openldap-bugs November 2022

openldap-bugs@openldap.org

1 participants
119 discussions

[Issue 9954] New: RE26 make test fails on riscv64
by openldap-its＠openldap.org 20 Nov '22

20 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9954 Issue ID: 9954 Summary: RE26 make test fails on riscv64 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- Created attachment 929 --> https://bugs.openldap.org/attachment.cgi?id=929&action=edit Excerpt of OBS' build log In openSUSE build system make test fails for RE26 on riscv64 (see attached file including tests/testrun/slapd.1.log). -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9950] New: Need example configuration backend-sock
by openldap-its＠openldap.org 15 Nov '22

15 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9950 Issue ID: 9950 Summary: Need example configuration backend-sock Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: earyutin(a)gmail.com Target Milestone: --- Hi all ! I set up two backends on different ports, one is a proxy for MS AD, and the second is a backend shell. I want to update to the latest version of OpenLDAP, but there is no backend shell support in the next versions. I can't find any documentation or examples that I could rely on to set up a backend for backend sock. Added the following to the files: port 389 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema modulepath /usr/lib/ldap moduleload back_ldap.la moduleload rwm.la pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://ldap.test.com" suffix "dc=test,dc=com" overlay rwm rwm-map attribute uid sAMAccountName rwm-map attribute mail proxyAddresses rebind-as-user yes access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * none port 9000 modulepath /usr/lib/ldap moduleload back_sock.la moduleload back_sock database sock suffix "dc=test,dc=com" socketpath /tmp/slapd.sock Next, I don't know where to go. Could you demonstrate a working example of running and processing scripts based on the backend-sock? I need to launch my own script that would check the second factor (should check for the presence of a certain attribute in the Active Directors directory and then skip or not skip authorization based on a given condition). Help me figure it out please.. Thank you ! -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9949] New: MDB_RDONLY txn segfaults on newly created database
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9949 Issue ID: 9949 Summary: MDB_RDONLY txn segfaults on newly created database Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: jeffrey.reynolds(a)ticketmaster.com Target Milestone: --- The very simple code will cause a seg fault. ``` auto env = create_env("env_name"); // creates the environment. not included here because this part is in rust // it will open or create the database. i don't think the problem lies in here. MDB_txn* txn{}; mdb_txn_begin(*env, nullptr, MDB_RDONLY, &txn); MDB_dbi dbi{}; mdb_dbi_open(txn, "db_name", MDB_CREATE, &dbi); ``` This segfaults on `liblmdb/mdb.c:11050`. Specifically `tracked->mc_next = *tp;` However, the problem isn't in mdb_dbi_open, it is failing because mt_cursors is never initialized. A small change ` mdb_txn_begin(*env, nullptr, 0, &txn);` and mt_cursors will be initialized with the default env->me_txn0, that has a properly initialized mt_cursors, per this line `liblmdb/mdb.c:5581`, `txn->mt_cursors = (MDB_cursor **)(txn->mt_dbs + env->me_maxdbs);` for the MDB_RDONLY transaction, it looks like it will initialize mt_cursors _if_ it happens to have a parent, `liblmdb/mdb.c:3178`, but otherwise it leaves it uninitialized. Is this a bug, or do have i have to a parent to start a readonly transaction on a new database? -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8988] Undefined Behavior in slapadd
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=8988 --- Comment #24 from Howard Chu <hyc(a)openldap.org> --- (In reply to openldap-technical(a)kolttonen.fi from comment #21) > Hello, > Spending long time on comp.lang.c should be mandatory for all C > programmers out there. It is shocking to invoke UB and not bother to fix > it, instead blaming compiler writers and C standard writers. > > Best regards, > Jokke Hämäläinen I'm quite sure I've spent more time on comp.lang.c than most people out there. https://groups.google.com/g/comp.lang.c/c/BiVJrHbtZE4/m/W1C3fC-n2pEJ https://groups.google.com/g/comp.lang.c/c/3TGIxk3epBw/m/CXVzV5aEehsJ ... I was also a gcc maintainer from gcc 1.x to 2.x days. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9946] New: TLS: could not load verify locations
by openldap-its＠openldap.org 04 Nov '22

04 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9946 Issue ID: 9946 Summary: TLS: could not load verify locations Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hrishikesh.durg(a)gmail.com Target Milestone: --- Hi, Am seeing below errors on one of ldap proxy server --ANy clue how to fix it ? =============== 635a3252 openotp_parse_conf: global: server_url = https://iad37-c-sec-afe-01.us6.oraclecloud.com:443/openotp/,https://ch3-c-s… 635a3252 openotp_parse_conf: global: soap_timeout = 10 635a3252 openotp_parse_conf: global: user_settings = ChallengeMode=No 635a3252 openotp_parse_conf: global: uid_attribute = uid, cn 635a3252 openotp_parse_conf: global: client_id = LDAP 635a3252 openotp_parse_conf: global: default_domain = oraclecloud 635a3252 openotp_parse_conf: global: server_policy = 1 635a3252 openotp_parse_conf: global: status_cache = 10 635a3252 openotp_parse_conf: global: nolock_usernames = ldapro-oci-sharedservices,ldapro-saas,ldapro-sbs 635a3252 openotp_parse_conf: global: denied_usernames = (none) 635a3252 openotp_init: Initializing libopenotp TLS: could not load verify locations (file:`/opt/ldproxy/conf/ca.crt',dir:`'). TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:175 TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:182 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:253 635a3252 main: TLS init def ctx failed: -1 635a3252 slapd stopped. 635a3252 connections_destroy: nothing to destroy. =========== Not seeing anything when checked on location specified from logs : [root@ldap-proxy-01 certs]# ls -l /opt/ldproxy total 0 drwxr-xr-x. 2 root root 48 Nov 4 08:27 logs [root@ldap-proxy-01 certs]# ============== ldap.conf file looks as below : # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on Any help /clue is much appreciated -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9945] New: Unable to import initial configuration (cn=config)
by openldap-its＠openldap.org 04 Nov '22

04 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9945 Issue ID: 9945 Summary: Unable to import initial configuration (cn=config) Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: annamariet(a)crimsonlogic.com Target Milestone: --- Created attachment 927 --> https://bugs.openldap.org/attachment.cgi?id=927&action=edit slapd.ldif I was able to install openldap 2.5.13 successfully but I was getting error below whenever I will import the initial configuration using this command: /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l /usr/local/etc/openldap/slapd.ldif Error: str2entry: entry -1 has multiple DNs "cn=config" and "cn=module,cn=config" slapadd: could not parse entry (line=1) Closing DB... In my slapd.ldif file, both DNs are enabled. Only this cn=module is throwing error while other dn e.g. dn: cn=schema,cn=config are accepted. Am I missing some packages or RPMs? dn: cn=config objectClass: olcGlobal cn: config . . . dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/local/libexec/openldap olcModuleload: back_mdb.la olcModuleload: back_ldap.la olcModuleload: back_passwd.la olcModuleload: back_shell.la . . . -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 02 Nov '22

02 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Removed from RE25 as it is missing the requisite libldap functionality to fix the issue there. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 02 Nov '22

02 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.14 |2.6.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 01 Nov '22

01 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|CONFIRMED |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • a6f3106a by Ondřej Kuzník at 2022-10-31T18:16:42+00:00 ITS#9045 Do not share cn=config entries with outside code RE26: • 99a7c141 by Ondřej Kuzník at 2022-11-01T17:05:36+00:00 ITS#9045 Do not share cn=config entries with outside code RE25: • ce7a7997 by Ondřej Kuzník at 2022-11-01T17:07:15+00:00 ITS#9045 Do not share cn=config entries with outside code -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2022