openldap-bugs April 2023

openldap-bugs@openldap.org

1 participants
110 discussions

[Issue 9472] New: Add datamorph overlay to core
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=9472 Issue ID: 9472 Summary: Add datamorph overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Symas will contribute its datamorph overlay to core The datamorph overlay to slapd allows attributes with a few predefined values to be saved more space-efficiently as well as signed or unsigned integer attributes. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9473] New: Add variant overlay to core
by openldap-its＠openldap.org 26 Sep '23

26 Sep '23

https://bugs.openldap.org/show_bug.cgi?id=9473 Issue ID: 9473 Summary: Add variant overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Symas will contribute its variant overlay to OpenLDAP core The variant overlay to slapd allows attributes/values to be shared between several entries. In some ways this is similar to slapo-collect with the exception that the source and target attributes can be different. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 10042] New: Crash when back-monitor search fails/is abandoned
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=10042 Issue ID: 10042 Summary: Crash when back-monitor search fails/is abandoned Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- The fix in ITS#9832 was incomplete, some paths leading to "freeout:" can have passed through monitor_cache_release already. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9993] New: Potential race condition in back-mdb online indexer
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=9993 Issue ID: 9993 Summary: Potential race condition in back-mdb online indexer Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- When the online indexer completes, it should mutex-protect its resetting of the indexing flags. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 10031] New: Conversion of slapd.conf fails using pcache
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=10031 Issue ID: 10031 Summary: Conversion of slapd.conf fails using pcache Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: stefan(a)kania-online.de Target Milestone: --- I've got the following working slapd.conf: -------------------- include /opt/symas/etc/openldap/schema/core.schema include /opt/symas/etc/openldap/schema/cosine.schema include /opt/symas/etc/openldap/schema/inetorgperson.schema include /opt/symas/etc/openldap/schema/misc.schema include /opt/symas/etc/openldap/schema/nis.schema include /opt/symas/etc/openldap/schema/msuser.schema modulepath /opt/symas/lib/openldap moduleload back_ldap moduleload back_mdb moduleload rwm.la moduleload memberof.la moduleload pcache.la loglevel any pidfile /var/symas/run/slapd.pid argsfile /var/symas/run/slapd.args database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://192.168.56.201:389" suffix "dc=example1,dc=net" rootdn "cn=admin,dc=example1,dc=net" idassert-bind bindmethod=simple mode=none binddn="CN=Administrator,cn=users,dc=example1,dc=net" credentials=Passw0rd tls_cacertdir=/opt/symas/etc/openldap tls_reqcert=never idassert-authzFrom "*" overlay rwm rwm-map attribute uid sAMAccountName rwm-map objectClass posixAccount person overlay memberof memberof-group-oc groupOfuniqueNames memberof-member-ad uniquemember memberof-dangling error overlay pcache pcache mdb 100000 6 1000 100 pcachePersist TRUE directory "/var/symas/pcache" pcacheAttrset 0 1.1 pcacheTemplate (uid=) 0 3600 pcacheTemplate (&(|(objectClass=))) 0 3600 pcacheAttrset 1 employeetype givenName cn sn uid mail pcacheTemplate (uid=) 1 3600 pcacheBind (uid=) 1 3600 sub dc=de pcacheAttrset 2 givenName cn sn uid mail uidNumber pcacheTemplate (objectClass=) 2 3600 pcacheAttrset 3 userPassword pcacheTemplate (uid=) 3 3600 pcacheTemplate (objectClass=) 2 3600 pcacheAttrset 4 employeetype givenName cn sn uid mail pcacheTemplate (uid=) 1 3600 pcacheAttrset 5 memberOf pcacheTemplate (objectClass=*) 2 3600 -------------------- Search for an entry in AD is working: ---------------------- root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b dc=example1,dc=net cn=administrator -LLL dn dn: cn=Administrator,cn=Users,dc=example1,dc=net ---------------------- Now I want convert it to cn=config but I'm getting the following error: -------------------- root@ldap-proxy01:/opt/symas/etc/openldap# slaptest -F ./my-slapd.d/ -f slapd.conf Entry (olcDatabase={0}mdb,olcOverlay={2}pcache,olcDatabase={1}ldap,cn=config): object class 'olcMdbBkConfig' requires attribute 'olcBackend' config_build_entry: build "olcDatabase={0}mdb" failed: "(null)" config file testing succeeded mdb_opinfo_get: err Permission denied(13) -------------------- When I comment out all the settings for the overlay pcache, converting slapd.conf is working, but starting slapd gives me the following error: -------------- Mär 27 20:02:03 ldap-proxy01 slapd[2042]: olcAttributeTypes: value #741 olcAttributeTypes: Duplicate attributeType: "" Mär 27 20:02:03 ldap-proxy01 slapd[2042]: config error processing cn={5}msuser,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "" Mär 27 20:02:03 ldap-proxy01 slapd[2042]: send_ldap_result: conn=-1 op=0 p=0 Mär 27 20:02:03 ldap-proxy01 slapd[2042]: send_ldap_result: err=80 matched="" text="" -------------- slapcat -n0 tells me: -------------- root@ldap-proxy01:/opt/symas/etc/openldap# slapcat -n0 olcAttributeTypes: value #741 olcAttributeTypes: Duplicate attributeType: "�p�:V" config error processing cn={5}msuser,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "�p�:V" slapcat: bad configuration file! -------------- But switching back to slapd.conf the msuser.schema makes no problems. Creating my own LDIF (without converting): -------------------------- dn: cn=config objectClass: olcGlobal cn: config olcLogLevel: any olcPidFile: /var/symas/run/slapd.pid olcArgsFile: /var/symas/run/slapd.args olcToolThreads: 1 dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /opt/symas/lib/openldap olcModuleLoad: back_mdb olcModuleLoad: back_ldap olcModuleLoad: back_monitor olcModuleLoad: argon2 include: file:///opt/symas/etc/openldap/schema/core.ldif include: file:///opt/symas/etc/openldap/schema/cosine.ldif include: file:///opt/symas/etc/openldap/schema/nis.ldif include: file:///opt/symas/etc/openldap/schema/inetorgperson.ldif include: file:///opt/symas/etc/openldap/schema/msuser.ldif dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcSizeLimit: 500 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read passwordHash: {ARGON2} dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootDN: cn=admin,cn=config olcRootPW: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to dn.subtree="cn=monitor" by dn.exact=cn=admin,cn=config read by dn.exact=cn=admin,dc=example,dc=net read by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcSuffix: dc=example1,dc=net olcAddContentAcl: FALSE olcLastMod: FALSE olcLastBind: FALSE olcLastBindPrecision: 0 olcMaxDerefDepth: 15 olcReadOnly: TRUE olcRootDN: cn=admin,dc=example1,dc=net olcSyncUseSubentry: FALSE olcMonitoring: FALSE olcDbURI: "ldap://dc-net01.example.net:389" olcDbStartTLS: none starttls=no olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical bindm ethod=simple timeout=0 network-timeout=0 binddn="cn=administrator,cn=users,dc =example1,dc=net" credentials="Passw0rd" keepalive=0:0:0 tcp-user-timeout=0 t ls_cacertdir="/opt/symas/etc/openldap" tls_reqcert=never tls_reqsan=allow tls _crlcheck=none olcDbIDAssertAuthzFrom: * olcDbRebindAsUser: TRUE olcDbChaseReferrals: FALSE olcDbTFSupport: no olcDbProxyWhoAmI: FALSE olcDbProtocolVersion: 3 olcDbSingleConn: FALSE olcDbCancel: abandon olcDbUseTemporaryConn: FALSE olcDbConnectionPoolMax: 16 olcDbSessionTrackingRequest: FALSE olcDbNoRefs: FALSE olcDbNoUndefFilter: FALSE olcDbOnErr: continue olcDbKeepalive: 0:0:0 -------------------------- msuser is working, no error about duplicate attributeType. System ist Debian 11 with symas-packages OpenLDAP 2.6 -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 10039] New: configure fails to detect SSL_export_keying_material_early with LibreSSL
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=10039 Issue ID: 10039 Summary: configure fails to detect SSL_export_keying_material_early with LibreSSL Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: orbea(a)riseup.net Target Milestone: --- Created attachment 957 --> https://bugs.openldap.org/attachment.cgi?id=957&action=edit config.log When configuring OpenLDAP using --with-tls=openssl with LibreSSL the configure will fail to detect SSL_export_keying_material_early since LibreSSL doesn't support this function yet. However OpenLDAP doesn't actually use this function so this can be easily solved by checking for SSL_library_init which is a more standard function which both OpenSSL and LibreSSL support which OpenLDAP actually uses in libraries/libldap/tls_o.c. checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package Other than this the build succeeds correctly with at least LibreSSL 3.7. -- You are receiving this mail because: You are on the CC list for the issue.

1 21

[Issue 9995] New: Potential memory leak in clients/tools/ldapdelete.c
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=9995 Issue ID: 9995 Summary: Potential memory leak in clients/tools/ldapdelete.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: 1061499390(a)qq.com Target Milestone: --- Version: Github:master Potential memory leak in ldapdelete.c line 384.Calling ldap_search_ext_s() without calling ldap_msgfree() to free the memory will cause a memory leak. Doc says "Note that res parameter of ldap_search_ext_s() and ldap_search_s() should be freed with ldap_msgfree() regardless of return value of these functions." in https://www.openldap.org/software/man.cgi?query=ldap_search_ext_s&apropos=0… -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10032] New: at_add returns a free'd pointer on error
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=10032 Issue ID: 10032 Summary: at_add returns a free'd pointer on error Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When an invalid schema is provided (e.g. the current ./servers/slapd/schema/msuser.schema of memberof/dynlist is loaded already), at_add() hits error handling and frees at->at_oid, but that string is being returned in *err. A fix is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9989] New: «make clean» shall not delete libraries/libldap/ldap.pc and libraries/liblber/lber.pc
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=9989 Issue ID: 9989 Summary: «make clean» shall not delete libraries/libldap/ldap.pc and libraries/liblber/lber.pc Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- «./configure» and «./config.status» do create ./libraries/libldap/ldap.pc, ./libraries/liblber/lber.pc, while «make clean» deletes both .pc files. «make install» fails, if ./libraries/libldap/ldap.pc or ./libraries/liblber/lber.pc are missing. «./configure && make clean && make depend && make install» is a valid workflow for many other (autoconf/automake based) projects. ./libraries/libldap/ldap.pc and ./libraries/liblber/lber.pc shall be deleted by «make distclean», and kept by «make clean». See also https://www.gnu.org/prep/standards/html_node/Standard-Targets.html for the idea behind «make clean» vs «make distclean». -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 10028] New: crash with pwdMinDelay
by openldap-its＠openldap.org 10 Jul '23

10 Jul '23

https://bugs.openldap.org/show_bug.cgi?id=10028 Issue ID: 10028 Summary: crash with pwdMinDelay Product: OpenLDAP Version: 2.5.14 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hamano(a)osstech.co.jp Target Milestone: --- slapd crash when using pwdMinDelay of ppolicy. The cause is that slap_timestamp() writes to undefined area. It has already been fixed. backtrace: ``` (gdb) bt #0 0x00007f2c70bdbaff in raise () from /lib64/libc.so.6 #1 0x00007f2c70baeea5 in abort () from /lib64/libc.so.6 #2 0x00007f2c70baed79 in __assert_fail_base.cold.0 () from /lib64/libc.so.6 #3 0x00007f2c70bd4456 in __assert_fail () from /lib64/libc.so.6 #4 0x0000000000499fdf in entry_schema_check (op=<optimized out>, op@entry=0x7f2c2a9a9ff0, e=<optimized out>, e@entry=0x7f2c20001d30, oldattrs=<optimized out>, oldattrs@entry=0x7f2c20001d30, manage=0, add=add@entry=0, socp=socp@entry=0x7f2c2a9a99d8, text=0x7f2c2a9a9f30, textbuf=0x7f2c2a9a9b40 "", textlen=256) at ../../../servers/slapd/schema_check.c:89 #5 0x00000000004f5dc1 in mdb_modify_internal (op=<optimized out>, op@entry=0x7f2c2a9a9ff0, tid=tid@entry=0x11dc8c0, modlist=<optimized out>, e=<optimized out>, e@entry=0x7f2c2a9a9ac0, text=text@entry=0x7f2c2a9a9f30, textbuf=textbuf@entry=0x7f2c2a9a9b40 "", textlen=256) at ../../../../servers/slapd/back-mdb/modify.c:419 #6 0x00000000004f6cfa in mdb_modify (op=0x7f2c2a9a9ff0, rs=0x7f2c2a9a9f10) at ../../../../servers/slapd/back-mdb/modify.c:714 #7 0x00000000004d5833 in overlay_op_walk (op=0x7f2c2a9a9ff0, rs=0x7f2c2a9a9f10, which=<optimized out>, oi=0xfc1a00, on=0x0) at ../../../servers/slapd/backover.c:706 #8 over_op_func (op=0x7f2c2a9a9ff0, rs=0x7f2c2a9a9f10, which=op_modify) at ../../../servers/slapd/backover.c:766 #9 0x00007f2c6be56a95 in ppolicy_bind_response (op=<optimized out>, rs=0x7f2c2a9aa730) at ../../../../servers/slapd/overlays/ppolicy.c:1827 #10 0x0000000000475878 in slap_response_play (op=0x7f2c201039a0, rs=0x7f2c2a9aa730) at ../../../servers/slapd/result.c:567 #11 send_ldap_response (op=op@entry=0x7f2c201039a0, rs=rs@entry=0x7f2c2a9aa730) at ../../../servers/slapd/result.c:642 #12 0x0000000000475f2c in slap_send_ldap_result (op=0x7f2c201039a0, rs=0x7f2c2a9aa730) at ../../../servers/slapd/result.c:918 #13 0x000000000052b6cf in mdb_bind (op=0x7f2c201039a0, rs=0x7f2c2a9aa730) at ../../../../servers/slapd/back-mdb/bind.c:148 #14 0x00000000004d5833 in overlay_op_walk (op=0x7f2c201039a0, rs=0x7f2c2a9aa730, which=<optimized out>, oi=0xfc1a00, on=0x0) at ../../../servers/slapd/backover.c:706 #15 over_op_func (op=0x7f2c201039a0, rs=0x7f2c2a9aa730, which=op_bind) at ../../../servers/slapd/backover.c:766 #16 0x00000000004824f2 in fe_op_bind (op=0x7f2c201039a0, rs=0x7f2c2a9aa730) at ../../../servers/slapd/bind.c:383 #17 0x00000000004822ea in do_bind (op=0x7f2c201039a0, rs=0x7f2c2a9aa730) at ../../../servers/slapd/bind.c:206 #18 0x0000000000466847 in connection_operation (ctx=<optimized out>, ctx@entry=0x7f2c2a9aa9b8, arg_v=arg_v@entry=0x7f2c201039a0) at ../../../servers/slapd/connection.c:1113 #19 0x0000000000465ec1 in connection_read_thread (ctx=<optimized out>, argv=0x11) at ../../../servers/slapd/connection.c:1265 #20 0x00007f2c72d5ea22 in ldap_int_thread_pool_wrapper (xpool=<optimized out>) at ../../../libraries/libldap/tpool.c:1053 #21 0x00007f2c70f5b1cf in start_thread () from /lib64/libpthread.so.0 #22 0x00007f2c70bc6e73 in clone () from /lib64/libc.so.6 ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 4

← Newer
1
...
5
6
7
8
9
10
11
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2023