openldap-bugs May 2022

openldap-bugs@openldap.org

1 participants
144 discussions

[Issue 9468] New: slapd-ldap does anonymous bind even if rebind-as-user is set
by openldap-its＠openldap.org 30 Jun '22

30 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9468 Issue ID: 9468 Summary: slapd-ldap does anonymous bind even if rebind-as-user is set Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: tero.saarni(a)est.tech Target Milestone: --- When back-ldap retries bind operation after connection retry, it will do it as anonymous even if rebind-as-user is set to yes. Expected behavior is that (re)bind is done with user's credentials from the initial bind operation. I observed following (Warning: I might have understood details of the code incorrectly): When rebind-as-user is set and bind operation from client is processed, proxy will copy the credentials to ldapconn_t representing the remote LDAP connection. When remote LDAP connection is closed (e.g. by the proxy itself due to timeout), the bind credentials information is lost when freeing the old ldapconn_t. At this point, client still holds the connection to proxy and is unaware of the remote connection being lost. Proxy then re-establishes the connection and "synthetically" generates new bind itself, but since it does not have the credentials stored in memory anymore, it sends anonymous bind on behalf of the client. As a side effect, slapd currently crashes if remote server does not allow anonymous bind and responds with InvalidCredentials instead. The crash is due to assert(), which is handled in separate issue https://bugs.openldap.org/show_bug.cgi?id=9288 -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9799] New: Clearing pending ops on Bind
by openldap-its＠openldap.org 07 Jun '22

07 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9799 Issue ID: 9799 Summary: Clearing pending ops on Bind Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When slapd receives some operations before it has started processing a queued bind, those get added into conn->c_ops_pending and c_n_pending_ops is updated accordingly. Bind then eventually invokes connection_abandon() which forgets to zero out c_n_pending_ops and the connection remains unusable forever. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9857] New: add password policy
by openldap-its＠openldap.org 31 May '22

31 May '22

https://bugs.openldap.org/show_bug.cgi?id=9857 Issue ID: 9857 Summary: add password policy Product: OpenLDAP Version: 2.6.2 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: elizabeth.real(a)jpl.nasa.gov Target Milestone: --- I'm upgrading from openldap 2.4 running on RHEL7 up to 2.6.2 and RHEL8 on new hardware, apparently the way to configure password policy now is by configuring the slapd.conf file rather than loading the ppolicy schema. How do I modify that file properly? I read https://www.openldap.org/doc/admin26/overlays.html#Password%20Policies on section 12.10.2. Password Policy Configuration, what does it mean to "Instantiate the module in the database"? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9854] New: We are best digital marketing
by openldap-its＠openldap.org 26 May '22

26 May '22

https://bugs.openldap.org/show_bug.cgi?id=9854 Issue ID: 9854 Summary: We are best digital marketing Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: moldshilarious50(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9852] New: Error
by openldap-its＠openldap.org 24 May '22

24 May '22

https://bugs.openldap.org/show_bug.cgi?id=9852 Issue ID: 9852 Summary: Error Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: aarounsmind03(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9851] New: Register Problem
by openldap-its＠openldap.org 23 May '22

23 May '22

https://bugs.openldap.org/show_bug.cgi?id=9851 Issue ID: 9851 Summary: Register Problem Product: website Version: unspecified Hardware: All OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: iampupdate(a)gmail.com Target Milestone: --- https://www.bharatpostlive.com/approval-of-amendment-in-national-bio-fuel-p… -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9848] New: Test 022-ppolicy fails on master if slapd has only --enable-overlays and --with-tls=openssl
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=9848 Issue ID: 9848 Summary: Test 022-ppolicy fails on master if slapd has only --enable-overlays and --with-tls=openssl Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dstoychev(a)symas.com Target Milestone: --- **Steps to reproduce: - Checkout master ./configure --enable-overlays --with-tls=openssl make depend make make test **Current result: Test fails, here is the output: ./run test022-ppolicy Cleaning up test run directory leftover from previous run. Running ./scripts/test022-ppolicy for mdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to check that slapd is running... Testing redundant ppolicy instance... Using ldapadd to populate the database... Testing account lockout... Waiting 13 seconds for lockout to reset... Testing password expiration Waiting 10 seconds for password to expire... Resetting password to clear expired status Filling password history... Testing password history... Testing failed logins when password/policy missing... Testing forced reset... Clearing forced reset... Testing Safe modify... Testing length requirement... Testing hashed length requirement... Testing multiple password add/modify checks... Testing idle password expiration Switching to a policy with idle expiration... Waiting 15 seconds for password to expire... Reverting to Standard policy... Testing obsolete Netscape ppolicy controls... Enabling Netscape controls... Reconfiguring policy to remove grace logins... ldapmodify failed (255)! **Expected result: Test passed **Notes: - Reproducible on master branch only. - Same test passes on 2.6 branch (with the same slapd config) - Test could pass on master if other "configure" options are enabled, so make sure to use only "--enable-overlays" and "--with-tls=openssl" to reproduce -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- HEAD: • 205e2f1a by Howard Chu at 2022-05-16T13:54:08+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL RE26: • 7e7f01c3 by Howard Chu at 2022-05-16T15:09:08+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL RE25: • f3d89d62 by Howard Chu at 2022-05-16T15:11:51+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.5.13 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9838] New: Add decoding of the RFC 4517 Postal Address format
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=9838 Issue ID: 9838 Summary: Add decoding of the RFC 4517 Postal Address format Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: fredrik(a)roubert.name Target Milestone: --- No software connecting to an LDAP database through JDBC can be expected to know anything at all about LDAP, so no such software can be expected to be able to decode the RFC 4517 Postal Address format (1.3.6.1.4.1.1466.115.121.1.41). -- You are receiving this mail because: You are on the CC list for the issue.

1 5

← Newer
1
...
6
7
8
9
10
11
12
...
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2022