openldap-bugs November 2022

openldap-bugs@openldap.org

1 participants
117 discussions

[Issue 9942] New: back-mdb fails to release Added entries
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9942 Issue ID: 9942 Summary: back-mdb fails to release Added entries Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Detected by valgrind on test002. Appears to be a regression since some time after ITS#7915. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9895] New: Increase max number of index DBs in back-mdb
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9895 Issue ID: 9895 Summary: Increase max number of index DBs in back-mdb Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Currently there is a hardcoded limit of 128 index DBs in back-mdb. Some sites want more than this (although there's no evidence they actually use more than 128 attributes in all of their applications' search filters). For 2.5/2.6 we can simply double the constant. For 2.7 consider making it configurable. Note that increasing the number increases the size of an LMDB transaction structure, and also increases the time needed to initialize it whenever creating a transaction, so it's a bad idea to just set this to an arbitrarily large number. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9718] New: test022 can fail on expiry
by openldap-its＠openldap.org 30 Jan '23

30 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9718 Issue ID: 9718 Summary: test022 can fail on expiry Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- >>>>> Starting test022-ppolicy for mdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to check that slapd is running... Testing redundant ppolicy instance... Using ldapadd to populate the database... Testing account lockout... Waiting 13 seconds for lockout to reset... Testing password expiration Waiting seconds for password to expire... sleep: missing operand Try 'sleep --help' for more information. Password expiration test failed >>>>> test022-ppolicy failed for mdb after 43 seconds (exit 1) The issue here is apparently that line 122-123 failed to populate the DELAY variable. 121 122 DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 123 -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=$\d*$/\1/p'` 124 125 echo "Testing password expiration" 126 echo "Waiting $DELAY seconds for password to expire..." 127 sleep $DELAY 128 sleep 1 -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 9600] New: Rework lloadd's cn=monitor interface (connections)
by openldap-its＠openldap.org 12 Dec '22

12 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9600 Issue ID: 9600 Summary: Rework lloadd's cn=monitor interface (connections) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- At the moment, most of the lloadd's monitor entries are generated on demand for the search. To support management of the server and its connections, an entry should be created when a connection is set up and torn down accordingly. -- You are receiving this mail because: You are on the CC list for the issue.

1 11

[Issue 9948] New: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message
by openldap-its＠openldap.org 06 Dec '22

06 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9948 Issue ID: 9948 Summary: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: nikigen68(a)gmail.com Target Milestone: --- Created attachment 928 --> https://bugs.openldap.org/attachment.cgi?id=928&action=edit TLS server only supports TLSv1.3 in this case, and I would expect it to be rejected. For example: ldap.conf:: tls_ciphers ECDHE-ECDSA-CHACHA20-POLY1305 will give ClientHello with these cipher suites: TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 and supported versions: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3 Why do we have listed default TLSv1.3 ciphers? I would expect only ECDHE-ECDSA-CHACHA20-POLY1305. Also, why do we have listed TLSv1.0 and TLSv1.1 as supported versions when those are considered vulnerable? -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9955] UTF8bvnormalize() overruns
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9955 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9916] New: slapd crashes due to unaligned access in mdb.c on Linux SPARC
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9916 Issue ID: 9916 Summary: slapd crashes due to unaligned access in mdb.c on Linux SPARC Product: OpenLDAP Version: 2.6.3 Hardware: Other OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: glaubitz(a)physik.fu-berlin.de Target Milestone: --- The testsuite of the openldap package in Debian unstable fails on sparc64 with a "bus error" which indicates an unaligned access [1]: >>>>> Test succeeded >>>>> 00:00:02 Finished test000-rootdse for mdb after 1 seconds. >>>>> 00:00:02 Starting test001-slapadd for mdb... running defines.sh Running slapadd to build slapd database... Bus error slapadd failed (138)! >>>>> 00:00:03 Failed test001-slapadd for mdb after 1 seconds (exit 138) Building openldap from git and running the affected test with GDB results in the following backtrace: (gdb) bt #0 0x00000100000cc36c in mdb_node_add (mc=0x100004316e8, indx=<optimized out>, key=0x7feffffe570, data=0x7feffffe560, pgno=0, flags=0) at ./../../../libraries/liblmdb/mdb.c:7358 #1 0x00000100000d0894 in mdb_cursor_put (mc=0x100004316e8, key=0x7feffffe570, data=0x7feffffe560, flags=16) at ./../../../libraries/liblmdb/mdb.c:6960 #2 0x00000100000d1224 in mdb_cursor_put (mc=0x10000431560, key=0x7feffffe6b0, data=0x7feffffe6c0, flags=36) at ./../../../libraries/liblmdb/mdb.c:7007 #3 0x00000100000f0d24 in mdb_dn2id_add (op=0x7feffffea28, mcp=0x10000431560, mcd=0x100004267a0, pid=<optimized out>, nsubs=<optimized out>, upsub=<optimized out>, e=0x1000044c6b8) at dn2id.c:141 #4 0x00000100000dd79c in mdb_tool_next_id (op=0x7feffffea28, tid=<optimized out>, e=0x1000044c6b8, text=0x7feffffec78, hole=<optimized out>) at tools.c:519 #5 0x00000100000de67c in mdb_tool_entry_put (be=0x100003d9080, e=0x1000044c6b8, text=0x7feffffec78) at tools.c:731 #6 0x00000100000b72f4 in slapadd (argc=<optimized out>, argv=<optimized out>) at slapadd.c:453 #7 0x0000010000016858 in main (argc=<optimized out>, argv=0x7fefffff438) at main.c:540 (gdb) This was reproduced with: $ gdb --args /home/glaubitz/openldap/servers/slapd/slapd -Ta -d 0 -f /home/glaubitz/openldap/tests/testrun/slapadd.conf -l ./testdata/test-ordered.ldif On the machine gcc202 running Debian on sparc64 in the GCC compile farm. Access to the machines in the GCC compile farm can be obtained by any developer [2]. > [1] https://buildd.debian.org/status/fetch.php?pkg=openldap&arch=sparc64&ver=2.… > [2] https://gcc.gnu.org/wiki/CompileFarm -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 9806] New: MDB_PAGE_FULL on mdb_put
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9806 Issue ID: 9806 Summary: MDB_PAGE_FULL on mdb_put Product: LMDB Version: unspecified Hardware: Other OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: casey(a)rodarmor.com Target Milestone: --- I'm using the using latest lmdb from OpenLDAP, commit e8813b12b6188d5ba5f174ff8726c438c8ca4bfd. I'm getting an MDB_PAGE_FULL error after calling `mdb_put`. If I delete the database and perform the same sequence of inserts, I get the same error in on the same mdb_put. If there's any information I can provide to help debug this, let me know. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9954] New: RE26 make test fails on riscv64
by openldap-its＠openldap.org 20 Nov '22

20 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9954 Issue ID: 9954 Summary: RE26 make test fails on riscv64 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- Created attachment 929 --> https://bugs.openldap.org/attachment.cgi?id=929&action=edit Excerpt of OBS' build log In openSUSE build system make test fails for RE26 on riscv64 (see attached file including tests/testrun/slapd.1.log). -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9950] New: Need example configuration backend-sock
by openldap-its＠openldap.org 15 Nov '22

15 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9950 Issue ID: 9950 Summary: Need example configuration backend-sock Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: earyutin(a)gmail.com Target Milestone: --- Hi all ! I set up two backends on different ports, one is a proxy for MS AD, and the second is a backend shell. I want to update to the latest version of OpenLDAP, but there is no backend shell support in the next versions. I can't find any documentation or examples that I could rely on to set up a backend for backend sock. Added the following to the files: port 389 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema modulepath /usr/lib/ldap moduleload back_ldap.la moduleload rwm.la pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://ldap.test.com" suffix "dc=test,dc=com" overlay rwm rwm-map attribute uid sAMAccountName rwm-map attribute mail proxyAddresses rebind-as-user yes access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * none port 9000 modulepath /usr/lib/ldap moduleload back_sock.la moduleload back_sock database sock suffix "dc=test,dc=com" socketpath /tmp/slapd.sock Next, I don't know where to go. Could you demonstrate a working example of running and processing scripts based on the backend-sock? I need to launch my own script that would check the second factor (should check for the presence of a certain attribute in the Active Directors directory and then skip or not skip authorization based on a given condition). Help me figure it out please.. Thank you ! -- You are receiving this mail because: You are on the CC list for the issue.

1 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2022