openldap-bugs February 2024

openldap-bugs@openldap.org

1 participants
83 discussions

[Issue 10100] New: Non-sequential timestamps being logged on Windows
by openldap-its＠openldap.org 16 Feb '24

16 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10100 Issue ID: 10100 Summary: Non-sequential timestamps being logged on Windows Product: OpenLDAP Version: 2.6.6 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: smckinney(a)symas.com Target Milestone: --- Presents as a dsync during replication. Consumer will log ``` 650af021.2eadd901 0000000000001b40 slap_queue_csn: queueing 0000000002ac1620 20230920131409.992477Z#000000#001#000000 650af021.2eaed239 0000000000001b40 slap_graduate_commit_csn: removing 0000000002ac1620 20230920131409.992477Z#000000#001#000000 650af021.317b2a35 000000000000185c do_syncrep2: rid=102 CSN too old, ignoring 20230920131409.040136Z#000000#001#000000 (uid=slapd-test1-FOO1-6,ou=People,dc=example,dc=com) ``` The entry was not be added. The provider will log messages using non-sequential timestamps. For example, when grepping the CSN from above (in provider log): ``` # This: 650af021.3b3060d9 0000000000001ad8 conn=1001 op=1 syncprov_sendresp: to=002, cookie=rid=102,sid=001,csn=20230920131409.992477Z#000000#001#000000 # and: 650af021.02648749 0000000000001810 slap_get_csn: conn=1003 op=7 generated new csn=20230920131409.040136Z#000000#001#000000 manage=1 ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 7400] Memberof and Syncrepl incompatibility
by openldap-its＠openldap.org 15 Feb '24

15 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=7400 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • ab55c7fd by Howard Chu at 2024-02-06T01:22:58+00:00 ITS#7400 memberof: note consumers must use exattr RE26: • 6b81fca5 by Howard Chu at 2024-02-15T17:56:24+00:00 ITS#7400 memberof: note consumers must use exattr -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9823] New: syncprov doesn't fallback when deltasync consumer's offline beyond accesslog depth
by openldap-its＠openldap.org 15 Feb '24

15 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=9823 Issue ID: 9823 Summary: syncprov doesn't fallback when deltasync consumer's offline beyond accesslog depth Product: OpenLDAP Version: 2.6.1 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: smckinney(a)symas.com Target Milestone: --- Configured w/ deltasync. When a consumer goes offline for a duration exceeding the the logpurge interval, won't fallback into syncrepl, resulting in a dsync. -- You are receiving this mail because: You are on the CC list for the issue.

1 17

[Issue 10178] New: deltaMPR conflict resolution issues
by openldap-its＠openldap.org 15 Feb '24

15 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10178 Issue ID: 10178 Summary: deltaMPR conflict resolution issues Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review, replication Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Created attachment 1013 --> https://bugs.openldap.org/attachment.cgi?id=1013&action=edit Illustation environment When a data conflict is introduced (multiple writes to the same entry in different providers), there are three different strategies and they are incompatible, see the attached test script for an example. 1. DeltaMPR providers have access to accesslog and reinterpret the operation as if it happened in CSN order 2. Delta consumers (olcMultiProvider: FALSE) have the above code disabled so have to accept the accesslog entry as-is, but the entry represents the original, not reinterpreted write 3. plain syncrepl - just ignores the out of order version This *cannot* (and does not) mesh well as at least 1. and 3. are always around in deltaMPR. -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 10160] New: Add negset and negurl for slapo-constraint
by openldap-its＠openldap.org 13 Feb '24

13 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10160 Issue ID: 10160 Summary: Add negset and negurl for slapo-constraint Product: OpenLDAP Version: 2.6.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: manu(a)netbsd.org Target Milestone: --- Created attachment 1003 --> https://bugs.openldap.org/attachment.cgi?id=1003&action=edit Add negset and negurl for slapo-constraint Add negset and negurl constraints for slapo-constraint. THe two new types are logical not of set and url. They will fire a constraint violation if the set or LDAP URL query is non empty. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10163] New: Cleanup configure/test integration
by openldap-its＠openldap.org 13 Feb '24

13 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10163 Issue ID: 10163 Summary: Cleanup configure/test integration Product: OpenLDAP Version: 2.6.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- The sed commandline configure uses to perform substitutions is getting unwieldy and may be exceeding platform limits on various systems. All of the BUILD_xxx substitutions for overlays are only used in tests/run.in. They could be completely removed, and instead each of the enabled overlays could be emitted into a separate file that just gets included by the test scripts. There's no need for them to be part of the sed invocation at all. There's also leftover BUILD_xxx cruft from backends that we've removed (e.g. back-shell BUILD_SHELL) that nothing else in the tree references any more. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10169] New: Add support for token only authentication with otp overlay
by openldap-its＠openldap.org 13 Feb '24

13 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10169 Issue ID: 10169 Summary: Add support for token only authentication with otp overlay Product: OpenLDAP Version: 2.6.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Currently the OTP overlay is password + token. It would be nice to be able to configure it so it can run in a token only mode, similar to the slapo-totp overlay in contrib. This would allow us to have a project supported solution and retire that contrib module. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10174] New: Fails to authenticate user against Active directory if double space is present in the user's DN in AD
by openldap-its＠openldap.org 12 Feb '24

12 Feb '24

https://bugs.openldap.org/show_bug.cgi?id=10174 Issue ID: 10174 Summary: Fails to authenticate user against Active directory if double space is present in the user's DN in AD Product: OpenLDAP Version: 2.4.44 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: codedriller(a)gmail.com Target Milestone: --- In a proxy configuration when using Meta backend to connect to Active directory, an AD user can't be authenticated through OpenLDAP if there is a double space somewhere in his or her Active directory's DN, for example: CN=John Doe,OU=IT Department,DC=example,DC=com. I'm no LDAP expert but I suppose that the reason for this is that after slapd does initial samAccountName search, it normalizes the found DN including removing a double space according to RFC 2252 paragraph 8.1., then the bind attempt is made using the normalized DN and it fails, because Active directory has no built-in double space removal (or it can be disabled somehow), and the normalized DN does not match the real DN in Active directory. Excuse me if my usage of LDAP terms is not accurate. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 5625] memberOf search ACLs
by openldap-its＠openldap.org 01 Feb '24

01 Feb '24

1 0

[Issue 7400] Memberof and Syncrepl incompatibility
by openldap-its＠openldap.org 01 Feb '24

01 Feb '24

1 0

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2024