openldap-bugs May 2023

openldap-bugs@openldap.org

1 participants
122 discussions

[Issue 8447] LMDB: Overwriting values in MDB_DUPSORT databases broken
by openldap-its＠openldap.org 25 May '23

25 May '23

https://bugs.openldap.org/show_bug.cgi?id=8447 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Fixed in RE0.9: • 76bad923 by Howard Chu at 2023-05-25T19:33:44+00:00 ITS#8447 fix cursor_put(MDB_CURRENT) on DUPSORT DB with different-sized data -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9736] New: pwrite bug in OSX breaking LMDB promise about the maximum value size
by openldap-its＠openldap.org 22 May '23

22 May '23

https://bugs.openldap.org/show_bug.cgi?id=9736 Issue ID: 9736 Summary: pwrite bug in OSX breaking LMDB promise about the maximum value size Product: LMDB Version: unspecified Hardware: All OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: renault.cle(a)gmail.com Target Milestone: --- Hi, I was working with LMDB and found an issue when trying to write a value of approximately 3.3GiB in the database, I dive into the LMDB source code of the mdb_put method using the lldb debugger and found out that it was not related to an issue in LMDB itself but rather a bug in the pwrite function of the Mac OS libc implementation. The pwrite function is given four parameters, the file descriptor, the buffer, the count of bytes to write from the buffer and, the offset of where to write it in the file. On Mac OS the count of bytes is a size_t that must be a 64bits unsigned integer but when you call pwrite with a number bigger or equal to 2^31 it returns an error 22 (invalid argument). LMDB was returning a 22 error from the mdb_put call and not an EINVAL because the error was cause by an internal issue and not something catchable by LMDB. I am not sure about what we can do, can we implement this single pwrite [1] as multiple pwrite with counts smaller than 2^31 in a loop, just for Mac OS? Like for Windows where we do specific things for this operating system too? I also found this issue on the RocksDB repository [2] about a similar problem they have with pwrite and write on Mac OS it seems. I understand that this is not a real promise that LMDB is specifying but rather an "in theory" rule [3]. Thank you for your time, kero [1]: https://github.com/LMDB/lmdb/blob/01b1b7dc204abdf3849536979205dc9e3a0e3ece/… [2]: https://github.com/facebook/rocksdb/issues/5169 [3]: http://www.lmdb.tech/doc/group__mdb.html#structMDB__val -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10055] New: EOS EOL
by openldap-its＠openldap.org 19 May '23

19 May '23

https://bugs.openldap.org/show_bug.cgi?id=10055 Issue ID: 10055 Summary: EOS EOL Product: OpenLDAP Version: 2.4.44 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: andrew.hudson(a)rtx.com Target Milestone: --- Hello, I work with Raytheon Intelligence and Space. I just have a quick question. I am in charge of keeping track of the software that is on my program's environment. We are on version 2.4.44. I am just wondering what the End of Support and the end of life of this version. Thank you very much. Andrew Hudson -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 4501] jdbcldap: use of enum reserved work (Java 1.5)
by openldap-its＠openldap.org 15 May '23

15 May '23

https://bugs.openldap.org/show_bug.cgi?id=4501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 4501] jdbcldap: use of enum reserved work (Java 1.5)
by openldap-its＠openldap.org 15 May '23

15 May '23

https://bugs.openldap.org/show_bug.cgi?id=4501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • f200ebd2 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Set javac source="8". • 578fba58 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Delete unused class Compare. JDK 1.5 removed the String.compareTo(Object) method so this class won't compile anymore, but luckily it's unused and can simply be deleted. • fa6c4c44 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Replace use of 'enum' as an identifier. Java 1.5 made 'enum' a keyword, which may not be used as an identifier. • 339120d5 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Replace use of deprecated class StringBufferInputStream. JDK 1.1 deprecated class StringBufferInputStream because it does not properly convert characters into bytes. • f494f56d by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Replace call to deprecated LDAPConnection.bind() method. JLDAP Sep_ndk_2003 deprecated LDAPConnection.bind(int, String, String) in favour of LDAPConnection.bind(int, String, byte[]). • 70b87f22 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Replace call to deprecated File.toURL() method. JDK 6 deprecated File.toURL() in favour of File.toURI().toURL() because it does not automatically escape characters that are illegal in URLs. • 44c3341b by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Add @Deprecated annotations to deprecated interface methods. JDK 1.5 deprecated these interface methods so they should be annotated as deprecated also in this implementation of that interface. • 25e88de0 by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Use full package name to disambiguate ambiguous reference. JDK 8 introduced java.util.Base64 which has the same class name as com.novell.ldap.util.Base64 which this code calls. • 762419dc by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Add java.sql interface methods introduced by JDK 6. • 8432fbfe by Fredrik Roubert at 2023-02-18T18:27:29+01:00 ITS#4501 Add java.sql interface methods introduced by JDK 7. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10053] New: liblber/idtest.c (and psap.h dependency) irrelevant to OpenLDAP
by openldap-its＠openldap.org 15 May '23

15 May '23

https://bugs.openldap.org/show_bug.cgi?id=10053 Issue ID: 10053 Summary: liblber/idtest.c (and psap.h dependency) irrelevant to OpenLDAP Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- configure.ac checks for psap.h presence, the only user being liblber's idtest.c - a test program that uses none of liblber API and claims to be part of ISODE X.500 code. I'm tempted to remove the configure check and the source file, letting that project adopt it if they still use it for something. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 4501] jdbcldap: use of enum reserved work (Java 1.5)
by openldap-its＠openldap.org 10 May '23

10 May '23

https://bugs.openldap.org/show_bug.cgi?id=4501 --- Comment #10 from Shawn McKinney <smckinney(a)symas.com> --- (In reply to Fredrik Roubert from comment #9) > I never managed to find any documentation about what JAR files were needed, > so instead I used guesswork and Google to come up with this list on my own > for building with JDK 1.4.2: > > ant-1.7.0.jar > ant-junit-1.6.5.jar > ant-launcher-1.6.5.jar > jface-3.0.1.jar > junit-3.8.1.jar > novell-jldap-2013.08.30.1433-xplat.jar > swt-linux-gtk-3.0.1.jar > > I have no idea how correct that list might be, but at least it turned out to > be sufficent to make the build work. > > For building with JDK 8, the list becomes substantially smaller: > > jface-3.0.1.jar > novell-jldap-2013.08.30.1433-xplat.jar > swt-linux-gtk-3.0.1.jar Thanks, before I saw your reply, got it built with these (similar list): jldap-2009-10-07.jar junit-4.13.2.jar org.eclipse.jface-3.29.0.jar org.eclipse.swt.gtk.linux.x86_64-3.122.0.jar > > But I can't help wondering about JdbcLdapBrowserApp, whether that really is > something that is ever used by anyone anymore, for if it is not, you would > be able to simplify your codebase considerably by deleting all that source > code (and with that, the need for org.eclipse.swt and jfaces). Fortunately, these jars, other than jdbcldap, are recent, meaning they at least have no known CVE's outstanding? But, like you I'm left with the same thoughts. Who's using this, what parts can be sundowned, how do we test it, what to do next. -- Shawn -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 4501] jdbcldap: use of enum reserved work (Java 1.5)
by openldap-its＠openldap.org 10 May '23

10 May '23

https://bugs.openldap.org/show_bug.cgi?id=4501 --- Comment #9 from Fredrik Roubert <fredrik(a)roubert.name> --- I never managed to find any documentation about what JAR files were needed, so instead I used guesswork and Google to come up with this list on my own for building with JDK 1.4.2: ant-1.7.0.jar ant-junit-1.6.5.jar ant-launcher-1.6.5.jar jface-3.0.1.jar junit-3.8.1.jar novell-jldap-2013.08.30.1433-xplat.jar swt-linux-gtk-3.0.1.jar I have no idea how correct that list might be, but at least it turned out to be sufficent to make the build work. For building with JDK 8, the list becomes substantially smaller: jface-3.0.1.jar novell-jldap-2013.08.30.1433-xplat.jar swt-linux-gtk-3.0.1.jar But I can't help wondering about JdbcLdapBrowserApp, whether that really is something that is ever used by anyone anymore, for if it is not, you would be able to simplify your codebase considerably by deleting all that source code (and with that, the need for org.eclipse.swt and jfaces). -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10052] New: ldapsearch error "can't contact LDAP Server" <1%
by openldap-its＠openldap.org 10 May '23

10 May '23

https://bugs.openldap.org/show_bug.cgi?id=10052 Issue ID: 10052 Summary: ldapsearch error "can't contact LDAP Server" <1% Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: w3eagle(a)yahoo.com Target Milestone: --- version used: 2.4.44 that is from Amazon2 core OS: AWS Linux2 Details: Users reported occasional issues with AD server authentication with MicroStrategy. Open case with MicroStrategy and learnt then use openldap library for the AD authentication. We were able to reproduce the issue with ldapsearch like below. ldapsearch -H ldaps://$REMOTEHOST:$REMOTEPORT \ -x -D "CN=??????" \ -y pssd.txt -LLL \ -b "OU=???????" "(sAMAccountName=????)" dn We use crontab to query AD once every minute, and we were able to see a few issues each day, error rate is more than 1/1000 but less than 1/100. The error looks like below - ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Not much info was logged other than this. We tried all kinds of stuff but it didn't help, eg. the ldap.conf settings to ignore certs validation, simplify the cert folder files etc. and the like. We think perhaps the TLS might be the issue, so we setup an nginx node within the same vpc, which communicates with AD server over TLS, but terminates TLS and talk to other ec2 with clear text. We were not able to see any errors. So we have proved, for some reason, then ldapsearch over ldaps fails with a low percentage. I previously reported case 10049, but it was closed. The message is like openldap is using other components for https/tls; so possibly bugs from other libraires. So to prove this issue is indeep on openldap, I schedule the same ldapsearch on the nginx box itself. Knowing nginx was using the same openssl library (openssl 1.0.2k), we reproduced the same, ~1% "can't contact LDAP server" error, on the nginx box. So this error is perhaps more related to openldap, or perhaps Cyrus SASL? (cyrus-sasl-lib 2.1.26). My question is whether this sounds like an openldap bug. Please advise. Thanks -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10051] New: ldapsearch error can't contact LDAP <1%
by openldap-its＠openldap.org 10 May '23

10 May '23

https://bugs.openldap.org/show_bug.cgi?id=10051 Issue ID: 10051 Summary: ldapsearch error can't contact LDAP <1% Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: w3eagle(a)yahoo.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs May 2023