openldap-bugs May 2022

openldap-bugs@openldap.org

1 participants
148 discussions

[Issue 9820] New: v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4)
by openldap-its＠openldap.org 04 May '22

04 May '22

https://bugs.openldap.org/show_bug.cgi?id=9820 Issue ID: 9820 Summary: v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4) Product: OpenLDAP Version: 2.6.1 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: jlbs.gregoire(a)gmail.com Target Milestone: --- Hello, Please excuse me for my bad English. Is there a bug with openldap 2.5 and 2.6 ? When I launch a ldapsearch on the whole directory, the connection is abruptly cut during the search (same problem with syncrepl). All work fine with openldap 2.4.48 and 2.4.59. Tested on Debian 10 buster and openssl 1.1.1n (also tested with openssl 1.1.1d and 1.1.1k). The directory contains over one million entries. OpenLDAP 2.6.1 compiled with the following options ./configure --prefix=/opt/openldap-2.6.1 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls /opt/openldap-2.6.1/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' ... # numResponses: 50146 # numEntries: 50146 ldap_result: Can't contact LDAP server (-1) Apr 8 21:28:37 debian slapd[20880]: @(#) $OpenLDAP: slapd 2.6.1 (Apr 8 2022 20:34:26) $#012#011root@debian:/opt/src/openldap-2.6.1/servers/slapd Apr 8 21:28:37 debian slapd[20881]: slapd starting Apr 8 21:29:12 debian slapd[20881]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.6.1/var/run/ldapi (PATH=/opt/openldap-2.6.1/var/run/ldapi) Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71 Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.000041 text= Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:29:57 debian slapd[20881]: conn=1000 fd=11 closed (idletimeout) OpenLDAP 2.5.11 compiled with the following options ./configure --prefix=/opt/openldap-2.5.11 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls /opt/openldap-2.5.11/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' ... # numResponses: 44638 # numEntries: 44638 ldap_result: Can't contact LDAP server (-1) Apr 8 21:44:18 debian slapd[21063]: @(#) $OpenLDAP: slapd 2.5.11 (Apr 8 2022 20:55:50) $#012#011root@debian:/opt/src/openldap-2.5.11/servers/slapd Apr 8 21:44:18 debian slapd[21064]: slapd starting Apr 8 21:44:45 debian slapd[21064]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.5.11/var/run/ldapi (PATH=/opt/openldap-2.5.11/var/run/ldapi) Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71 Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000045 text= Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:45:30 debian slapd[21064]: conn=1000 fd=11 closed (idletimeout) OpenLDAP 2.4.59 compiled with the following options ./configure --prefix=/opt/openldap-2.4.59 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls /opt/openldap-2.4.59/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' Apr 8 21:53:22 debian slapd[17963]: @(#) $OpenLDAP: slapd 2.4.59 (Apr 8 2022 21:51:41) $#012#011root@debian:/opt/src/openldap-2.4.59/servers/slapd Apr 8 21:53:22 debian slapd[17964]: slapd starting Apr 8 21:53:54 debian slapd[17964]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.4.59/var/run/ldapi (PATH=/opt/openldap-2.4.59/var/run/ldapi) Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0 Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 RESULT tag=97 err=0 text= Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1021397 text= Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=2 UNBIND Apr 8 22:06:02 debian slapd[17964]: conn=1000 fd=11 closed OpenLDAP 2.4.48 compiled with the following options ./configure --prefix=/opt/openldap-2.4.48 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls /opt/openldap-2.4.48/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' Apr 8 21:30:44 debian slapd[20942]: @(#) $OpenLDAP: slapd 2.4.48 (Apr 8 2022 20:58:01) $#012#011root@debian:/opt/src/openldap-2.4.48/servers/slapd Apr 8 21:30:44 debian slapd[20943]: slapd starting Apr 8 21:31:05 debian slapd[20943]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.4.48/var/run/ldapi (PATH=/opt/openldap-2.4.48/var/run/ldapi) Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0 Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 RESULT tag=97 err=0 text= Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1021397 text= Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=2 UNBIND Apr 8 21:43:15 debian slapd[20943]: conn=1000 fd=11 closed Content of slapd.conf : pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args tool-threads 2 require ldapv3 authc disallow bind_anon loglevel stats modulepath /opt/openldap/libexec/openldap moduleload back_mdb moduleload syncprov include /opt/openldap/etc/openldap/schema/core.schema include /opt/openldap/etc/openldap/schema/cosine.schema include /opt/openldap/etc/openldap/schema/inetorgperson.schema include /opt/openldap/etc/openldap/schema/dyngroup_cgi.schema include /opt/openldap/etc/openldap/schema/qmail_cgi.schema defaultsearchbase "dc=societe,dc=com" backend mdb database mdb directory "/ldap/base-ldap" suffix "dc=societe,dc=com" rootdn "cn=manager,dc=societe,dc=com" rootpw password maxsize 12884901888 mode 600 checkpoint 10240 2 dbnosync lastmod on include /opt/openldap/etc/openldap/acl.conf idletimeout 120 reverse-lookup off sizelimit 100 timelimit unlimited include /opt/openldap/etc/openldap/index.conf index_substr_if_minlen 2 index_substr_if_maxlen 4 index_substr_any_len 4 index_substr_any_step 2 When I set loglevel -1 it works correctly (but generates a very huge log file). It's very strange. If you need any further information, feel free to contact me. Jean-Loup Gregoire -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9815] Serious SQL injection vulnerability in back-sql
by openldap-its＠openldap.org 04 May '22

04 May '22

https://bugs.openldap.org/show_bug.cgi?id=9815 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9837] New: Don't throw exceptions when requesting empty integer fields
by openldap-its＠openldap.org 02 May '22

02 May '22

https://bugs.openldap.org/show_bug.cgi?id=9837 Issue ID: 9837 Summary: Don't throw exceptions when requesting empty integer fields Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: fredrik(a)roubert.name Target Milestone: --- LibreOffice Base expects to be able to call LdapResultSet.getLong() on an empty Types.INTEGER field without any exception being thrown and the exception that Long.parseLong() throws when passed an empty string will terminate the query with an error message. While I don't know if the JDBC standard says anything about how this is supposed to be handled, it seems reasonable (and harmless) for JDBC-LDAP to accomodate the existing behaviour such a popular open source software package as LibreOffice Base. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9836] New: Support for TLS is needed
by openldap-its＠openldap.org 02 May '22

02 May '22

https://bugs.openldap.org/show_bug.cgi?id=9836 Issue ID: 9836 Summary: Support for TLS is needed Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: fredrik(a)roubert.name Target Milestone: --- Using TLS is becoming increasingly more common and the LDAP library has support for this since a long time already, the JDBC connection string just needs to support a new property to allow this to be configured. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9835] New: LDAP aliases ought to always be dereferenced
by openldap-its＠openldap.org 02 May '22

02 May '22

https://bugs.openldap.org/show_bug.cgi?id=9835 Issue ID: 9835 Summary: LDAP aliases ought to always be dereferenced Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: fredrik(a)roubert.name Target Milestone: --- No software connecting to an LDAP database through JDBC can be expected to know anything at all about LDAP, so no such software can be expected to be able to do anything useful with an LDAP alias entry. LDAP aliases must therefore always be dereferenced in the JDBC driver. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 3872] Issue with norwegian UTF-8 characters JDBC Bridge
by openldap-its＠openldap.org 02 May '22

02 May '22

https://bugs.openldap.org/show_bug.cgi?id=3872 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 3872] Issue with norwegian UTF-8 characters JDBC Bridge
by openldap-its＠openldap.org 02 May '22

02 May '22

https://bugs.openldap.org/show_bug.cgi?id=3872 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 245495e9 by Fredrik Roubert at 2022-05-01T15:12:42+02:00 ITS#3872 Always decode valid UTF-8 data, never Base64 encode it. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 3872] Issue with norwegian UTF-8 characters JDBC Bridge
by openldap-its＠openldap.org 01 May '22

01 May '22

https://bugs.openldap.org/show_bug.cgi?id=3872 --- Comment #4 from Fredrik Roubert <fredrik(a)roubert.name> --- This seems to be a simple mistake for which there is a simple fix: https://git.openldap.org/openldap/jdbcldap/-/merge_requests/1 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2022