openldap-bugs October 2024

openldap-bugs@openldap.org

1 participants
124 discussions

[Issue 10267] New: stats loglevel reduction
by openldap-its＠openldap.org 15 Oct '24

15 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=10267 Issue ID: 10267 Summary: stats loglevel reduction Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: chris.paul(a)rexconsulting.net Target Milestone: --- In high volume situations, stats logging of all transactions is not worth the cost of disk space and disk iops. However, turning logging off altogether (loglevel 0) results in no visibility for errors. It would be very useful to be able to log errors only. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 10259] New: Wrong RID sends when using syncrepl provider
by openldap-its＠openldap.org 15 Oct '24

15 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=10259 Issue ID: 10259 Summary: Wrong RID sends when using syncrepl provider Product: OpenLDAP Version: 2.6.8 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: florent.david(a)gmail.com Target Milestone: --- When using a custom syncrepl consumer bind to an OpenLDAP v2.6.8 provider and it quickly appears than this provider sends to our consumer a cookie with a Replica ID different from the original one. In the logs below, we clearly see a refreshAndPersist synchronization initialized whith a RID with value 606. After a while, on the same connection, OpenLDAP syncrepl provider sends a new cookie with RID=612 66f2ea7d.3b1f8427 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_op_search: got a persistent search with a cookie=rid=606,csn=20240924154708.334351Z#000000#000#000000 66f2ea7d.3b1fafc0 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_findbase: searching 66f2ea7d.3b20ca28 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_op_search: registered persistent search 66f2ea7d.3b20e5bf 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_op_search: no change, skipping log replay 66f2ea7d.3b20ed6a 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_op_search: nothing changed, finishing up initial search early 66f2ea7d.3b20f874 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_sendinfo: refreshDelete cookie= 66f2ea7d.3b229483 0x7fa80a5fd6c0 conn=92750 op=1 syncprov_search_response: detaching op 66f2ed56.12f82965 0x7fa816dfe6c0 conn=92750 op=1 syncprov_qresp: set up a new syncres mode=4 csn=20240924164822.305028Z#000000#000#000000 66f2ed56.12fa5399 0x7fa7f58fc6c0 conn=92750 op=1 syncprov_sendinfo: sending a new cookie=rid=612,csn=20240924164822.305028Z#000000#000#000000 66f2ed8d.053d71e3 0x7fa8165fd6c0 conn=92750 op=1 syncprov_qresp: set up a new syncres mode=4 csn=20240924164917.069189Z#000000#000#000000 66f2ed8d.05405bb4 0x7fa7ed3fc6c0 conn=92750 op=1 syncprov_sendinfo: sending a new cookie=rid=612,csn=20240924164917.069189Z#000000#000#000000 Is it a normal behaviour ? Should consumer checks the Replica ID sends by OpenLDAP before storing it ? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10269] New: slap-constraint: Refactor to use a sorted array
by openldap-its＠openldap.org 15 Oct '24

15 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=10269 Issue ID: 10269 Summary: slap-constraint: Refactor to use a sorted array Product: OpenLDAP Version: 2.6.8 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- As noted in the comments for slapo-constraint: /* * Linked list of attribute constraints which we should enforce. * This is probably a sub optimal structure - some form of sorted * array would be better if the number of attributes constrained is * likely to be much bigger than 4 or 5. We stick with a list for * the moment. */ -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Bug 9204] New: slapo-constraint allows anyone to apply Relax control
by openldap-its＠openldap.org 08 Oct '24

08 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=9204 Bug ID: 9204 Summary: slapo-constraint allows anyone to apply Relax control Product: OpenLDAP Version: 2.4.49 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ryan(a)openldap.org Target Milestone: --- slapo-constraint doesn't limit who can use the Relax control, beyond the global limits applied by slapd. In practice, for many modifications this means any configured constraints are advisory only. In my opinion this should be considered a bug, in design if not implementation. I expect many admins would not read the man page closely enough to realize the behaviour does technically adhere to the letter of what's written there. Either slapd should require manage privileges for the Relax control globally, or slapo-constraint should perform a check for manage privilege itself, like slapo-unique does. Quoting ando in https://bugs.openldap.org/show_bug.cgi?id=5705#c4: > Well, a user with "manage" privileges on related data could bypass > constraints enforced by slapo-constraint(5) by using the "relax" > control. The rationale is that a user with manage privileges could be > able to repair an entry that needs to violate a constraint for good > reasons. Note that the user: > > - must have enough privileges to do it (manage) > > - must inform the DSA that intends to violate the constraint (by using > the control) but such privileges are currently not being required. -- You are receiving this mail because: You are on the CC list for the bug.

1 12

[Issue 6198] Authorization for extensions
by openldap-its＠openldap.org 08 Oct '24

08 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=6198 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ryan(a)openldap.org --- Comment #7 from Ondřej Kuzník <ondra(a)mistotebe.net> --- *** Issue 9211 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6462] DNS SRV records: ldaps ???
by openldap-its＠openldap.org 08 Oct '24

08 Oct '24

1 0

[Issue 5919] URI syntaxe (ldap:///dc=my%2cdc=domaine)
by openldap-its＠openldap.org 08 Oct '24

08 Oct '24

1 0

[Issue 9042] loglevel setting that allows seeing attribute values for MOD operations
by openldap-its＠openldap.org 08 Oct '24

08 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=9042 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7400] Memberof and Syncrepl incompatibility
by openldap-its＠openldap.org 04 Oct '24

04 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=7400 --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE26: • af4dfade by Quanah Gibson-Mount at 2024-10-04T21:53:57+00:00 ITS#7400 - Fix exattr to exattrs option -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7982] Add tls cipher suite, protocol to ldapsearch debug logging
by openldap-its＠openldap.org 04 Oct '24

04 Oct '24

https://bugs.openldap.org/show_bug.cgi?id=7982 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 139944ac by Ondřej Kuzník at 2024-09-27T14:21:20+01:00 ITS#7982 Log TLS proto+cipher suite on client side -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2024