openldap-bugs June 2025

openldap-bugs@openldap.org

1 participants
43 discussions

[Issue 10304] New: Unable to remove item from directory as part of transaction if it is the last item in that directory
by openldap-its＠openldap.org 05 Aug '25

05 Aug '25

https://bugs.openldap.org/show_bug.cgi?id=10304 Issue ID: 10304 Summary: Unable to remove item from directory as part of transaction if it is the last item in that directory Product: OpenLDAP Version: 2.5.13 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: sophie.elliott(a)arcticlake.com Target Milestone: --- I am running my ldap server on Debian 11.3, with the mdb backend, using the backported openldap version 2.5.13. I am not 100% certain if this is an issue with OpenLDAP or liblmdb, but I have been running tests in the repo and it looks like the liblmdb tests work fine, so I think it's with OpenLDAP itself. I have been performing a transaction, and deleting entries from a directory during this transaction. This works fine if the item that I am deleting isn't the last entry in its directory, but when it is I get a MDB_NOTFOUND error on the commit transaction call and the delete doesn't go through. Here is an excerpt of the logs when this happens: ``` 67a64334.14e1fc32 0x766ad2a00700 => index_entry_del( 108, "accessGroupID=f23de82f-3a1c-4f88-86bb-bb07f9a0992d,o=[COMPANY],ou=accessGroups,dc=local,dc=[COMPANY],dc=com" ) 67a64334.14e21912 0x766ad2a00700 mdb_idl_delete_keys: 6c [62d34624] 67a64334.14e22812 0x766ad2a00700 <= index_entry_del( 108, "accessGroupID=f23de82f-3a1c-4f88-86bb-bb07f9a0992d,o=[COMPANY],ou=accessGroups,dc=local,dc=[COMPANY],dc=com" ) success 67a64334.14e23a91 0x766ad2a00700 mdb_delete: txn_commit failed: MDB_NOTFOUND: No matching key/data pair found (-30798) ``` Please let me know if I should submit this issue elsewhere, or if this is something that has already been fixed in a more recent version. I'm also happy to provide more details if necessary. Thank you! -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 10365] New: OOM during replication with a lot of updates
by openldap-its＠openldap.org 21 Jul '25

21 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10365 Issue ID: 10365 Summary: OOM during replication with a lot of updates Product: OpenLDAP Version: 2.6.10 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: elecharny(a)apache.org Target Milestone: --- When applying millions of updates on a huge database (30M entries), the server can crash with an out of memory. What happens is that the replication client does not process the incoming updates fast enough, syncprov accumulate the changes in memory up to the point it crashes. The clear workaround: use more memory on the server. Context: the replication mode used is delta-syncrepl, 2 servers, MMR , with MDB and accesslog. My assumption is that it would be valuable to benefit from the fact that we know when the socket is ready for write to actually push data to the replica, which means we can use the changes stored in accesslog and not in memory, while keeping a state of replication. I assume it's a huge change in the way it currently works. There is no urgency, considering it's quite a specific use case, and it would be way faster to slapmodify the changes on a stopped base, then copy the content to the replica, then restart everything. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9849] New: Update website to support LTS and Feature releases
by openldap-its＠openldap.org 15 Jul '25

15 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=9849 Issue ID: 9849 Summary: Update website to support LTS and Feature releases Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: mnormann(a)symas.com Target Milestone: --- Modify .wlmrc variable names and website content to handle both Feature Release and Long Term Support release. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 10203] New: no pkgconfig file included for liblmdb
by openldap-its＠openldap.org 14 Jul '25

14 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10203 Issue ID: 10203 Summary: no pkgconfig file included for liblmdb Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: otto(a)drijf.net Target Milestone: --- liblmdb does not ship with a pkgconfig file. More and more build systems rely on presense of a pkgconfig file, so it would be nice if liblmdb installed oneone. An example: prefix=/usr/local exec_prefix=${prefix} libdir=${prefix}/lib includedir=${prefix}/include Name: lmdb Description: Lightning memory-mapped database: key-value data store URL: https://www.symas.com/symas-embedded-database-lmdb Version: 0.9.32 Libs: -L${libdir} -llmdb Cflags: -I${includedir} Thanks. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10362] New: Normalised value confusions in replication
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10362 Issue ID: 10362 Summary: Normalised value confusions in replication Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- A lot of code expects a_nvals state to be consistent across modifies and multiple instances of the same attribute (with asserts to that effect), but replication doesn't seem to obey this: Add this assert into syncrepl_diff_entry()[0] : assert( ( old->a_nvals == NULL ) == ( new->a_nvals == NULL ) ); if ( old->a_nvals ) assert( ( old->a_nvals == old->a_vals ) == ( new->a_nvals == new->a_vals ) ); You'll see many tests fail this, the first of which is test043. [0]. https://git.openldap.org/openldap/openldap/-/blob/14d47146b0442df85bd949b21… -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 10360] New: delta-sync can apply old mods
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10360 Issue ID: 10360 Summary: delta-sync can apply old mods Product: OpenLDAP Version: 2.6.9 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- This might be related to #10358, but not sure. In delta MPR, if an older mod is received on an entry after a newer mod has already been applied by a local user, the older mod is applied and the newer mod is lost. The incoming replication ops are checked for freshness by check_csn_age() but that only checks the incoming cookieCSN against contextCSNs of the same SID. I.e., that check only prevents duplicate mods being replicated multiple times from the same remote provider. If check_csn_age() passes, then syncrepl_message_to_op() is invoked which just applies the mod. It doesn't check the mod or cookieCSN against the entry's current entryCSN. The code in syncrepl_op_mod() performs the checks we need. The code just needs to be pulled into a new function so it can be used in both places. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 10359] New: delta-MPR uses logbase for more than it documents
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10359 Issue ID: 10359 Summary: delta-MPR uses logbase for more than it documents Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- syncrepl logbase=<dn> is used not just for a syncrepl session (documented) but also for internal searches when it comes to delta-MPR conflict resolution. This is not documented so an admin doesn't know that the local accesslog DB needs to exist and have the same suffix. Either the documentation needs updating or a new configuration item needs to be added to allow an accesslog DB with a different suffix locally. -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 10358] New: syncrepl can revert an entry's CSN
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10358 Issue ID: 10358 Summary: syncrepl can revert an entry's CSN Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Created attachment 1080 --> https://bugs.openldap.org/attachment.cgi?id=1080&action=edit Debug log of an instance of this happening There is a sequence of operations which can force a MPR node to apply changes out of order (essentially reverting an operation). Currently investigating which part of the code that should have prevented this has let it slip. A sample log showing how this happened is attached. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10361] New: lapo-auditlog: Add olcAuditLogNonBlocking to avoid blocking when logging to named pipes
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10361 Issue ID: 10361 Summary: lapo-auditlog: Add olcAuditLogNonBlocking to avoid blocking when logging to named pipes Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: a.cudbardb(a)freeradius.org Target Milestone: --- Created attachment 1081 --> https://bugs.openldap.org/attachment.cgi?id=1081&action=edit Patch adding olcAuditlogNonBlocking and a tests for slapo-auditlog The default behaviour of fopen() when called on a named pipe which does not have any reader, is to block, until a reader opens the pipe. This in turn blocks slapo-auditlog when it attempts to write output, and prevents slapd processing requests. Depending on how critical the audit log is, it may be preferable to discard audit log output and continue processing requests if there's no reader available which olcAuditLogNonBlocking: TRUE allows. For clarity the call to fopen() is removed and replaced with open()/fdopen(), allowing us to specify O_* flags as opposed to using fopen() OR open()/fdopen() depending on whether we should block. 0666 are the base permissions used by fopen() when files are created. There were no tests for slapo-auditlog, so a small test suite that tests both the basic behaviour, and blocking/non-blocking writes. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10356] New: Openldap -> Chasing the referral is not proceeding further after 3 referrals
by openldap-its＠openldap.org 01 Jul '25

01 Jul '25

https://bugs.openldap.org/show_bug.cgi?id=10356 Issue ID: 10356 Summary: Openldap -> Chasing the referral is not proceeding further after 3 referrals Product: OpenLDAP Version: 2.4.56 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: hharshitha2797(a)gmail.com Target Milestone: --- Hi Team I have an issue with OpenLDAP 2.4.56. Chasing the referral only yields 3 referrals; the user login does not proceed further to other referrals. This issue is seen in CentOS with OPENSSL 3.0 In OpenLDAP 2.1.22, the same is working; here, OpenSSL is not used. Here OPENSSL 3.0 is not used. We can see around 8 referrals here. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2025