openldap-bugs January 2022

openldap-bugs@openldap.org

1 participants
144 discussions

[Issue 9737] New: ldapdelete unable to prune LDAP subentries
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9737 Issue ID: 9737 Summary: ldapdelete unable to prune LDAP subentries Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: neuroc0der(a)gmail.com Target Milestone: --- ldapdelete has a builtin capability to prune LDAP subentries (RFC 3672) by utilizing LDAP subentries control when tracking children however currently that logic does not work in the code and pruning always fails with 66 / 'not allowed on non-leaf'. the test case for this is a normal parent entry which has LDAP subentry type children underneath. the patch below addresses this issue. From ba29cbf20804d1c73cc0b5ab16549c4faba75a9e Mon Sep 17 00:00:00 2001 From: Anton Bobrov <antbob(a)users.noreply.github.com> Date: Thu, 4 Nov 2021 17:27:34 +0100 Subject: [PATCH] ldapdelete unable to prune LDAP subentries --- clients/tools/ldapdelete.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index 8aa8e8c12..1a93aaadf 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -279,8 +279,13 @@ retry:; } rc = ldap_parse_result( ld, res, &code, &matcheddn, &text, &refs, &ctrls, 1 ); + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n", + prog, ldap_err2string( rc ), rc ); + return rc; + } - switch ( rc ) { + switch ( code ) { case LDAP_SUCCESS: break; @@ -292,9 +297,7 @@ retry:; /* fallthru */ default: - fprintf( stderr, "%s: ldap_parse_result: %s (%d)\n", - prog, ldap_err2string( rc ), rc ); - return rc; + break; } if( code != LDAP_SUCCESS ) { -- 2.31.1 -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9787] New: 2.6.1 segfault in slaptest when logfile-format param is set
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9787 Issue ID: 9787 Summary: 2.6.1 segfault in slaptest when logfile-format param is set Product: OpenLDAP Version: 2.6.1 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: smckinney(a)symas.com Target Milestone: --- Segfault in slaptest when any value for logfile-format is set. debug, syslog-utc, etc. This doesn’t occur during slapd startup. Only in slaptest. Observed on U20 and R8 platforms. slapd.conf ``` logfile "/var/symas/openldap-data/openldap26.log" logfile-only on # segfaults when any value for: logfile-format syslog-utc ``` Backtrace: ``` #0 0x00007f8fca27f685 in __strlen_avx2 () from /lib64/libc.so.6 #1 0x000055df6eaddedf in config_logging (c=<optimized out>) at logging.c:731 #2 0x000055df6ea9fe33 in config_set_vals (Conf=0x55df6edbe348 <config_back_cf_table+3432>, c=0x55df70bc4080) at config.c:378 #3 0x000055df6eaa3010 in read_config_file (fname=fname@entry=0x7ffe8f3a4706 "/opt/symas/etc/openldap/slapd.conf", depth=depth@entry=0, cf=cf@entry=0x0, cft=cft@entry=0x55df6edbd5e0 <config_back_cf_table>) at config.c:908 #4 0x000055df6ea98b98 in read_config (fname=fname@entry=0x7ffe8f3a4706 "/opt/symas/etc/openldap/slapd.conf", dir=dir@entry=0x0) at bconfig.c:4519 #5 0x000055df6eb29946 in slap_tool_init (progname=progname@entry=0x55df6eb50da3 "slaptest", tool=tool@entry=8, argc=4, argv=0x7ffe8f3a28f8) at slapcommon.c:682 #6 0x000055df6eb2c27e in slaptest (argc=<optimized out>, argv=<optimized out>) at slaptest.c:99 #7 0x000055df6ea8baea in main (argc=4, argv=0x7ffe8f3a28f8) at main.c:287 (gdb ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9780] New: Documenting sticky session support in 2.6
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9780 Issue ID: 9780 Summary: Documenting sticky session support in 2.6 Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- https://www.openldap.org/doc/admin26/loadbalancer.html contains the documentation for lload version 2.6. It says: • 2.6 release of lloadd will include sticky sessions (coherency). Since this is the documentation for version 2.6, the documentation shall say what is included in v2.6, not what will be included in v2.6. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9790] New: Build failure with GCC 4.1 and 4.3
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9790 Issue ID: 9790 Summary: Build failure with GCC 4.1 and 4.3 Product: OpenLDAP Version: 2.6.1 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: orgads(a)gmail.com Target Milestone: --- In file included from ../../include/lutil.h:21, from passwd.c:60: ../../include/ac/socket.h:247: error: redefinition of typedef 'Sockaddr' ../../include/ldap_pvt.h:188: error: previous declaration of 'Sockaddr' was here -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9788] New: make warns about disabling/resetting jobserver
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9788 Issue ID: 9788 Summary: make warns about disabling/resetting jobserver Product: OpenLDAP Version: 2.6.1 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: orgads(a)gmail.com Target Milestone: --- Running make -j8 issues the following warning for each directory with make 4.3: make[2]: warning: -j8 forced in submake: resetting jobserver mode. with make 4.2.1: make[3]: warning: -jN forced in submake: disabling jobserver mode. With make 3.82 there is no warning, but the jobserver flags are duplicated for each nested directory. e.g.: cd back-monitor && make -w --jobserver-fds=3,4 - --jobserver-fds=3,4 - --jobserver-fds=3,4 - --jobserver-fds=3,4 -j all On my env this is fixed by removing all the occurrences of $(MFLAGS) from build/dir.mk. MFLAGS is picked up by make when it exists, and there is no need to pass it explicitly. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9785] New: test050 deadlock
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9785 Issue ID: 9785 Summary: test050 deadlock Product: OpenLDAP Version: 2.5.11 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Running test050 in a loop sometimes results in a deadlock. Took 17 iterations on one system, was 100% on another. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9789] New: syncprov uses a thread-local counters for the detached op
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9789 Issue ID: 9789 Summary: syncprov uses a thread-local counters for the detached op Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Persistent searches routinely migrate across threads, however they keep using op->o_counters from the original search op which is meant to be thread-local. During shutdown, this counter can be destroyed as the original thread finishes, but the persistent search might still be live somewhere else. At that point, trying to acquire the destroyed sc_mutex fails and the thread usually stalls forever. slapd-asyncmeta is very likely to suffer from the same issues. A representative backtrace of this happening: Thread 3 (Thread 0x7f0b7d933640 (LWP 2928392) "slapd"): #0 futex_wait (private=0, expected=2, futex_word=0x7f0b74000ff8) at ../sysdeps/nptl/futex-internal.h:146 #3 0x00007f0b7fd17a05 in ldap_pvt_thread_mutex_lock (mutex=Locked by LWP 0) at thr_posix.c:313 #4 0x0000000000469564 in slap_send_search_entry (op=Search request conn=1003 op=1 = {...}, rs=Search entry = {...}) at result.c:1503 #5 0x00007f0b7f30561c in syncprov_sendresp (op=Search request conn=1003 op=1 = {...}, ri=0x7f0b701eb8e0, so=0x7f0b74102b20, mode=1) at syncprov.c:976 #6 0x00007f0b7f305064 in syncprov_qplay (op=Search request conn=1003 op=1 = {...}, so=0x7f0b74102b20) at syncprov.c:1028 #7 0x00007f0b7f304ecc in syncprov_qtask (ctx=0x7f0b7d932a58, arg=0x7f0b74102b20) at syncprov.c:1086 -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9584] New: cn=config replication ops/refresh should pause server
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9584 Issue ID: 9584 Summary: cn=config replication ops/refresh should pause server Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Looking into this crash: https://git.openldap.org/openldap/openldap/-/jobs/7286 The thread in question is running a plain syncrepl refresh while another thread seems to have done the same. This thread fetched the entryUUID attribute of the 'cn=config' entry as 'a' and in the meantime, that entry has been rewritten, with 'a' presumably cleaned up and returned to the pool, so addressing a->a_nvals[0] is a NULL-dereference now. This might or might not be related to the fix in ITS#8102. -- You are receiving this mail because: You are on the CC list for the issue.

1 18

[Issue 9791] New: Build failure with certain disabled features in openssl
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9791 Issue ID: 9791 Summary: Build failure with certain disabled features in openssl Product: OpenLDAP Version: 2.6.1 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: orgads(a)gmail.com Target Milestone: --- If openssl is configured with either OPENSSL_NO_MD4 or OPENSSL_NO_MD5 the build fails. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9794] New: Define behaviour for pwdChangedTime modifications
by openldap-its＠openldap.org 05 May '22

05 May '22

https://bugs.openldap.org/show_bug.cgi?id=9794 Issue ID: 9794 Summary: Define behaviour for pwdChangedTime modifications Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: david.coutadeur(a)gmail.com Target Milestone: --- This issue applies to: - draft-behera-ldap-password-policy - openldap 2.5 - openldap 2.6 It is a proposition of behaviour for pwdChangedTime modifications. modification of the draft: -------------------------- In section: "8.2.7. Policy State Updates", change this paragraph: If the value of either pwdMaxAge or pwdMinAge is non-zero, the server updates the pwdChangedTime attribute on the entry to the current time. into: If the value of either pwdMaxAge or pwdMinAge is non-zero, the server MUST update the pwdChangedTime attribute on the entry according to this workflow: Then insert a new paragraph: - if the current operation (add or modify) on the password includes adding or modifying a valid pwdChangedTime attribute, then use this pwdChangedTime. A "Valid" pwdChangedTime means a syntactically correct value, compliant with the schema, approved by access rules, and MAY require a relax control according to the schema defined in section 5.3.2. See Relax control RFC for more information: https://datatracker.ietf.org/doc/html/draft-zeilenga-ldap-relax - an invalid pwdChangedTime value MUST result in an error, and the pwdChangedTime MUST NOT be stored - in any other case, compute the current date and store it in a GeneralizedTime format Feel free to comment or propose other ideas. modification of the code: -------------------------- If this behaviour makes a consensus, it would be useful to patch both OpenLDAP 2.5 and 2.6. NOTE: current OpenLDAP 2.5 allows modifying pwdChangedTime alone, but fails to add a user with both userPassword and pwdChangedTime (it results in a duplicated pwdChangedTime error) modification of the documentation: ---------------------------------- In slapo-ppolicy, it can be useful to add a comment in "OPERATIONAL ATTRIBUTES" section: Every attribute defined as "NO-USER-MODIFICATION" SHOULD not be written by standard users. If needed, an administrator MAY modify them with the relax control. See Relax control RFC for more information: https://datatracker.ietf.org/doc/html/draft-zeilenga-ldap-relax -- You are receiving this mail because: You are on the CC list for the issue.

1 12

← Newer
1
...
4
5
6
7
8
9
10
...
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2022