclared identifier is reported
only once for each function it appears in
181 | #define LDAP_IPADDRLEN (MAXPATHLEN + sizeof("PATH="))
| ^~~~~~~~~~
request.c:859:17: note: in expansion of macro 'LDAP_IPADDRLEN'
859 | char from[LDAP_IPADDRLEN];
| ^~~~~~~~~~~~~~
make[2]: Leaving directory '/tmp/openldap/libraries/libldap'
Thanks to JoBbZ on IRC I found out that including <ac/param.h> in ldap_pvt.h
seems to fix the issue.
My best guess as to why this fails on Alpine Linux and not on other
distributions is that Alpine uses musl instead of glibc as it's libc
implementation.
I have attacked an (unfinished) dockerfile for reproduction of the issue.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9631
Issue ID: 9631
Summary: slapd-wt tests often fail/timeout
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: backends
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
Since merging wt into master, tests started to fail ~80-90% of the time, partly
due to bugs in wt (https://git.openldap.org/openldap/openldap/-/jobs/8458) or
timeouts in CI.
I am about to remove the backend from make test for now (keeping it in
alltests), opening this issue to discuss further.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9463
Issue ID: 9463
Summary: back-wt: cumulative fix
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: backends
Assignee: bugs(a)openldap.org
Reporter: hamano(a)osstech.co.jp
Target Milestone: ---
Hi,
This is cumulative fix for back-wt.
I'm sorry to making 2.5 patch has been delayed due to we're
still using 2.4.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9692
Issue ID: 9692
Summary: Insertion rate in large groups slows unexpectedly
Product: OpenLDAP
Version: 2.5.7
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: smckinney(a)symas.com
Target Milestone: ---
Created attachment 843
--> https://bugs.openldap.org/attachment.cgi?id=843&action=edit
slapd.conf
Observed during jmeter tests[1] that perform ldapmod operations, adding members
into a group. The insertion speed decreases unexpectedly, as the size of the
group increases.
A test run starts 10 jmeter threads, each doing 1000 mods = 100,000 members
added altogether to a group.
At the beginning of the test, throughput is approximately 200/s. At the end,
the mod rate slows down to < 10/s.
Multival and sortval are enabled (slapd.conf attached):
sortvals member
multival member 500,3
*** Server info
Ubuntu20
2 CPU Cores
4GB RAM
symas-openldap-server 2.5.7-1focal1
*** To verify multival is enabled:
```
data/dc=example,dc=com# mdb_stat -s id2v .
Status of id2v
Tree depth: 1
Branch pages: 0
Leaf pages: 1
Overflow pages: 0
Entries: 746316
```
[1][ldap-load-gen](https://gitlab.symas.net/symas-public/ldap-load-gen)
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9639
Issue ID: 9639
Summary: slapd -r : what must be present in the chroot
environment
Product: OpenLDAP
Version: 2.4.59
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: dpa-openldap(a)aegee.org
Target Milestone: ---
`man slapd` -
https://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0&m…
- says that the -r option calls chroot.
Please clarify, what must be present in the chroot environment: /proc, /tmp,
/dev/shm , libc
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6949
--- Comment #19 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
head:
• 66c62841
by Howard Chu at 2021-09-30T04:23:29+01:00
ITS#6949 fixup loglevel delete, consolidate redundant code
RE26:
• e2739d9f
by Howard Chu at 2021-09-30T15:32:11+00:00
ITS#6949 fixup loglevel delete, consolidate redundant code
--
You are receiving this mail because:
You are on the CC list for the issue.