https://bugs.openldap.org/show_bug.cgi?id=9895
Issue ID: 9895
Summary: Increase max number of index DBs in back-mdb
Product: OpenLDAP
Version: 2.5.12
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: backends
Assignee: bugs(a)openldap.org
Reporter: hyc(a)openldap.org
Target Milestone: ---
Currently there is a hardcoded limit of 128 index DBs in back-mdb. Some sites
want more than this (although there's no evidence they actually use more than
128 attributes in all of their applications' search filters).
For 2.5/2.6 we can simply double the constant. For 2.7 consider making it
configurable.
Note that increasing the number increases the size of an LMDB transaction
structure, and also increases the time needed to initialize it whenever
creating a transaction, so it's a bad idea to just set this to an arbitrarily
large number.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9992
Issue ID: 9992
Summary: Requesting information about libraries/ldap_r
Product: OpenLDAP
Version: 2.5.12
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: bugs(a)openldap.org
Reporter: jjrobert(a)lexmark.com
Target Milestone: ---
Apologies if this is a duplicate - the tracking system seemed to glitch when I
submitted so I'm typing it up again.
We are upgrading our stack from using openldap 2.4.57 to 2.5.12 and one of our
dependencies is missing lldap_r.
I searched and only really found this, which gives me some idea of its purpose:
https://marc.info/?l=openldap-devel&m=95218635611825
Is it simply gone now, or does it exist as a separate library?
Is there any guidance on what to do if you were using it previously?
Thanks,
-Jeff
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=7933
--- Comment #8 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Thu, Jan 26, 2023 at 01:53:22PM +0000, openldap-its(a)openldap.org wrote:
> Could this be the reason why I get `attribute 'olcPasswordHash' not allowed`
> when trying to apply an .ldif file such as:
>
> dn: olcDatabase={-1}frontend,cn=config
> changetype: modify
> add: olcPasswordHash
> olcPasswordHash: {CRYPT}
>
> This has popped up in Fedora
> (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have copied
> the respective default frontend config file before this patch (see
> https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105).
As you suggest, this seems to be a Fedora packaging issue: them shipping
an out of date ldif file where they might have been able to copy it from
upstream source. Pretty sure in that case there's nothing that can be
done on the OpenLDAP project side.
Someone might need to step up and help Fedora package maintainers deal
with it if they say the existing team don't have the capacity.
Regards,
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9718
Issue ID: 9718
Summary: test022 can fail on expiry
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: build
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
>>>>> Starting test022-ppolicy for mdb...
running defines.sh
Starting slapd on TCP/IP port 9011...
Using ldapsearch to check that slapd is running...
Testing redundant ppolicy instance...
Using ldapadd to populate the database...
Testing account lockout...
Waiting 13 seconds for lockout to reset...
Testing password expiration
Waiting seconds for password to expire...
sleep: missing operand
Try 'sleep --help' for more information.
Password expiration test failed
>>>>> test022-ppolicy failed for mdb after 43 seconds
(exit 1)
The issue here is apparently that line 122-123 failed to populate the DELAY
variable.
121
122 DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \
123 -b "$USER" -E accountUsability 1.1 | sed -n -e
's/.*expire=\(\d*\)/\1/p'`
124
125 echo "Testing password expiration"
126 echo "Waiting $DELAY seconds for password to expire..."
127 sleep $DELAY
128 sleep 1
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8102
--- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
head:
• 868309c9
by Ondřej Kuzník at 2023-01-30T12:06:24+00:00
ITS#8102 Do not continue if deconfigured during pause
RE26:
• 0b2f5ad7
by Ondřej Kuzník at 2023-01-30T19:01:00+00:00
ITS#8102 Do not continue if deconfigured during pause
RE25:
• 6733fe4d
by Ondřej Kuzník at 2023-01-30T19:02:48+00:00
ITS#8102 Do not continue if deconfigured during pause
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9045
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|2.6.4 |2.5.14
Resolution|--- |FIXED
Status|IN_PROGRESS |RESOLVED
--- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
head:
• 12bf5a95
by Ondřej Kuzník at 2023-01-23T11:53:36+00:00
ITS#9045 rlock only if there may be other threads
RE26:
• 66c2b5ad
by Ondřej Kuzník at 2023-01-30T18:57:18+00:00
ITS#9045 rlock only if there may be other threads
RE25:
• 2f3b77d4
by Quanah Gibson-Mount at 2023-01-30T18:58:16+00:00
Revert "Revert "ITS#9045 Do not share cn=config entries with outside code""
This reverts commit 393308ac1c3eb9d65b682c06826d60a0bf856070.
• 5936d721
by Ondřej Kuzník at 2023-01-30T18:59:26+00:00
ITS#9045 rlock only if there may be other threads
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8698
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugs.openldap.org/s
| |how_bug.cgi?id=9990
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8698
--- Comment #3 from subbarao(a)computer.org <subbarao(a)computer.org> ---
Part of the fix for this change breaks exop overlay callbacks. Fortunately the
fix is simple, just revert the change to passwd.c. The rest works fine. Please
see ITS#9990 for more details:
https://bugs.openldap.org/show_bug.cgi?id=9990
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=7933
--- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
(In reply to nilskemail+github from comment #6)
> Could this be the reason why I get `attribute 'olcPasswordHash' not allowed`
> when trying to apply an .ldif file such as:
>
> dn: olcDatabase={-1}frontend,cn=config
> changetype: modify
> add: olcPasswordHash
> olcPasswordHash: {CRYPT}
>
> This has popped up in Fedora
> (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have
> copied the respective default frontend config file before this patch (see
> https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105).
I'd open a bug with redhat as to why they're doing this at all. {CRYPT} hashes
are not portable. If they want to support secure hashes, they should use the
ARGON2 module.
You also fail to state what version of OpenLDAP you're reporting against. This
bug was fixed in 2014, so unless RH is using an absolutely ancient version of
OpenLDAP, this would not be related. You probably should describe the issue(s)
you are encountering in a post to the openldap-technical email list
(https://lists.openldap.org)
--
You are receiving this mail because:
You are on the CC list for the issue.