openldap-bugs March 2025

openldap-bugs@openldap.org

1 participants
28 discussions

[Issue 10315] Re-Usage of Message IDs of async search blocks all available connections
by openldap-its＠openldap.org 11 Mar '25

11 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10315 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- No OpenLDAP issue seen. Use proper file limit settings. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10315] Re-Usage of Message IDs of async search blocks all available connections
by openldap-its＠openldap.org 11 Mar '25

11 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10315 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10318] New: Potential null-pointer-dereference in servers/slapd/connection.c
by openldap-its＠openldap.org 11 Mar '25

11 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10318 Issue ID: 10318 Summary: Potential null-pointer-dereference in servers/slapd/connection.c Product: OpenLDAP Version: 2.5.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: 1367173408(a)qq.com Target Milestone: --- Created attachment 1056 --> https://bugs.openldap.org/attachment.cgi?id=1056&action=edit execution trace Hi, I have found a potential null pointer dereference bug in the project and would like to report it to the maintainers. At line 267 and line 284 in file `servers/slapd/connection.c`, the function `connection_get` may return NULL. Then, at line 1239 in the same file, the pointer `c` receives the return value, which may be NULL. But `c` is dereferenced at following lines without checking, which may lead to a null-pointer-dereference bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10317] New: Potential null-pointer-dereference
by openldap-its＠openldap.org 11 Mar '25

11 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10317 Issue ID: 10317 Summary: Potential null-pointer-dereference Product: OpenLDAP Version: 2.5.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: 1367173408(a)qq.com Target Milestone: --- Created attachment 1055 --> https://bugs.openldap.org/attachment.cgi?id=1055&action=edit execution trace Hi, I have found a potential null pointer dereference bug in the project and would like to report it to the maintainers. At line 836 in file `servers/slapd/backglue.c`, the function `glue_tool_inst` may return NULL. Then, at line 765 in the same file, the pointer `on` receives the return value, which may be NULL. But `on` is dereferenced at line 766 without checking, which may lead to a null-pointer-dereference bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10312] New: olcSubordinate does not accept a 'false' keyword, contrary to documentation
by openldap-its＠openldap.org 10 Mar '25

10 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10312 Issue ID: 10312 Summary: olcSubordinate does not accept a 'false' keyword, contrary to documentation Product: OpenLDAP Version: 2.6.9 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: gray(a)nxg.name Target Milestone: --- The slapd-config(5) manpage documents the olcSubordinate keyword as olcSubordinate: [TRUE | FALSE | advertise] If, however, I try to create a database using olcSubordinate: false then slapadd objects with olcSubordinate: value #0: suffix "ou=foo,o=bar": subordinate must be "TRUE" or "advertise". (For the sake of completeness, it might be worth noting in the manpage that the (unsurprising) default is for a search of a superior database _not_ to be propagated to the subordinate one – ie, the presumed behaviour of olcSubordinate:false) -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10266] New: Adopt broader RFC4511 NoD interpretation on lloadd's client side
by openldap-its＠openldap.org 04 Mar '25

04 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10266 Issue ID: 10266 Summary: Adopt broader RFC4511 NoD interpretation on lloadd's client side Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Server side, lloadd has long implemented a broad interpretation of NoD unsolicited response handling: when the message is issued, no new requests are accepted on the session however the client and server are both free to keep the session open if there are any operations that have not resolved yet. The server is still expected to close the connection as soon as no operations are still pending. This seems to interoperate with known clients. Those that want to will close the session immediately, unaware of this possibility, those that also want to interpret RFC 4511 this way can choose to wait for existing operations to resolve. This ticket is to track the lloadd's implementation of the client side of this - when receiving a NoD message, we don't close the connection immediately+unconditionally either but are willing to wait. Related functionality: - if connection was a bind connection processing a multi-stage SASL bind, the bind should fail if/when the client attempts to progress it - clients assigned to this connection through coherence at least 'connection' are also marked closing -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10310] New: Update pbkdf2 overlay so iterations can be configurable
by openldap-its＠openldap.org 04 Mar '25

04 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10310 Issue ID: 10310 Summary: Update pbkdf2 overlay so iterations can be configurable Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The pbkdf2 password hashing contrib overlay has the number of iterations hard coded at 10,000. It would be helpful to update the module to allow this to be configurable instead, as is done with other password hashing modules. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10314] New: Only install the slapi-plugin.h header if building slapi library
by openldap-its＠openldap.org 04 Mar '25

04 Mar '25

https://bugs.openldap.org/show_bug.cgi?id=10314 Issue ID: 10314 Summary: Only install the slapi-plugin.h header if building slapi library Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: mattias.ellert(a)physics.uu.se Target Milestone: --- Created attachment 1054 --> https://bugs.openldap.org/attachment.cgi?id=1054&action=edit Proposed patch The slapi-plugin.h header does not make sense without the slapi library. The attached patch makes the installation of the header conditional. -- You are receiving this mail because: You are on the CC list for the issue.

1 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs March 2025