openldap-bugs

openldap-bugs@openldap.org

1 participants
21001 discussions

(ITS#8906) Fail to download package in yocto project
by zyong＠qti.qualcomm.com 24 Aug '18

24 Aug '18

Full_Name: Yong Zhang Version: 2.4.43 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (180.166.53.43) ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${BP}.tgz is not available

1 0

(ITS#8905) Client side debug log should include timestamps
by quanah＠openldap.org 21 Aug '18

21 Aug '18

Full_Name: Quanah Gibson-Mount Version: 2.4.46 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) When specifying full debug on the client side (-d -1), there are no timestamps provided. This is problematic when trying to diagnose where the client side is having issues when connecting to the slapd server. I.e., an ldapwhoami command that takes 19 seconds to go from start to finish, while the slapd side shows everything taking 1 second or less.

1 0

(ITS#8904) Cannot enable SSL3 when disabled by default in OpenSSL
by mhonek＠redhat.com 21 Aug '18

21 Aug '18

Full_Name: Matus Honek Version: 2.4.46 OS: Fedora 28 URL: ftp://ftp.openldap.org/incoming/Matus-Honek-180821.patch Submission from: (NULL) (213.175.37.10) When in OpenSSL one disables SSL3 by default (the SSL_OP_NO_SSLv3 is set by default, like in recent Fedora distributions) then with the current code in OpenLDAP it is not possible to have it re-enabled using TLS_PROTOCOL_MIN configuration option. The attached patch explicitly clears the SSL_OP_NO_SSLv3 option when TLS_PROTOCOL_MIN is set so that SSL3 should be enabled. Feel free to use it; I believe IPR should not be necessary for a one liner. However, in the future when more protocols will be disabled by default (possibly soon for TLS1.0 and TLS1.1), similar fixes will be needed for those as well. Or, it may be decided to not support the protocols that are disabled by default but in that case probably a log message should be issued once user tries to enable a by default disabled protocol.

1 0

RE: (ITS#8848) New LDAP URL syntax to support binding to specific IP address at client side
by sudhir.singam＠nokia.com 21 Aug '18

21 Aug '18

Hi, Any comments ?? Regards, Sudhir Singam DELIVERING BEST-IN-CLASS PLATFORM is our vision -----Original Message----- From: openldap-its(a)OpenLDAP.org <openldap-its(a)OpenLDAP.org>=20 Sent: Monday, May 07, 2018 12:02 PM To: Singam, Sudhir (Nokia - IN/Bangalore) <sudhir.singam(a)nokia.com> Subject: Re: (ITS#8848) New LDAP URL syntax to support binding to specific = IP address at client side *** THIS IS AN AUTOMATICALLY GENERATED REPLY *** Thanks for your report to the OpenLDAP Issue Tracking System. Your report has been assigned the tracking number ITS#8848. One of our support engineers will look at your report in due course. Note that this may take some time because our support engineers are volunteers. They only work on OpenLDAP when they have spare time. If you need to provide additional information in regards to your issue report, you may do so by replying to this message. Note that any mail sent to openldap-its(a)openldap.org with (ITS#8848) in the subject will automatically be attached to the issue report. mailto:openldap-its@openldap.org?subject=3D(ITS#8848) You may follow the progress of this report by loading the following URL in a web browser: http://www.OpenLDAP.org/its/index.cgi?findid=3D8848 Please remember to retain your issue tracking number (ITS#8848) on any further messages you send to us regarding this report. If you don't then you'll just waste our time and yours because we won't be able to properly track the report. Please note that the Issue Tracking System is not intended to be used to seek help in the proper use of OpenLDAP Software. Such requests will be closed. OpenLDAP Software is user supported. http://www.OpenLDAP.org/support/ -------------- Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.

1 0

(ITS#8903) Add Bind Early Option to ldappasswd
by randall＠mason.ch 20 Aug '18

20 Aug '18

Full_Name: Randall Mason Version: HEAD OS: Debian Linux URL: https://gist.githubusercontent.com/ClashTheBunny/a9d2b8d0119964a0eb8a5e2ed7… Submission from: (NULL) (67.165.132.233) ldappasswd is slightly different from a standard passwd workflow in that it requests an old password, then a new password, then the old password again. This confuses people who are used to the unix passwd tool as well as people who use password manager. I've seen quite a few people who have generated a new password, overwriting the old one, and then need a password reset because they still need to bind to modify their password. This patch adds an option to bind at the beginning of the process so that you can pass '-E' to ldappasswd and it will bind early in the process so that the process is the same as the standard passwd. All it does is run the bind towards the beginning of the process instead of the end. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Randall Mason randall(a)mason.ch. I have not assigned rights and/or interest in this work to any party. I, Randall Mason, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#8902) man page update for slapadd(5)
by quanah＠openldap.org 20 Aug '18

20 Aug '18

Full_Name: Quanah Gibson-Mount Version: 2.4.46 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) The man page for slapadd's -w option needs to be updated to note that it's generally only safe to use with a cold slapcat.

1 0

(ITS#8901) slapd segfaults in mdb_env_reader_dest
by ckowalczyk＠suse.com 20 Aug '18

20 Aug '18

Full_Name: Chris Kowalczyk Version: 2.4.41 OS: SLE12 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2620:113:80c0:5::2222) Hello, I have been experiencing segfaults in mdb_env_reader_dest happening randomly, only from time to time, during shutting off openldap. After some investigation I narrowed the problem down to mdb_env_reader_dest destructor function being called after its object had been deleted while powering off the application. mdb_env_reader_dest was called automatically, because it was agginned to the object in pthread_key_create call: https://github.com/openldap/openldap/blob/master/libraries/liblmdb/mdb.c#L4… The problem was not happening often, and always during powering off, so no data was lost etc. However, due to its annoyance, I prepared a simple patch, which prevents mdb_env_reader_dest function being called if the object was already deleted. The patch works fine, I haven't seen the problem since it was introduced. I am using OpenLDAP 2.4.41, but the code seems to be the same in other versions as well. Would you like me to create a pull request for it? ========================== === The backtrace: ========================== Program terminated with signal 11, Segmentation fault. #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 4050 reader->mr_pid = 0; #thread apply all bt Thread 2 (LWP 20920): #0 0x00007f4a9ac31d9d in close () at ../sysdeps/unix/syscall-template.S:84 #1 0x000055902eaeae8c in mdb_env_close1 (env=env@entry=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4756 #2 0x000055902eaeb578 in mdb_env_close1 (env=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4779 #3 mdb_env_close (env=0x55902fce50e0) at ../../../libraries/liblmdb/mdb.c:4778 #4 0x000055902ea69114 in mdb_db_close (be=0x55902faeb300, cr=<optimized out>) at init.c:340 #5 0x000055902ea3815b in over_db_close (be=0x55902faeb300, cr=0x0) at backover.c:182 #6 0x000055902e9d8c0b in backend_shutdown (be=0x55902faeb300, be@entry=0x0) at backend.c:376 #7 0x000055902e9fa258 in slap_shutdown (be=be@entry=0x0) at init.c:232 #8 0x000055902e9af12f in main (argc=<optimized out>, argv=<optimized out>) at main.c:1027 Thread 1 (LWP 20928): #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 #1 0x00007f4a9ac2a512 in __nptl_deallocate_tsd () at pthread_create.c:176 #2 0x00007f4a9ac2a767 in start_thread (arg=0x7f4a97acc700) at pthread_create.c:347 #3 0x00007f4a9a968aad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 # frame 0 #0 mdb_env_reader_dest (ptr=0x7f4a9c71c080) at ../../../libraries/liblmdb/mdb.c:4050 4050 reader->mr_pid = 0; #p reader $1 = (MDB_reader *) 0x7f4a9c71c080 #p *reader Cannot access memory at address 0x7f4a9c71c080 ========================== === The proposed patch: ========================== diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c index 6bdf3151d..56212151b 100644 --- a/libraries/liblmdb/mdb.c +++ b/libraries/liblmdb/mdb.c @@ -4692,6 +4692,11 @@ mdb_env_close0(MDB_env *env, int excl) if (env->me_flags & MDB_ENV_TXKEY) { pthread_key_delete(env->me_txkey); + + // No need to call desctructor anymore, as all pid + // values are cleared below. + env->me_txkey = NULL; + #ifdef _WIN32 /* Delete our key from the global list */ for (i=0; i<mdb_tls_nkeys; i++)

1 0

(ITS#8900) contextCSN issue for export if last op was to delete an entry
by quanah＠openldap.org 17 Aug '18

17 Aug '18

Full_Name: Quanah Gibson-Mount Version: 2.4.46 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239) When making an export for backup using slapcat there could be issues on restore if the last operation logged was for a delete entry operation, as the contextCSN would then point to an entry that no longer exists. If that backup was then used at restoration time in an replicated environment and the master gets a write op before any replicas are online, the replicas will fallback to REFRESH mode since they can't find entry the contextCSN points to.

1 0

(ITS#8899) SLAPD failed to start after updating openldap 2.4.46
by muthaiyan1991＠gmail.com 17 Aug '18

17 Aug '18

Full_Name: Muthaiyan Vel Version: 2.4.46 OS: Solaris 10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (116.197.184.12) I have recently updated openldap to version 2.4.46. After upgrading SLAPD is failed to start. Its showing an error "slap_sasl_init: auxprop add plugin failed". I have compiled the openldap with mdb. Dependents used for openldap 2.4.46: cyrus-sasl-2.1.26 openssl-1.0.2o krb5-1.16.1 Steps to Compile OpenLDAP and Dependency: sasl Compiled without LDAP: -------------------------- export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/" ./configure --enable-auth-sasldb --disable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include make openldap: --------- export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ -L/tmp/CODE_BASE/Openldap_Upgrade/cyrus-sasl-2.1.26/lib/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/cyrus-sasl-2.1.26/plugins/.libs/" ./configure --enable-debug --with-tls=openssl --with-cyrus-sasl --enable-slapd --enable-bdb=no --enable-hdb=no --enable-mdb=yes --enable-spasswd make sasl Compiled with LDAP: ------------------------ export LDFLAGS=" -m64 -L/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ -L/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/libldap_r/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/liblber/.libs/ -L/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/libldap/.libs/" make distclean ./configure --enable-auth-sasldb --disable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include/ make ./configure --enable-auth-sasldb --with-ldap=/tmp/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/libraries/ --enable-ldapdb --with-openssl=/tmp/CODE_BASE/Openldap_Upgrade/openssl-1.0.2o/ --enable-gssapi=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/gssapi/ --with-krb5-lib=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/lib/ --with-krb5-include=/tmp/CODE_BASE/Openldap_Upgrade/krb5-1.16.1/src/include/ make Used these libraries from the above compiled source code: libldap_r-2.4.so.2 liblber-2.4.so.2 libsasl2.so.3 slapd Full Debug Log: ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /usr/local/etc/openldap/ldap.conf ldap_init: using /usr/local/etc/openldap/ldap.conf ldap_init: HOME env is / ldap_init: trying //ldaprc ldap_init: trying //.ldaprc ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL 5b770206 @(#) $OpenLDAP: slapd 2.4.46 (Aug 16 2018 21:16:43) $ root@bng-sbr-perf1:/export/local/jai/CODE_BASE/Openldap_Upgrade/openldap-2.4.46/servers/slapd ldap_pvt_gethostbyname_a: host=bng-sbr-perf1, r=0 5b770206 daemon_init: ldap://127.0.0.1:389 5b770206 daemon_init: listen on ldap://127.0.0.1:389 5b770206 daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap://127.0.0.1:389) 5b770206 daemon: listener initialized ldap://127.0.0.1:389 5b770206 daemon_init: 1 listeners opened ldap_create 5b770206 slapd init: initiated server. 5b770206 slap_sasl_init: auxprop add plugin failed 5b770206 slapd destroy: freeing system resources. 5b770206 slapd stopped. 5b770206 connections_destroy: nothing to destroy. Please help to solve this problem.

1 0

(ITS#8898) mdb_get on corrupted LMDB file crash the process
by iradization＠gmail.com 15 Aug '18

15 Aug '18

Full_Name: Irad.k Version: recent from GitHub. OS: macOS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.81.84.130) Hi, I'm working with LMDB with the following flags : MDB_NOMETASYNC | MDB_NOSUBDIR | MDB_NOTLS. Somehow, even though the DB should be ACI(without the D), it got corrupted after recovering from kernel panic, and It crashes my process when trying to access one of the records (see crash log below). Here's a link to the file : https://drive.google.com/file/d/12Q3KYYrapiJOgiaccnDL3tQACkqrM3C5/view?usp=… According to the crash log from the process, It can clearly be seen that the invalid address reside inside the mapped file region which is the lmdb mapped file, but still I get KERN_MEMORY_ERROR on that address. >From what I know, an attempt to access address within the mapped range can either retrieve the page contents directly from memory (if it's already there), or trigger page fault trap that eventually lead to reading the missing data from disk and return it to process as well. One thing that raise some concerns is that the file size is only 24k and the mapping spans over 256M. However, the file's meta data seems to be coherent to file contents. Any idea how did it happen, and what exactly in the file cause this corruption ? CRASH LOG : ---------------------------------------------------------------------- Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_MEMORY_ERROR at 0x000000010648800a Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Bus error: 10 Termination Reason: Namespace SIGNAL, Code 0xa Terminating Process: exc handler [0] VM Regions Near 0x10648800a: __LINKEDIT 0000000106464000-000000010647f000 [ 108K] r--/rwx SM=COW ^Z^C [/usr/lib/dyld] --> mapped file 000000010647f000-000000011647f000 [256.0M] r--/rwx SM=PRV Object_id=9034edd9 STACK GUARD 000070000f2b3000-000070000f2b4000 [ 4K] ---/rwx SM=NUL stack guard for thread 1 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 myprog 0x0000000101666756 mdb_page_search_root + 39 1 myprog 0x00000001016660f7 mdb_page_search + 182 2 myprog 0x00000001016614de mdb_cursor_set + 88 3 myprog 0x0000000101661476 mdb_get + 134

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs