openldap-bugs

openldap-bugs@openldap.org

1 participants
20967 discussions

(ITS#6776) Control handling in PassMod exop + ppolicy
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

Full_Name: Hallvard B Furuseth Version: HEAD OS: URL: Submission from: (NULL) (193.157.201.41) Submitted by: hallvard passwd_extop(op, rs) does an internal op->o_bd->be_modify(op, rs) and then intentionally returns with sr_text, sr_ref, sr_ctrls from be_modify intact, so the caller can send them. By my understanding this is quite fragile, since these SlapReply values can be invalid/out of scope after be_modify returns. It clashes with SlapReply cleanup effort, ITS#6758. It does this so ppolicy can insert its controls there, after detecting that the current be->be_modify call is actually a Password Modify exop. Maybe passwd_extop() instead can give the Modify a response or cleanup handler which steals any controls from the SlapReply, and reinserts them after be_modify() returns? OTOH - I don't know how slapd manages controls nowadays (what decides which controls should be freed, etc) - but I notice ppolicy.c has its very own ctrls_cleanup(). Hopefully that function is general enough that it would be useful to move it into slapd - if it needs its own special control handling, then maybe this issue expands to a need for a general control handling module. ppolicy registers its control as valid with Password Modify, which tells Password Modify it can steal it, etc. One final issue: passwd.c says cb.sc_private = qpw; /* let Modify know this was pwdMod, * if it cares... */ and ppolicy recognizes any Modify with (sc->sc_response == slap_null_cb && sc->sc_private) as the Password Modify operation. Seems no guarantee. I suggest to instead set some specific passwd_<response/cleanup>_sc function which ppolicy can recognize - maybe in addition to the current check, so a 2.4.24-compiled ppolicy can work with 2.4.23 slapd and vice versa.

1 0

(ITS#6775) Client tools often log controls not nicely in LDIF mode
by masarati＠aero.polimi.it 04 Jan '11

04 Jan '11

Full_Name: Pierangelo Masarati Version: HEAD/re24 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (188.153.18.39) Submitted by: ando LDIF: control: OID <encoded> <known control name>: <human readable> comment: # control: OID <encoded> # <known control name><human readable> A fix is coming. p.

1 0

(ITS#6774) back-meta can send matchedDN with success
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

Full_Name: Hallvard B Furuseth Version: HEAD OS: URL: Submission from: (NULL) (193.157.201.41) Submitted by: hallvard With this patch (do not commit:-) Index: servers/slapd/back-meta/search.c @@ -1740,2 +1740,3 @@ rs->sr_ref = ( sres == LDAP_REFERRAL ? rs->sr_v2ref : NULL ); + assert( rs->sr_err || !(rs->sr_text || rs->sr_matched )); send_ldap_result( op, rs ); back-meta oftenfails with just env TESTLOOPS=1 TESTCHILDREN=1 ./run -b hdb test036-meta-concurrency It passes the test if instead of the asser you use rs->sr_matched = ( sres == LDAP_SUCCESS ? NULL : matched ); but I have not looked into whether that cures the symptom or the bug.

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by quanah＠zimbra.com 04 Jan '11

04 Jan '11

--On Tuesday, January 04, 2011 5:53 PM +0100 Jaap Winius <jwinius(a)umrk.nl> wrote: > Quoting Quanah Gibson-Mount <quanah(a)zimbra.com>: > >> This is a duplicate of ITS#6540, this ITS will be closed. > > Duplicate? That may not be the case. In Pierangelo's own words: > > "That patch was never committed because the reporter of ITS#6540 > said his initial report was not actually relevant for the real > issue he was suffering from... " Your information is out of date. The patch was committed last November. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by jwinius＠umrk.nl 04 Jan '11

04 Jan '11

Quoting Quanah Gibson-Mount <quanah(a)zimbra.com>: > This is a duplicate of ITS#6540, this ITS will be closed. Duplicate? That may not be the case. In Pierangelo's own words: "That patch was never committed because the reporter of ITS#6540 said his initial report was not actually relevant for the real issue he was suffering from... " Source: http://www.openldap.org/lists/openldap-technical/201011/msg00129.html I filed this report because I'm not sure that the bug for which Pierangelo wrote that patch was ever reported. On the other hand, if the patch has in fact already been committed, then please go ahead and close this ITS. Cheers, Jaap

1 0

Re: (ITS#6770) Proxy authorization fails with SASL-GSSAPI
by masarati＠aero.polimi.it 04 Jan '11

04 Jan '11

Let me confirm that it works as expected with SIMPLE and SASL bind using EXTERNAL (TLS) and DIGEST-MD5. I haven't tried with GSSAPI; the issue might be specific to it. p.

1 0

Re: (ITS#6769) Slapd fails to start when olcDbURI attribute is used
by quanah＠zimbra.com 04 Jan '11

04 Jan '11

--On Monday, January 03, 2011 10:45 PM +0000 jwinius(a)umrk.nl wrote: > The solution is to apply this patch: > > > ftp://ftp.openldap.org/incoming/pierangelo-masarati-2010-04-29-chain.1.pa > tch This is a duplicate of ITS#6540, this ITS will be closed. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6772) slapcommon.c:495:9: error: SLAPMODIFY undeclared
by quanah＠zimbra.com 04 Jan '11

04 Jan '11

--On Tuesday, January 04, 2011 10:19 AM +0000 michael(a)stroeder.com wrote: > Full_Name: Michael Str?der > Version: RE24 > OS: Linux > URL: > Submission from: (NULL) (84.128.246.210) Don't file bugs on RE24 at this time. This is why you were already asked to leave it alone. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#6773) Per-connection extra stuff
by masarati＠aero.polimi.it 04 Jan '11

04 Jan '11

> masarati(a)aero.polimi.it writes: >> Unless there are objections, I'd commit it. > > Well, it breaks binary compatibility, but perhaps that'll break anyway? > That is, will overlays/modules compiled with 2.4.23 break with slapd > 2.4.24 or vice versa? No it won't, since I do not expect this to be released with 2.4.24 (nor with 2.4). In general, yes, it will break binary compatibility, but it won't break source code compatibility; eventuallysource code might if I move paged results and so under the ConnExtra umbrella, which is not something I'm struggling for at the moment. p.

1 0

Re: (ITS#6773) Per-connection extra stuff
by h.b.furuseth＠usit.uio.no 04 Jan '11

04 Jan '11

masarati(a)aero.polimi.it writes: > Unless there are objections, I'd commit it. Well, it breaks binary compatibility, but perhaps that'll break anyway? That is, will overlays/modules compiled with 2.4.23 break with slapd 2.4.24 or vice versa? -- Hallvard

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs