openldap-bugs September 2021

openldap-bugs@openldap.org

1 participants
198 discussions

[Issue 9704] New: Failing Configuration of OpenLDAP
by openldap-its＠openldap.org 22 Sep '21

22 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9704 Issue ID: 9704 Summary: Failing Configuration of OpenLDAP Product: OpenLDAP Version: 2.5.7 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: narendra.challa(a)cscs.ch Target Milestone: --- Created attachment 845 --> https://bugs.openldap.org/attachment.cgi?id=845&action=edit Error Hi There, I am new to OpenLDAP and followed the steps mentioned in this quick start guide as it is https://www.openldap.org/doc/admin25/quickstart.html but failing the configuration of OpenLDAP. I followed the below steps on CentOS 8 with 2.5.7 and successfully installed but while configuring facing issues, please correct me if I am doing this in the wrong way. 1. Created a Linux user dedicated to OpenLDAP with the name "nchalla" which has sudo permissions. 2. Login with Root user and created a folder /u01 3. change permissions on /u01 (for time being granted 777 ( 4. change ownership of /u01 to "nchalla" 5. downloaded the tarball and extracted the OpenLDAP 2.5.7 7. downloaded the required developer libraries 8. Logged in as nchalla and navigated to the OpenLDAP 2.5.7 extracted folder and start compiling and installing with the below commands ./configure --prefix=/u01/ldap make depend make make test (all tests were passed) make install 9. Started the configuration following the below steps a. created a folder /u01/ldap/etc/slapd.d b. updated the slapd.ldif with our domain name c. navigate to /u01/ldap and executed the command below, sbin/slapadd -n 0 -F /u01/ldap/etc/slapd.d -l /u01/ldap/etc/openldap/slapd.ldif which is throwing error messages -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9701] New: OpenLDAP replica skips few items while synchronization
by openldap-its＠openldap.org 21 Sep '21

21 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9701 Issue ID: 9701 Summary: OpenLDAP replica skips few items while synchronization Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: mgkrishnan(a)gmail.com Target Milestone: --- I have an OpenLdap cluster with 6 nodes, when an item is added/deleted in the master, the synchronization kicks in and the changes are replicated to other slave nodes in the cluster, but sometimes one of the slave cluster nodes (the same node all the time) misses the updates and hence there is a difference between this slave node and the rest of the slave nodes and the master, so sometimes when the request goes to the unsynchronized slave it yields invalid results. In the problematic slave's ldap logs, there is no error information during this operation to the master which explains the miss, so cant figure out what has caused this problem, bringing down that slave and re-add does not help either. What could be the root cause of this issue ? -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

1 0

[Issue 9698] New: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9698 Issue ID: 9698 Summary: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend Product: OpenLDAP Version: 2.5.7 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- I have these databases: cn=config frontend,cn=config mdb/suffix o=A,cn=config mdb/suffix o=B,cn=confix slapd listens on port 389. I want to make sure, that • all requests to suffix o=A are served after STARTTLS, as these come from the wild internet. • all requests to suffix o=B do not have to utilize STARTTLS (ldaps), as these are local to the machine, and • if a request to the root DSE is made, without using STARTTLS, the client shall gets “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To enforce STARTTLS for suffix o=A I put there `olcSecurity: tls=1`. If I set dn: olcDatabase=frontend,cn=config olcAccess: to dn="" by tls_ssf=256 * read and the rootDSE is requested without STARTTLS, the result is just empty, rather than “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To get the “confidentiality required” for the root DSE I have to put dn: olcDatabase=frontend,cn=config olcSecurity: tls=1 or dn: cn=config olcSecurity: tls=1 It was unclear to me which one shall I use, but both serve the same purpose. Now, I want to enable no-STARTTLS to suffix o=B. I put there “olcSecurity: tls=0”. Irrespective, if only cn=config, or only olcDatabase=frontend,cn=config contain “olcSecurity: tls=1” the “olcSecurity: tls=0” in suffix o=B is not enacted. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Generally, it looks like this feature was implemented using slapd options and ignoring the slapd configured loglevel. This is problematic in that it: a) Breaks the longstanding expectation of being able to control logging via the loglevel/olcLogLevel settings in slapd.conf/cn=config b) Requires a restart to change the logging level c) Is going to be a multi-step issue on systemd based systems, as the debug level would need to be modified in the systemd overrides configuration file. I.e., one cannot simply do even a slapd restart to change the loglevel with this implementation. Generally expectation: a) loglevel continues to control logging b) it is possible to change the loglevel on the fly without restarting slapd c) It is not necessary to fiddle with the -d option to slapd to get logging. Setting -s 0 seems fine. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |--- Status|RESOLVED |CONFIRMED --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Unable to get this to work in master. Set up a generic slapd with cn=config Did an ldapmodify to set the logging options: ldapmodify -x -H ldapi:/// -D cn=config -w secret dn: cn=config changetype: modify add: olcLogFile olcLogFile: /var/symas/slapd.log - add: olcLogFileOnly olcLogFileOnly: TRUE - add: olcLogFileRotate olcLogFileRotate: 12 10 1 modifying entry "cn=config" Logfile is created, but nothing is logged to it. Restarted slapd, still nothing logged to it. Explicitly set the loglevel to stats sync Still nothing logged to it. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9697] New: healthcare software development
by openldap-its＠openldap.org 16 Sep '21

16 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9697 Issue ID: 9697 Summary: healthcare software development Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: ritesh.patil732(a)gmail.com Target Milestone: --- https://mobisoftinfotech.com/industry/healthcare-software-development -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- For reference, with the test008 config, timings for progs/slapd-tester -H ldap://:9011 -D cn=manager,dc=example,dc=com -w secret -d testdata -P progs -l 1000 -s0 -dnone 18.92 seconds -s0 -d256 23.37 seconds -s0 -d256 + rotate 27.00 seconds -s256 -dnone 45.33 seconds Logfile params were logfile testrun/logfile logfile-rotate 12 10 1 logfile-only true -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9464] New: Test suite file conf.sh tries to sed unused items
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9464 Issue ID: 9464 Summary: Test suite file conf.sh tries to sed unused items Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The conf.sh script tries to sed values that are not meant for replacement but instead are environment variables handled by run.in and defines.sh. This should be deleted from conf.sh -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9694] New: Can Delta-sync’s changelog be based on a sessionlog?
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9694 Issue ID: 9694 Summary: Can Delta-sync’s changelog be based on a sessionlog? Product: OpenLDAP Version: 2.5.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- In the replication terminology, the terms sessionlog and accesslog are used. sessionlog is created by the syncprov-overlay/syncprov-sessionlog directive; accesslog is created in first place by the accesslog overlay. Delta-syncrepl introduces an additional term: changelog. The example at https://www.openldap.org/devel/admin/replication.html#Delta-syncrepl%20Prov… uses accesslog for the changelog. The documentation is unclear, whether the changelog must be backed on accesslog-database, or it can be backed also on a sessionlog. (⇔Is delta-sync happy just with a sessionlog?) The documentation in slapo-syncprov(5) for syncprov-nopresent says “This value should only be set TRUE for a syncprov instance on top of a log database (such as one managed by the accesslog overlay).” Is sessionlog a log database? -- You are receiving this mail because: You are on the CC list for the issue.

1 4

← Newer
1
...
12
13
14
15
16
17
18
19
20
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2021