openldap-bugs December 2023

openldap-bugs@openldap.org

1 participants
94 discussions

[Issue 10101] New: Fix double file close when first TLS connection fails
by openldap-its＠openldap.org 29 Jan '24

29 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10101 Issue ID: 10101 Summary: Fix double file close when first TLS connection fails Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: florin.crisan(a)axigen.com Target Milestone: --- Created attachment 981 --> https://bugs.openldap.org/attachment.cgi?id=981&action=edit Proof of concept 1. ldap_initialize a connection with multiple URLs, the first one being LDAPS. (For example: "ldaps://server,ldap://server"). The LDAPS connection needs to successfully open the TCP connection, but fail during TLS negotiation. 2. When TLS negotiation fails, ldap_int_open_connection calls ber_int_sb_close (which closes the connections attached to the sockbuf) but fails to call ber_int_sb_destroy, so the TCP layers are still attached to the sockbuf structure. 3. When the second connection is opened, a new TCP layer is added to the sockbuf structure, but the existing one is still there. Both now point to the updated sockbuf structure, with the new file descriptor. 4. When the connection is closed, the layers attached to the sockbuf close the new file descriptor twice. This may be the same problem as https://lists.openldap.org/hyperkitty/list/openldap-devel@openldap.org/thre… -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 10123] New: Allow compilation with new compilers
by openldap-its＠openldap.org 29 Jan '24

29 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10123 Issue ID: 10123 Summary: Allow compilation with new compilers Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- With clang 16 at least, slapd fails to compile servers/slapd/controls.c (missing an include of ac/ctype.h) and emits a large amount of warnings stemming from include/ac/* redefining existing functions in a K&R way (which apparently is not compatible with C2x). A fix is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 10109] New: [slapd] Segmentation fault
by openldap-its＠openldap.org 29 Jan '24

29 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10109 Issue ID: 10109 Summary: [slapd] Segmentation fault Product: OpenLDAP Version: 2.6.6 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: sfhacker(a)hotmail.com Target Milestone: --- Created attachment 984 --> https://bugs.openldap.org/attachment.cgi?id=984&action=edit Backtrace Hi. OpenLDAP 2.6.6 built from source on Windows 10 x64. When starting the server using a basic slapd.conf file, I get a segmentation fault (see screenshot attached). Thanks in advance. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 10110] New: Chained searches skip callbacks for returned entries
by openldap-its＠openldap.org 29 Jan '24

29 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10110 Issue ID: 10110 Summary: Chained searches skip callbacks for returned entries Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Regardless of overlay ordering, slapo-chain's handling of entries returned will skip any callbacks that have been registered on the operation. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10076] New: suffixmassage in back-asyncmeta does not handle empty remote suffix correctly
by openldap-its＠openldap.org 29 Jan '24

29 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10076 Issue ID: 10076 Summary: suffixmassage in back-asyncmeta does not handle empty remote suffix correctly Product: OpenLDAP Version: 2.6.4 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: nivanova(a)symas.com Target Milestone: --- When configuring a suffixmassage directive on an asyncmeta database, a configuration like: suffixmassage "dc=example,dc=com" "" causes search requests to return error 34 "Invalid DN", because the empty remote suffix is massaged incorrectly, adding an unnecessary ",". The issue applies only to asyncmeta, on other proxies it functions correctly. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 10013] New: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls
by openldap-its＠openldap.org 17 Jan '24

17 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10013 Issue ID: 10013 Summary: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Certain parts of the source indicate that rs->sr_ctrls shouldn't be realloc'd/free'd unless REP_CTRLS_MUSTBEFREED is set, but then other parts of slapd (slap_ctrl_whatFailed_add, glue_op_search?, ...) and overlays (ppolicy, syncprov, ...) will blindly overwrite and/or realloc it. slap_add_control() (an analog of slap_add_controls()) might be useful for this, possibly alongside some way to free the other data kept around to streamline the code other users need for correct operation. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9944] New: Reverting an olcDbACLBind statement breaks proxied write operations
by openldap-its＠openldap.org 16 Jan '24

16 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=9944 Issue ID: 9944 Summary: Reverting an olcDbACLBind statement breaks proxied write operations Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- On a system with olcDbIDAssertBind configured, and proxied authorizations working correctly, an olcDbACLBind statement was added to the configuration for lastbind support. However an incorrect identity was in place for the authzid in the ACL bind statement which caused proxy authorization to fail. The change was backed out (There was never any change to the olcDbIDAssertBind config fragment) and after that, all write operations failed instead of being proxied, with err=80. Restarting slapd fixed the issue, which indicates an underlying problem in the cn=config db in reverting to the original working state. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 10137] New: Ease redefining the MDB_IDL_LOGN value
by openldap-its＠openldap.org 16 Jan '24

16 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10137 Issue ID: 10137 Summary: Ease redefining the MDB_IDL_LOGN value Product: LMDB Version: 0.9.30 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: renault.cle(a)gmail.com Target Milestone: --- Created attachment 992 --> https://bugs.openldap.org/attachment.cgi?id=992&action=edit The patch do apply to midl.h Hello, I would like to slightly change the midl.h c file to make it possible to change the MDB_IDL_LOGN define without having to fork on my side. I know it can be redefined to reduce the amount of memory allocated by LMDB. I am using the latest `mdb.master` branch version of LMDB. https://github.com/mozilla/lmdb/pull/2 -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9660] New: back-mdb Permission denied => Restore from backup
by openldap-its＠openldap.org 12 Jan '24

12 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=9660 Issue ID: 9660 Summary: back-mdb Permission denied => Restore from backup Product: OpenLDAP Version: 2.5.7 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: geert.hendrickx(a)telenetgroup.be Target Milestone: --- Cosmetic issue: When an mdb database has incorrect ownership or permissions (typically after slapadd as root), back-mdb fails with: mdb_db_open: database "dc=my-domain,dc=com" cannot be opened: Permission denied (13). Restore from backup! "Permission denied" is correct, but "Restore from backup" is maybe not the most appropriate advice. ;-) -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10125] New: mdb_load: fix loading in Append mode
by openldap-its＠openldap.org 11 Jan '24

11 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10125 Issue ID: 10125 Summary: mdb_load: fix loading in Append mode Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: tools Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- After committing/flushing a batch of writes, the cursor is not correctly reinitialized in Append mode. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2023