openldap-bugs November 2022

openldap-bugs@openldap.org

1 participants
104 discussions

[Issue 9600] New: Rework lloadd's cn=monitor interface (connections)
by openldap-its＠openldap.org 12 Dec '22

12 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9600 Issue ID: 9600 Summary: Rework lloadd's cn=monitor interface (connections) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- At the moment, most of the lloadd's monitor entries are generated on demand for the search. To support management of the server and its connections, an entry should be created when a connection is set up and torn down accordingly. -- You are receiving this mail because: You are on the CC list for the issue.

1 11

[Issue 9948] New: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message
by openldap-its＠openldap.org 06 Dec '22

06 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9948 Issue ID: 9948 Summary: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: nikigen68(a)gmail.com Target Milestone: --- Created attachment 928 --> https://bugs.openldap.org/attachment.cgi?id=928&action=edit TLS server only supports TLSv1.3 in this case, and I would expect it to be rejected. For example: ldap.conf:: tls_ciphers ECDHE-ECDSA-CHACHA20-POLY1305 will give ClientHello with these cipher suites: TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 and supported versions: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3 Why do we have listed default TLSv1.3 ciphers? I would expect only ECDHE-ECDSA-CHACHA20-POLY1305. Also, why do we have listed TLSv1.0 and TLSv1.1 as supported versions when those are considered vulnerable? -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9955] UTF8bvnormalize() overruns
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9955 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9916] New: slapd crashes due to unaligned access in mdb.c on Linux SPARC
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9916 Issue ID: 9916 Summary: slapd crashes due to unaligned access in mdb.c on Linux SPARC Product: OpenLDAP Version: 2.6.3 Hardware: Other OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: glaubitz(a)physik.fu-berlin.de Target Milestone: --- The testsuite of the openldap package in Debian unstable fails on sparc64 with a "bus error" which indicates an unaligned access [1]: >>>>> Test succeeded >>>>> 00:00:02 Finished test000-rootdse for mdb after 1 seconds. >>>>> 00:00:02 Starting test001-slapadd for mdb... running defines.sh Running slapadd to build slapd database... Bus error slapadd failed (138)! >>>>> 00:00:03 Failed test001-slapadd for mdb after 1 seconds (exit 138) Building openldap from git and running the affected test with GDB results in the following backtrace: (gdb) bt #0 0x00000100000cc36c in mdb_node_add (mc=0x100004316e8, indx=<optimized out>, key=0x7feffffe570, data=0x7feffffe560, pgno=0, flags=0) at ./../../../libraries/liblmdb/mdb.c:7358 #1 0x00000100000d0894 in mdb_cursor_put (mc=0x100004316e8, key=0x7feffffe570, data=0x7feffffe560, flags=16) at ./../../../libraries/liblmdb/mdb.c:6960 #2 0x00000100000d1224 in mdb_cursor_put (mc=0x10000431560, key=0x7feffffe6b0, data=0x7feffffe6c0, flags=36) at ./../../../libraries/liblmdb/mdb.c:7007 #3 0x00000100000f0d24 in mdb_dn2id_add (op=0x7feffffea28, mcp=0x10000431560, mcd=0x100004267a0, pid=<optimized out>, nsubs=<optimized out>, upsub=<optimized out>, e=0x1000044c6b8) at dn2id.c:141 #4 0x00000100000dd79c in mdb_tool_next_id (op=0x7feffffea28, tid=<optimized out>, e=0x1000044c6b8, text=0x7feffffec78, hole=<optimized out>) at tools.c:519 #5 0x00000100000de67c in mdb_tool_entry_put (be=0x100003d9080, e=0x1000044c6b8, text=0x7feffffec78) at tools.c:731 #6 0x00000100000b72f4 in slapadd (argc=<optimized out>, argv=<optimized out>) at slapadd.c:453 #7 0x0000010000016858 in main (argc=<optimized out>, argv=0x7fefffff438) at main.c:540 (gdb) This was reproduced with: $ gdb --args /home/glaubitz/openldap/servers/slapd/slapd -Ta -d 0 -f /home/glaubitz/openldap/tests/testrun/slapadd.conf -l ./testdata/test-ordered.ldif On the machine gcc202 running Debian on sparc64 in the GCC compile farm. Access to the machines in the GCC compile farm can be obtained by any developer [2]. > [1] https://buildd.debian.org/status/fetch.php?pkg=openldap&arch=sparc64&ver=2.… > [2] https://gcc.gnu.org/wiki/CompileFarm -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 9806] New: MDB_PAGE_FULL on mdb_put
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9806 Issue ID: 9806 Summary: MDB_PAGE_FULL on mdb_put Product: LMDB Version: unspecified Hardware: Other OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: casey(a)rodarmor.com Target Milestone: --- I'm using the using latest lmdb from OpenLDAP, commit e8813b12b6188d5ba5f174ff8726c438c8ca4bfd. I'm getting an MDB_PAGE_FULL error after calling `mdb_put`. If I delete the database and perform the same sequence of inserts, I get the same error in on the same mdb_put. If there's any information I can provide to help debug this, let me know. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9954] New: RE26 make test fails on riscv64
by openldap-its＠openldap.org 20 Nov '22

20 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9954 Issue ID: 9954 Summary: RE26 make test fails on riscv64 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- Created attachment 929 --> https://bugs.openldap.org/attachment.cgi?id=929&action=edit Excerpt of OBS' build log In openSUSE build system make test fails for RE26 on riscv64 (see attached file including tests/testrun/slapd.1.log). -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9950] New: Need example configuration backend-sock
by openldap-its＠openldap.org 15 Nov '22

15 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9950 Issue ID: 9950 Summary: Need example configuration backend-sock Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: earyutin(a)gmail.com Target Milestone: --- Hi all ! I set up two backends on different ports, one is a proxy for MS AD, and the second is a backend shell. I want to update to the latest version of OpenLDAP, but there is no backend shell support in the next versions. I can't find any documentation or examples that I could rely on to set up a backend for backend sock. Added the following to the files: port 389 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema modulepath /usr/lib/ldap moduleload back_ldap.la moduleload rwm.la pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://ldap.test.com" suffix "dc=test,dc=com" overlay rwm rwm-map attribute uid sAMAccountName rwm-map attribute mail proxyAddresses rebind-as-user yes access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * none port 9000 modulepath /usr/lib/ldap moduleload back_sock.la moduleload back_sock database sock suffix "dc=test,dc=com" socketpath /tmp/slapd.sock Next, I don't know where to go. Could you demonstrate a working example of running and processing scripts based on the backend-sock? I need to launch my own script that would check the second factor (should check for the presence of a certain attribute in the Active Directors directory and then skip or not skip authorization based on a given condition). Help me figure it out please.. Thank you ! -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9949] New: MDB_RDONLY txn segfaults on newly created database
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9949 Issue ID: 9949 Summary: MDB_RDONLY txn segfaults on newly created database Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: jeffrey.reynolds(a)ticketmaster.com Target Milestone: --- The very simple code will cause a seg fault. ``` auto env = create_env("env_name"); // creates the environment. not included here because this part is in rust // it will open or create the database. i don't think the problem lies in here. MDB_txn* txn{}; mdb_txn_begin(*env, nullptr, MDB_RDONLY, &txn); MDB_dbi dbi{}; mdb_dbi_open(txn, "db_name", MDB_CREATE, &dbi); ``` This segfaults on `liblmdb/mdb.c:11050`. Specifically `tracked->mc_next = *tp;` However, the problem isn't in mdb_dbi_open, it is failing because mt_cursors is never initialized. A small change ` mdb_txn_begin(*env, nullptr, 0, &txn);` and mt_cursors will be initialized with the default env->me_txn0, that has a properly initialized mt_cursors, per this line `liblmdb/mdb.c:5581`, `txn->mt_cursors = (MDB_cursor **)(txn->mt_dbs + env->me_maxdbs);` for the MDB_RDONLY transaction, it looks like it will initialize mt_cursors _if_ it happens to have a parent, `liblmdb/mdb.c:3178`, but otherwise it leaves it uninitialized. Is this a bug, or do have i have to a parent to start a readonly transaction on a new database? -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8988] Undefined Behavior in slapadd
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=8988 --- Comment #24 from Howard Chu <hyc(a)openldap.org> --- (In reply to openldap-technical(a)kolttonen.fi from comment #21) > Hello, > Spending long time on comp.lang.c should be mandatory for all C > programmers out there. It is shocking to invoke UB and not bother to fix > it, instead blaming compiler writers and C standard writers. > > Best regards, > Jokke Hämäläinen I'm quite sure I've spent more time on comp.lang.c than most people out there. https://groups.google.com/g/comp.lang.c/c/BiVJrHbtZE4/m/W1C3fC-n2pEJ https://groups.google.com/g/comp.lang.c/c/3TGIxk3epBw/m/CXVzV5aEehsJ ... I was also a gcc maintainer from gcc 1.x to 2.x days. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9946] New: TLS: could not load verify locations
by openldap-its＠openldap.org 04 Nov '22

04 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9946 Issue ID: 9946 Summary: TLS: could not load verify locations Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hrishikesh.durg(a)gmail.com Target Milestone: --- Hi, Am seeing below errors on one of ldap proxy server --ANy clue how to fix it ? =============== 635a3252 openotp_parse_conf: global: server_url = https://iad37-c-sec-afe-01.us6.oraclecloud.com:443/openotp/,https://ch3-c-s… 635a3252 openotp_parse_conf: global: soap_timeout = 10 635a3252 openotp_parse_conf: global: user_settings = ChallengeMode=No 635a3252 openotp_parse_conf: global: uid_attribute = uid, cn 635a3252 openotp_parse_conf: global: client_id = LDAP 635a3252 openotp_parse_conf: global: default_domain = oraclecloud 635a3252 openotp_parse_conf: global: server_policy = 1 635a3252 openotp_parse_conf: global: status_cache = 10 635a3252 openotp_parse_conf: global: nolock_usernames = ldapro-oci-sharedservices,ldapro-saas,ldapro-sbs 635a3252 openotp_parse_conf: global: denied_usernames = (none) 635a3252 openotp_init: Initializing libopenotp TLS: could not load verify locations (file:`/opt/ldproxy/conf/ca.crt',dir:`'). TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:175 TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:182 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:253 635a3252 main: TLS init def ctx failed: -1 635a3252 slapd stopped. 635a3252 connections_destroy: nothing to destroy. =========== Not seeing anything when checked on location specified from logs : [root@ldap-proxy-01 certs]# ls -l /opt/ldproxy total 0 drwxr-xr-x. 2 root root 48 Nov 4 08:27 logs [root@ldap-proxy-01 certs]# ============== ldap.conf file looks as below : # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on Any help /clue is much appreciated -- You are receiving this mail because: You are on the CC list for the issue.

1 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2022