openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

Re: (ITS#9082) Issues while upgrading to 2.4.48
by quanah＠symas.com 17 Sep '19

17 Sep '19

--On Tuesday, September 17, 2019 6:47 PM +0000 krishradhe11(a)gmail.com wrote: > Full_Name: Radhe Krish > Version: 2.4.44 > OS: Centos 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (139.85.223.11) Hello, The ITS system is for reporting bugs, not usage questions. Please redirect your query to the openldap-technical(a)openldap.org email list for questions such as yours. I will note that this question has been asked and answered there already for other individuals, so if you look at the list archives, you'll find your answer. <https://www.openldap.org/lists/mm/listinfo/openldap-technical> <https://www.openldap.org/lists/openldap-technical/> <https://www.openldap.org/lists/openldap-technical/201908/msg00157.html> This ITS will be closed. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#9082) Issues while upgrading to 2.4.48
by krishradhe11＠gmail.com 17 Sep '19

17 Sep '19

Full_Name: Radhe Krish Version: 2.4.44 OS: Centos 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (139.85.223.11) Hello ! I 'm using Openldap version 2.4.44 running on my centos 7 machine. In process to upgrade to the recently released Openldap version 2.4.48, I'm facing some difficulties while choosing the concerned folder to save executable libraries. I followed the instructions as in official website but I'm not positive about how to upgrade from already installed Openldap 2.4.44 to 2.4.48. I tried to find RPMs supporting this but still no luck.Can you help me with clear instructions to proceed upgrade from 2.4.44 to 2.4.48 or help me with the corresponding RPM, that will be really helpful.

1 0

RE: (ITS#9023) crash using ppolicy chaining from slave to master
by jpayanides＠prosodie.com 17 Sep '19

17 Sep '19

--_000_AM0PR0202MB3553BA671B52D50E489F7ACBBA8F0AM0PR0202MB3553_ Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 SGVsbG8gT25kxZllaiAsDQp0aGFua3MgYSBsb3QgZm9yIHdhcm5pbmcgbWUuDQpJIHdpbGwgdGVz dCB0aGUgbmV3IGNvZGUgd2l0aGluIGEgbW9udGggKEkgY2Fubm90IGRvIGl0IGF0IHRoaXMgdGlt ZSkuDQoNCklsIGtlZXAgeW91IGluZm9ybWVkLg0KDQpraW5kIHJlZ2FyZHMsDQoNCg0KSmVhbi1Q aGlsaXBwZSBBeWFuaWRlcw0KQ29uY2VwdGlvbiBldCBhcmNoaXRlY3R1cmUgc8OpY3VyaXTDqQ0K U2VydmljZSAmIE9wZXJhdGlvbiAvIEluZnJhc3RydWN0dXJlIE5ldHdvcmsgU2VjdXJpdHkgQmFj a2JvbmUNCnTDqWwgKzMzMTM0NDkwNjI4DQpQcm9zb2RpZS1DYXBnZW1pbmkNClBlb3BsZSBtYXR0 ZXIsIHJlc3VsdHMgY291bnQuDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KRGUg OiBPbmTFmWVqIEt1em7DrWsgPG9uZHJhQG1pc3RvdGViZS5uZXQ+DQpFbnZvecOpIDogbWVyY3Jl ZGkgMTEgc2VwdGVtYnJlIDIwMTkgMTg6MDQNCsOAIDogQVlBTklERVMsIEpFQU4tUEhJTElQUEUg PGpwYXlhbmlkZXNAcHJvc29kaWUuY29tPg0KQ2MgOiBvcGVubGRhcC1pdHNAT3BlbkxEQVAub3Jn IDxvcGVubGRhcC1pdHNAT3BlbkxEQVAub3JnPg0KT2JqZXQgOiBSZTogKElUUyM5MDIzKSBjcmFz aCB1c2luZyBwcG9saWN5IGNoYWluaW5nIGZyb20gc2xhdmUgdG8gbWFzdGVyDQoNCkhpIEplYW4t UGhpbGlwcGUsDQpJIGhhdmUganVzdCBzZWVuIGFuZCBmaXhlZCBhIGNyYXNoIHRoYXQgbWlnaHQg YmUgc2ltaWxhciB0byB5b3Vycw0KKElUUyM5MDc2KSwgY291bGQgeW91IHRyeSBhbmQgc2VlIGlm IHRoZSBjcmFzaCBnb2VzIGF3YXkgaWYgeW91IGFwcGx5DQpjb21taXQgYTE0ZmI3MzFhYzZlMzlj ZDAzNzUxMmNhNjNiY2IwMjFmMDE5NmU1Yj8NCg0KVGhhbmtzLA0KDQotLQ0KT25kxZllaiBLdXpu w61rDQpTZW5pb3IgU29mdHdhcmUgRW5naW5lZXINClN5bWFzIENvcnBvcmF0aW9uICAgICAgICAg ICAgICAgICAgICAgICBodHRwOi8vd3d3LnN5bWFzLmNvbQ0KUGFja2FnZWQsIGNlcnRpZmllZCwg YW5kIHN1cHBvcnRlZCBMREFQIHNvbHV0aW9ucyBwb3dlcmVkIGJ5IE9wZW5MREFQDQpUaGlzIG1l c3NhZ2UgY29udGFpbnMgaW5mb3JtYXRpb24gdGhhdCBtYXkgYmUgcHJpdmlsZWdlZCBvciBjb25m aWRlbnRpYWwgYW5kIGlzIHRoZSBwcm9wZXJ0eSBvZiB0aGUgQ2FwZ2VtaW5pIEdyb3VwLiBJdCBp cyBpbnRlbmRlZCBvbmx5IGZvciB0aGUgcGVyc29uIHRvIHdob20gaXQgaXMgYWRkcmVzc2VkLiBJ ZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCB5b3UgYXJlIG5vdCBhdXRob3Jp emVkIHRvIHJlYWQsIHByaW50LCByZXRhaW4sIGNvcHksIGRpc3NlbWluYXRlLCBkaXN0cmlidXRl LCBvciB1c2UgdGhpcyBtZXNzYWdlIG9yIGFueSBwYXJ0IHRoZXJlb2YuIElmIHlvdSByZWNlaXZl IHRoaXMgbWVzc2FnZSBpbiBlcnJvciwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0 ZWx5IGFuZCBkZWxldGUgYWxsIGNvcGllcyBvZiB0aGlzIG1lc3NhZ2UuCg== --_000_AM0PR0202MB3553BA671B52D50E489F7ACBBA8F0AM0PR0202MB3553_ Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyIgc3R5bGU9 ImRpc3BsYXk6bm9uZTsiPiBQIHttYXJnaW4tdG9wOjA7bWFyZ2luLWJvdHRvbTowO30gPC9zdHls ZT4NCjwvaGVhZD4NCjxib2R5IGRpcj0ibHRyIj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBD YWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNv bG9yOiByZ2IoMCwgMCwgMCk7Ij4NCkhlbGxvIDxmb250IHNpemU9IjIiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTFwdCI+T25kxZllaiA8L3NwYW4+PC9mb250Piw8L2Rpdj4NCjxkaXYgc3R5bGU9 ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250 LXNpemU6IDEycHQ7IGNvbG9yOiByZ2IoMCwgMCwgMCk7Ij4NCnRoYW5rcyBhIGxvdCBmb3Igd2Fy bmluZyBtZS48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBBcmlhbCwg SGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNvbG9yOiByZ2IoMCwgMCwg MCk7Ij4NCkkgd2lsbCB0ZXN0IHRoZSBuZXcgY29kZSB3aXRoaW4gYSBtb250aCAoSSBjYW5ub3Qg ZG8gaXQgYXQgdGhpcyB0aW1lKS48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp YnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNvbG9y OiByZ2IoMCwgMCwgMCk7Ij4NCjxicj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6 IENhbGlicmksIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsg Y29sb3I6IHJnYigwLCAwLCAwKTsiPg0KSWwga2VlcCB5b3UgaW5mb3JtZWQuPC9kaXY+DQo8ZGl2 IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxMnB0OyBjb2xvcjogcmdiKDAsIDAsIDApOyI+DQo8YnI+DQo8L2Rpdj4N CjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5z LXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNvbG9yOiByZ2IoMCwgMCwgMCk7Ij4NCmtpbmQgcmVn YXJkcyw8YnI+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBBcmlh bCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNvbG9yOiByZ2IoMCwg MCwgMCk7Ij4NCjxicj4NCjwvZGl2Pg0KPGRpdiBpZD0iU2lnbmF0dXJlIj4NCjxkaXYgaWQ9ImRp dnRhZ2RlZmF1bHR3cmFwcGVyIiBkaXI9Imx0ciIgc3R5bGU9ImZvbnQtc2l6ZToxMnB0OyBjb2xv cjojMDAwMDAwOyBmb250LWZhbWlseTpDYWxpYnJpLEhlbHZldGljYSxzYW5zLXNlcmlmIj4NCjxk aXYgaWQ9ImRpdnRhZ2RlZmF1bHR3cmFwcGVyIiBkaXI9Imx0ciIgc3R5bGU9ImZvbnQtc2l6ZTox MnB0OyBjb2xvcjojMDAwMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiNGRkZGRkY7IGZvbnQtZmFtaWx5 OkNhbGlicmksQXJpYWwsSGVsdmV0aWNhLHNhbnMtc2VyaWYiPg0KPHAgc3R5bGU9Im1hcmdpbi10 b3A6IDBweDsgbWFyZ2luLWJvdHRvbTogMHB4OyI+PHNwYW4gbGFuZz0iZnIiPjwvc3Bhbj48L3A+ DQo8ZGl2IHN0eWxlPSJtYXJnaW46MCI+PGZvbnQgc2l6ZT0iMyIgZmFjZT0iVGltZXMgTmV3IFJv bWFuLHNlcmlmIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEycHQiPjxmb250IHNpemU9IjIiIGZh Y2U9IlZlcmRhbmEsc2Fucy1zZXJpZiIgY29sb3I9IiMwMDQ2OEMiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OXB0Ij48Yj5KZWFuLVBoaWxpcHBlIEF5YW5pZGVzPGJyPg0KPC9iPjwvc3Bhbj48L2Zv bnQ+PC9zcGFuPjwvZm9udD48L2Rpdj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6Ny41cHQ7IGZv bnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7IGNvbG9y OmJsYWNrIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjcuNXB0OyBmb250LWZhbWlseTomcXVvdDtB cmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7OyBjb2xvcjpibGFjayI+Q29uY2VwdGlv biBldCBhcmNoaXRlY3R1cmUgc8OpY3VyaXTDqTwvc3Bhbj48YnI+DQo8c3BhbiBzdHlsZT0iZm9u dC1zaXplOjhwdDsgZm9udC1mYW1pbHk6QXJpYWwsSGVsdmV0aWNhLHNhbnMtc2VyaWYiPlNlcnZp Y2UgJmFtcDsgT3BlcmF0aW9uIC8gSW5mcmFzdHJ1Y3R1cmU8L3NwYW4+PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6OS4wcHQ7IGZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90 O3NhbnMtc2VyaWYmcXVvdDs7IGNvbG9yOmJsYWNrIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjhw dDsgZm9udC1mYW1pbHk6QXJpYWwsSGVsdmV0aWNhLHNhbnMtc2VyaWYiPg0KIE5ldHdvcmsgU2Vj dXJpdHkgQmFja2JvbmU8L3NwYW4+PGJyPg0KPGEgY2xhc3M9Im8zNjVidXR0b24iPjxzcGFuIGNs YXNzPSJtcy1mb250LXMgbXMtZm9udC1jb2xvci10aGVtZVByaW1hcnkiIHRpdGxlPSImIzQzOzMz MTM0NDkwNjI4Ij50w6lsICYjNDM7MzMxMzQ0OTA2Mjg8L3NwYW4+PC9hPjxicj4NClByb3NvZGll LUNhcGdlbWluaTxicj4NCjwvc3Bhbj48c3Ryb25nPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTom cXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7OyBjb2xvcjojMDA5OENDIj5Q ZW9wbGUgbWF0dGVyLCByZXN1bHRzIGNvdW50Ljwvc3Bhbj48L3N0cm9uZz48L2Rpdj4NCjxzdHJv bmc+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7IGNvbG9yOiMwMDk4Q0MiPjwvc3Bhbj48L3N0cm9uZz48L2Rpdj4NCjwvZGl2 Pg0KPGRpdiBpZD0iYXBwZW5kb25zZW5kIj48L2Rpdj4NCjxociBzdHlsZT0iZGlzcGxheTppbmxp bmUtYmxvY2s7d2lkdGg6OTglIiB0YWJpbmRleD0iLTEiPg0KPGRpdiBpZD0iZGl2UnBseUZ3ZE1z ZyIgZGlyPSJsdHIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIHN0eWxlPSJmb250 LXNpemU6MTFwdCIgY29sb3I9IiMwMDAwMDAiPjxiPkRlIDo8L2I+IE9uZMWZZWogS3V6bsOtayAm bHQ7b25kcmFAbWlzdG90ZWJlLm5ldCZndDs8YnI+DQo8Yj5FbnZvecOpIDo8L2I+IG1lcmNyZWRp IDExIHNlcHRlbWJyZSAyMDE5IDE4OjA0PGJyPg0KPGI+w4AgOjwvYj4gQVlBTklERVMsIEpFQU4t UEhJTElQUEUgJmx0O2pwYXlhbmlkZXNAcHJvc29kaWUuY29tJmd0Ozxicj4NCjxiPkNjJm5ic3A7 OjwvYj4gb3BlbmxkYXAtaXRzQE9wZW5MREFQLm9yZyAmbHQ7b3BlbmxkYXAtaXRzQE9wZW5MREFQ Lm9yZyZndDs8YnI+DQo8Yj5PYmpldCA6PC9iPiBSZTogKElUUyM5MDIzKSBjcmFzaCB1c2luZyBw cG9saWN5IGNoYWluaW5nIGZyb20gc2xhdmUgdG8gbWFzdGVyPC9mb250Pg0KPGRpdj4mbmJzcDs8 L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iQm9keUZyYWdtZW50Ij48Zm9udCBzaXplPSIyIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExcHQ7Ij4NCjxkaXYgY2xhc3M9IlBsYWluVGV4dCI+SGkg SmVhbi1QaGlsaXBwZSw8YnI+DQpJIGhhdmUganVzdCBzZWVuIGFuZCBmaXhlZCBhIGNyYXNoIHRo YXQgbWlnaHQgYmUgc2ltaWxhciB0byB5b3Vyczxicj4NCihJVFMjOTA3NiksIGNvdWxkIHlvdSB0 cnkgYW5kIHNlZSBpZiB0aGUgY3Jhc2ggZ29lcyBhd2F5IGlmIHlvdSBhcHBseTxicj4NCmNvbW1p dCBhMTRmYjczMWFjNmUzOWNkMDM3NTEyY2E2M2JjYjAyMWYwMTk2ZTViPzxicj4NCjxicj4NClRo YW5rcyw8YnI+DQo8YnI+DQotLSA8YnI+DQpPbmTFmWVqIEt1em7DrWs8YnI+DQpTZW5pb3IgU29m dHdhcmUgRW5naW5lZXI8YnI+DQpTeW1hcyBDb3Jwb3JhdGlvbiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8 YSBocmVmPSJodHRwOi8vd3d3LnN5bWFzLmNvbSI+aHR0cDovL3d3dy5zeW1hcy5jb208L2E+PGJy Pg0KUGFja2FnZWQsIGNlcnRpZmllZCwgYW5kIHN1cHBvcnRlZCBMREFQIHNvbHV0aW9ucyBwb3dl cmVkIGJ5IE9wZW5MREFQPGJyPg0KPC9kaXY+DQo8L3NwYW4+PC9mb250PjwvZGl2Pg0KPHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTogOXB4OyBsaW5lLWhlaWdodDogMTBweDsiPlRoaXMgbWVzc2FnZSBj b250YWlucyBpbmZvcm1hdGlvbiB0aGF0IG1heSBiZSBwcml2aWxlZ2VkIG9yIGNvbmZpZGVudGlh bCBhbmQgaXMgdGhlIHByb3BlcnR5IG9mIHRoZSBDYXBnZW1pbmkgR3JvdXAuIEl0IGlzIGludGVu ZGVkIG9ubHkgZm9yIHRoZSBwZXJzb24gdG8gd2hvbSBpdCBpcyBhZGRyZXNzZWQuIElmIHlvdSBh cmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHlvdSBhcmUgbm90IGF1dGhvcml6ZWQgdG8g cmVhZCwgcHJpbnQsIHJldGFpbiwgY29weSwgZGlzc2VtaW5hdGUsIGRpc3RyaWJ1dGUsIG9yIHVz ZSB0aGlzIG1lc3NhZ2Ugb3IgYW55IHBhcnQgdGhlcmVvZi4gSWYgeW91IHJlY2VpdmUgdGhpcyBt ZXNzYWdlIGluIGVycm9yLCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5k IGRlbGV0ZSBhbGwgY29waWVzIG9mIHRoaXMgbWVzc2FnZS48L3NwYW4+PC9ib2R5Pg0KPC9odG1s Pg0K --_000_AM0PR0202MB3553BA671B52D50E489F7ACBBA8F0AM0PR0202MB3553_--

1 0

(ITS#9081) Memory leak in ldap_initialize/ldap_unbind
by jengelh＠inai.de 16 Sep '19

16 Sep '19

Full_Name: Jan Engelhardt Version: 2.4.48 OS: openSUSE Tumbleweed; Linux 5.3.0-rc7 x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2a02:8108:96c0:15fc:2137:8684:9608:51f8) » cat x.c #define LDAP_DEPRECATED 1 #include <ldap.h> int main() { LDAP *ld; ldap_initialize(&ld, "ldapi:///"); ldap_unbind(ld); } » gcc x.c -Wall -lldap -ggdb3 » valgrind --leak-check=full ./a.out ==25779== HEAP SUMMARY: ==25779== in use at exit: 26,395 bytes in 85 blocks ==25779== total heap usage: 233 allocs, 148 frees, 177,134 bytes allocated ==25779== ==25779== 40 bytes in 1 blocks are definitely lost in loss record 11 of 24 ==25779== at 0x4838B65: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25779== by 0x4A8310C: ber_memcalloc_x (memory.c:283) ==25779== by 0x4A84EC0: ber_sockbuf_alloc (sockbuf.c:60) ==25779== by 0x487396A: ldap_create (open.c:172) ==25779== by 0x4873C8D: ldap_initialize (open.c:241) ==25779== by 0x10915F: main (x.c:6) ==25779== ==25779== LEAK SUMMARY: ==25779== definitely lost: 40 bytes in 1 blocks ==25779== indirectly lost: 0 bytes in 0 blocks ==25779== possibly lost: 0 bytes in 0 blocks ==25779== still reachable: 26,355 bytes in 84 blocks ==25779== suppressed: 0 bytes in 0 blocks ==25779== Reachable blocks (those to which a pointer was found) are not shown. ==25779== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==25779== ==25779== For lists of detected and suppressed errors, rerun with: -s ==25779== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) unbind.c: 123 for ( lm = ld->ld_responses; lm != NULL; lm = next ) { 128 if ( ld->ld_abandoned != NULL ) { 132 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex ); 136 ber_int_sb_destroy( ld->ld_sb ); Should this probably be LBER_FREE rather than ber_int_sb_destroy?

1 0

ITS#9080 a further relevant ITS
by Norman.Gray＠glasgow.ac.uk 14 Sep '19

14 Sep '19

I should also note that ITS#4996 (2007, closed) appears to be the issue=20 which resulted in the support for `-H "<proto>:///DN"` being added to=20 the command-line clients. --=20 Norman Gray : https://nxg.me.uk SUPA School of Physics and Astronomy, University of Glasgow, UK

1 0

(ITS#9080) Feature request: support DNS SRV lookups in ldap.conf
by gray＠nxg.name 14 Sep '19

14 Sep '19

Full_Name: Norman Gray Version: 2.4.47 OS: FreeBSD 12.0 (but not OS-soecific) URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:8b0:df5:af53:c1a5:cbb2:6a6a:3390) Feature request: support specification of DNS SRV records in ldap.conf, matching ldapsearch -H The `ldapsearch` tools supports specifying lookups of SRV records via a special case syntax in the argument to the `-H` option. A URI such as ldap:///dc=ldap,dc=example,dc=com (with the commas and equals signs suitably escaped) prompts ldapsearch to do a lookup of an SRV record for ldap.example.com. However the URI synatx in ldap.conf doesn't have a corresponding special case, so it's not possible to put such a spec in a ldap.conf file. The ldap.conf documentation doesn't claim any support for SRV records, so there isn't a bug here, but on a Principle of Least Astonishment it would be very useful if the same syntax that -H respects were respected by ldap.conf as well. Other LDAP clients have different ways of specifying this (eg, nslcd.conf supports a `DNS:<domain>` syntax; Linux automount's `autofs.conf` has a `ldap_uri` attribute which supports a very similar dc=xxx syntax), so an alternative ldap.conf syntax would be a good second best. As an auxiliary point, when `ldapsearch` sees `URI ldap:///dc%3D...` in the ldap.conf file, it silently ignores it, rather than producing an error. It doesn't even produce a warning when `ldapsearch` is invoked with `-d-1`. I had to use strace to reassure myself that the config file was actually being read. I feel that a library should make a _lot_ more noise about an attribute in a configuration file being seen but ignored (I can see that the `ldap://dc...` URI, which is of course syntactically OK, _might_ be inadvertently meaningful, and thus not necessarily a detectable error, but even in that case `-d-1` should produce _something_). A scan through ITS reports found the following: * ITS#5919 (2009, still open) discusses a similar request, and discusses a variety of issues with it. This is a useful cross-reference. * ITS#6462 (2010, open) and ITS#8610 (2017, open) both touch on SRV records, but aren't particularly relevant, since they're both about the handling of ldaps:// URIs specifying a SRV record. * ITS#7027 (2011, closed) and ITS#8196 (open) are concerned with the internal handling of SRV records, but not their configuration $ ldapsearch -VV ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.47 (Jul 25 2019 01:30:14) $ root@120amd64-quarterly-job-16:/wrkdirs/usr/ports/net/openldap24-sasl-client/work/openldap-2.4.47/clients/tools (LDAP library: OpenLDAP 20447)

1 0

Re: (ITS#9079 documentation: slapo-unique syntax explanation unclear
by quanah＠symas.com 13 Sep '19

13 Sep '19

--On Friday, September 13, 2019 6:07 PM +0000 gray(a)nxg.name wrote: > Full_Name: Norman Gray > Version: 2.4.48 > OS: FreeBSD 12.0 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (130.209.45.140) Note: this is now ITS#9079. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#9078) Indices MDB
by quanah＠symas.com 13 Sep '19

13 Sep '19

--On Friday, September 13, 2019 5:54 PM +0000 dpa-openldap(a)aegee.org wrote: Hello, The ITS system is for bug reports, not usage questions. Please redirect your questions to the openldap-technical(a)openldap.org mailing list. This ITS will be closed. <https://www.openldap.org/lists/mm/listinfo/openldap-technical> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#9077) slapo-unique spins its wheels on a non-trivial olcUniqueURI spec
by quanah＠symas.com 13 Sep '19

13 Sep '19

--On Friday, September 13, 2019 4:34 PM +0000 gray(a)nxg.name wrote: > Full_Name: Norman Gray > Version: 2.4.48 > OS: FreeBSD 12.0 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (130.209.45.140) Unrelated side note, ITS number fixed to be 9077. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#9488) documentation: slapo-unique syntax explanation unclear
by gray＠nxg.name 13 Sep '19

13 Sep '19

Full_Name: Norman Gray Version: 2.4.48 OS: FreeBSD 12.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (130.209.45.140) Documentation bug The documentation for the `unique_uri` or `olcUniqueURI` attribute is very compact, with the result that it is not clear what counts as correct syntax, nor what are the semantics of the specification. I'm not suggesting that the text is necessarily _inaccurate_, but that it is too brief. That is, someone who already understand the syntax and semantics will probably not notice anything wrong with this paragraph; someone who doesn't already understand (eg, me) will struggle. slapo-unique(5) says that the syntax here is: unique_uri <[strict ][ignore ]URI[URI...]...> Configure the base, attributes, scope, and filter for uniqueness checking. Multiple URIs may be specified within a domain, allowing complex selections of objects. Multiple unique_uri statements or olcUniqueURI attributes will create independent domains, each with their own independent lists of URIs and ignore/strict settings. Keywords strict and ignore have to be enclosed in quotes (") together with the URI. The LDAP URI syntax is a subset of RFC-4516, and takes the form: ldap:///[base dn]?[attributes...]?scope[?filter] I understand from this text the following: * One can specify multiple URIs in the value of a olcUniqueURI attribute. I _guess_ these can be space-separated, even though that isn't shown in this syntax. * Each URI defines a set of object attributes * One can have multiple olcUniqueURI attributes, _each of which_ creates a 'domain' * This doesn't say what a 'domain' is, but I _guess_ that it means that all of the attributes which match the search are forced, by this overlay, to be unique, but that there are no mutual uniqueness requirements between separate olcUniqueURI/'domain' specifications * If multiple URIs are specified in a 'domain', or olcUniqueURI attribute, then (wild guess) the union of the attributes matched by each URI is unique; I doubt it means the intersection of the result sets (I guess that because that's the only thing that sounds sensible; the phrase 'complex selections of objects' doesn't clarify) * It's not clear where the quotes go, when combining with 'strict' or 'ignore' (I guess "strict ldap://..."). * Can 'strict' or 'ignore' be combined with the second or subsequent URIs? The syntax suggests not. I don't think the above understanding is correct, because when I specify a olcUniqueURI attribute with multiple URIs, I get an error (see ITS#9486 and thread <https://www.openldap.org/lists/openldap-technical/201909/msg00031.html>). At any rate, I have little confidence that I have interpreted the text correctly, and the above is the result of several careful readings and some guesswork. If the above, or something like it, is roughly correct, I could draft an alternative paragraph, if that would be useful. If the manpage included more than one example, that would be _extremely_ useful. I'll mention in passing that in servers/slapd/overlays/unique.c, the comment above `unique_new_domain` says instead * domain_specs look like * * [strict ][ignore ]uri[[ uri]...] * e.g. "ldap:///ou=foo,o=bar?uid?sub ldap:///ou=baz,o=bar?uid?sub" * "strict ldap:///ou=accounts,o=bar?uid,uidNumber?one" * etc

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs