openldap-bugs January 2024

openldap-bugs@openldap.org

1 participants
124 discussions

[Issue 8618] Remove deprecated -h HOST and -p PORT options from clients
by openldap-its＠openldap.org 25 Jan '24

25 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=8618 --- Comment #27 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #26) > Additionally, this was clearly documented in the UPGRADE section of the Admin guide. Specifically, in the OpenLDAP 2.5 admin guide section on upgrading from OpenLDAP 2.4 or prior releases. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8618] Remove deprecated -h HOST and -p PORT options from clients
by openldap-its＠openldap.org 25 Jan '24

25 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=8618 --- Comment #26 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to jel+git from comment #23) > 1) If one decides to drop an option, it should be > a) communicated clearly. > b) documented and alternatives shown Hello, The options were *clearly* marked as deprecated for the last 24 years in the man pages for the ldap client utilities. It appears whomever wrote the scripts in question chose to ignore this clearly documented deprecation of the options and used them anyway. Additionally, this was clearly documented in the UPGRADE section of the Admin guide. In other words, this change has been clearly communicated for years, and well documented. Perhaps in the future it would be wise to read the supplied upgrade documentation prior to performing an upgrade of software and to pay attention to deprecation notices in the software documentation instead of attacking a volunteer powered open source software project. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10159] New: Unable to Use ldapi:// - ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
by openldap-its＠openldap.org 24 Jan '24

24 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10159 Issue ID: 10159 Summary: Unable to Use ldapi:// - ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: chilimili1(a)outlook.de Target Milestone: --- Problem: When attempting to use the ldapi:// URI to interact with the OpenLDAP server using commands like ldapmodify or ldapsearch, an error is encountered: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1). Process is running # ps -aux |grep ldap ldap 9 0.0 0.4 42232968 79472 ? Sl Jan23 0:10 /usr/libexec/slapd -u ldap -h ldap:/// ldapi:/// ldaps:/// -F /etc/openldap/slapd.d -d 256 Troubleshooting Steps Taken: Verified the ldapi URI configuration. Inspected the OpenLDAP configuration using slapd.conf or cn=config. Examined ACLs and access control rules. Additional Information: OpenLDAP is running as a Docker container Docker Compose configuration includes port mappings for LDAP (3269:389) and LDAPS (3268:636). The whole configuration was migrated from a working Server Any additional insights or recommendations for resolving the ldapi connection issue would be greatly appreciated. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 8618] Remove deprecated -h HOST and -p PORT options from clients
by openldap-its＠openldap.org 24 Jan '24

24 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=8618 --- Comment #25 from Howard Chu <hyc(a)openldap.org> --- Also: the time to raise objections to a change is before the release. The 2.5 call for testing went out in April 2021. https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/… You're about 3 years late complaining about the removal of a feature deprecated 24 years ago. Demanding that volunteers work on what you want the way you want won't fly. Only people who are actively involved will have their concerns listened to. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8618] Remove deprecated -h HOST and -p PORT options from clients
by openldap-its＠openldap.org 24 Jan '24

24 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=8618 --- Comment #24 from Howard Chu <hyc(a)openldap.org> --- A reminder that the OpenLDAP Project is worked solely by volunteers. Symas does not direct the operation of the Project. They merely provide support for what the Project releases. Your criticism of Symas is wholly out of place. Meanwhile, criticizing work that was given to you for free, without you ever lifting a finger to contribute, just makes you a selfish, entitled, ungrateful ass. If you think you can run things better, then actively contribute. That is the only way that open source projects advance. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8618] Remove deprecated -h HOST and -p PORT options from clients
by openldap-its＠openldap.org 24 Jan '24

24 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=8618 --- Comment #23 from jel+git(a)linofee.org --- Just upgraded a server from Ubuntu 20.04 to 22.04, which contains 2.5.x and found out, that the options -p and -h got dropped - and requires me to adjust quite a bit of scripts because of this non-sense. This is such a poor software management and versioning, hard to believe, that anyone who allowed it to go through, has any experience in enterprise ready software. 1) If one decides to drop an option, it should be a) communicated clearly. b) documented and alternatives shown 2) If a software gets released, which has an incompatible change wrt. previous major.minor.tiny version, it should rise the major number of the software version, so that OS/Distro vendors are warned and may decide to stick with the old version. There are several options to allow -H and -h,-p side by side - openldap has chosen the worst option. This might be a hint, how poor its maintenance actually is/how bad the support by sysmas probably is. This is also a good example, that for OS/Distro vendors it is sometimes a really good thing to stick with the older version instead of switching to the "latest" stuff. Anyway, thanx for the work. =8-( -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10158] New: Linker error when building openldap-2.4.59
by openldap-its＠openldap.org 23 Jan '24

23 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10158 Issue ID: 10158 Summary: Linker error when building openldap-2.4.59 Product: OpenLDAP Version: 2.4.59 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: umagmrit(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 10013] New: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls
by openldap-its＠openldap.org 17 Jan '24

17 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10013 Issue ID: 10013 Summary: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Certain parts of the source indicate that rs->sr_ctrls shouldn't be realloc'd/free'd unless REP_CTRLS_MUSTBEFREED is set, but then other parts of slapd (slap_ctrl_whatFailed_add, glue_op_search?, ...) and overlays (ppolicy, syncprov, ...) will blindly overwrite and/or realloc it. slap_add_control() (an analog of slap_add_controls()) might be useful for this, possibly alongside some way to free the other data kept around to streamline the code other users need for correct operation. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9944] New: Reverting an olcDbACLBind statement breaks proxied write operations
by openldap-its＠openldap.org 16 Jan '24

16 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=9944 Issue ID: 9944 Summary: Reverting an olcDbACLBind statement breaks proxied write operations Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- On a system with olcDbIDAssertBind configured, and proxied authorizations working correctly, an olcDbACLBind statement was added to the configuration for lastbind support. However an incorrect identity was in place for the authzid in the ACL bind statement which caused proxy authorization to fail. The change was backed out (There was never any change to the olcDbIDAssertBind config fragment) and after that, all write operations failed instead of being proxied, with err=80. Restarting slapd fixed the issue, which indicates an underlying problem in the cn=config db in reverting to the original working state. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 10151] New: Leaks in do_syncrep2() when error handling
by openldap-its＠openldap.org 16 Jan '24

16 Jan '24

https://bugs.openldap.org/show_bug.cgi?id=10151 Issue ID: 10151 Summary: Leaks in do_syncrep2() when error handling Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Investigating the persistent CI failures in test050, I can see some memory leaks that should be tackled (if only to reduce noise). For one, when receiving an entry without a syncrepl control attached or when dealing with a concurrent thread removing that consumer, we leak our scratch data (decoded controls, modlist, ...). -- You are receiving this mail because: You are on the CC list for the issue.

1 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2024