- openldap-bugs - openldap.org

[Issue 4501] jdbcldap: use of enum reserved work (Java 1.5)
by openldap-its＠openldap.org 18 Feb '23

18 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=4501 --- Comment #5 from Fredrik Roubert <fredrik(a)roubert.name> --- Java 1.5 is no longer sufficient to be able to build this code base using a still supported JDK, so I propose updating the scope of this issue to Java 8 instead and then resolve that with this series of patches: https://git.openldap.org/openldap/jdbcldap/-/merge_requests/6 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9887] New: Offer to mirror OpenLDAP
by openldap-its＠openldap.org 13 Feb '23

13 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9887 Issue ID: 9887 Summary: Offer to mirror OpenLDAP Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: mirrors(a)jevincanders.net Target Milestone: --- Greetings, We're from Jevin Canders, a hosting company based in New York (servers are in Buffalo). We're wondering if you wanted/needed another US mirror. We're already mirroring other open source projects, including Kali Linux and F-Droid. As of next week (tentatively), our mirror server will have a 20 Gbps pipe to work with, so we'll be able to handle new projects. Let us know if you have any questions, concerns, or requests. Sincerely, Josh Anders and Kevin Croissant JC Mirrors Team -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9956] New: Please register my company on the support page
by openldap-its＠openldap.org 13 Feb '23

13 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9956 Issue ID: 9956 Summary: Please register my company on the support page Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: sjsong(a)aboutdap.kr Target Milestone: --- Hello. openldap page administrater. Please register my company on the support page. Please contact me if you need additional information. Registration phrase Seojindsa Co., Ltd. (Aboutdap Co., Ltd.)- Korea Provides consultancy, development, training and user support for OpenLDAP software in Korea. URL : seojindsa : www.seojindsa.kr, aboutdap : www.aboutdap.kr thank you. Song. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 10010] New: password/sha2 produces incorrect SHA256
by openldap-its＠openldap.org 13 Feb '23

13 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=10010 Issue ID: 10010 Summary: password/sha2 produces incorrect SHA256 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: pmenzel+bugs.openldap.org(a)molgen.mpg.de Target Milestone: --- From [Debian BTS report #1030716](https://bugs.debian.org/1030716): Dear Maintainer, we got a report[1] on Ubuntu that the contrib module password/sha2 was producing an incorrect SHA256 hash. It was confirmed for a number of releases (22.04, 22.10 and the upcoming 23.04). I checked and it also happens on current debian/sid: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= $ echo "{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= The suggested fix was to rebuild just this module with `-fno-strict-aliasing`, and indeed that fixed it in Ubuntu. Other options include: - finding the offending piece of code that is causing this optimization to misbehave - updating the module to use gnutls or openssl, whatever openldap ends up being linked with - not building/shipping this module 1. https://bugs.launchpad.net/bugs/2000817 -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9912] New: slapd attempting free on address which was not malloced
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9912 Issue ID: 9912 Summary: slapd attempting free on address which was not malloced Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: kimjuhi96(a)snu.ac.kr Target Milestone: --- Providing following command-line input results in invalid free. ./servers/slapd/slapd -h1 -h1 This issue exists in openldap-2.6.3 and the master branch of git. Environment: - Ubuntu 20.04 - clang-14.0.6 with CFLAGS="-fsanitize=address" Backtrace: ================================================================= ==3323395==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7ffc8512c238 in thread T0 #0 0x4d0077 (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x4d0077) #1 0xb77152 (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0xb77152) #2 0x65ff02 (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x65ff02) #3 0x5168a9 (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x5168a9) #4 0x7ff21bd3c082 (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #5 0x42130d (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x42130d) Address 0x7ffc8512c238 is located in stack of thread T0 at offset 10072 in frame #0 0x515fef (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x515fef) This frame has 10 object(s): [32, 36) 'rc' (line 220) [48, 52) 'syslogUser' (line 230) [64, 72) 'waitfds' (line 234) [96, 100) 'level' (line 402) [112, 128) 'opt' (line 432) [144, 148) 'opt393' (line 717) [160, 168) 'errmsg' (line 726) [192, 196) 'buf' (line 778) [208, 336) 'ebuf' (line 798) [368, 496) 'ebuf524' (line 821) <== Memory access at offset 10072 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: bad-free (/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x4d0077) ==3323395==ABORTING -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9951] New: lloadd can lock up in cn=monitor modify
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9951 Issue ID: 9951 Summary: lloadd can lock up in cn=monitor modify Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- lload_monitor_conn_modify's callers have borrowed the cn=monitor entry from the cache, however it also observes memory management, so if the connection is released and it is the last thread around, it might be responsible for freeing it via epoch_leave(). However freeing it also requires that the connection be removed from cn=monitor and we can deadlock there. A fix is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9913] New: Some lloadd shutdown code doesn't protect memory correctly
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9913 Issue ID: 9913 Summary: Some lloadd shutdown code doesn't protect memory correctly Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- During shutdown, clients_destroy and tier_destroy are called while worker threads might still be alive, therefore they need to participate in memory management. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9907] New: lloadd config/shutdown leaks
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9907 Issue ID: 9907 Summary: lloadd config/shutdown leaks Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- lloadd leaks some memory in cn=config and at shutdown time. Fixes coming -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9906] New: cn=monitor leaks in lloadd
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9906 Issue ID: 9906 Summary: cn=monitor leaks in lloadd Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- lloadd registers various types of monitor_subsys_t but currently doesn't tear all parts of them down correctly, leaking memory on server shutdown. Partly down to how back-monitor shutdown works at the moment. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9931] New: test079 broken on MacOSX
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9931 Issue ID: 9931 Summary: test079 broken on MacOSX Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Strictly-conforming getopt doesn't allow mixing of -options and plain args. All documentation shows that LDAP attributes must be last on the ldapsearch commandline, but the script is putting additional -options after the olmDbConnURI attribute specification, which causes the following -options to be ignored and the search command fails. -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9991] New: slapd may close a connection twice
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9991 Issue ID: 9991 Summary: slapd may close a connection twice Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- If slapd is sending an entry to a client, and the client is sending an Unbind request and disconnecting at the same time, send_ldap_ber() will get an error attempting to write on the dead socket. It will then try to call connection_closing() to close the connection. But the frontend may also have gotten a read error on the dead socket, and handled the close there already. By the time send_ldap_ber() acquires the c_mutex and actually calls connection_closing(), the conn struct may have already been assigned to a new connection, and the connection_closing() call will erroneously close an active session. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9955] UTF8bvnormalize() overruns
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9955 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9940] New: slapadd segfault with -w on a subordinate database
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9940 Issue ID: 9940 Summary: slapadd segfault with -w on a subordinate database Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dhawes(a)gmail.com Target Milestone: --- I've noticed sporadic segfaults when using slapadd with -w and an LDIF that contains entries on a subordinate database. Removing -w prevents the segfault. I finally had some time to look at this, and the results are odder than I expected. gdb bt: ===== Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055c2096c1ffd in dnIsSuffix (dn=0x55c20b82c7b8, suffix=0x55c20b749520) at dn.c:1192 1192 if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) { (gdb) bt #0 0x000055c2096c1ffd in dnIsSuffix (dn=0x55c20b82c7b8, suffix=0x55c20b749520) at dn.c:1192 #1 0x000055c20974262e in glue_back_select (be=0x7fff683fc5a0, dn=0x55c20b82c7b8) at backglue.c:77 #2 0x000055c209745473 in glue_entry_release_rw (op=0x7fff683fc840, e=0x55c20b82c7a0, rw=0) at backglue.c:927 #3 0x000055c20974824d in overlay_entry_release_ov (op=0x7fff683fc840, e=0x55c20b82c7a0, rw=0, on=0x55c20b78d870) at backover.c:439 #4 0x000055c20974841f in over_entry_release_rw (op=0x7fff683fc840, e=0x55c20b82c7a0, rw=0) at backover.c:483 #5 0x000055c2096b5f94 in be_entry_release_rw (op=0x7fff683fc840, e=0x55c20b82c7a0, rw=0) at backend.c:958 #6 0x000055c209750a3d in slap_tool_update_ctxcsn (progname=0x55c209813b08 "slapadd", sid=18446744073709551615, bvtext=0x7fff683fca20) at slapcommon.c:1015 #7 0x000055c20974e108 in slapadd (argc=11, argv=0x7fff683fce68) at slapadd.c:502 #8 0x000055c209672e56 in main (argc=11, argv=0x7fff683fce68) at main.c:723 (gdb) print *dn $1 = {bv_len = 94291905136528, bv_val = 0x0} ===== dn->bv_val is NULL in this case. This dumb patch prevents the segfault, but does not fix the root issue: ===== --- openldap-2.5.13/servers/slapd/dn.c 2022-07-14 13:09:57.000000000 -0400 +++ openldap-2.5.13-mod/servers/slapd/dn.c 2022-10-25 21:14:13.068933734 -0400 @@ -1188,6 +1188,11 @@ return 0; } + /* dn is null */ + if (dn->bv_val == NULL) { + return 0; + } + /* no rdn separator or escaped rdn separator */ if ( d > 1 && !DN_SEPARATOR( dn->bv_val[ d - 1 ] ) ) { return 0; ===== When I started creating a minimal config for this issue, things got stranger. First, the config: ===== include /usr/local/openldap-2.5.13/etc/openldap/schema/core.schema database mdb suffix "ou=Subordinate,dc=vt,dc=edu" subordinate rootdn "cn=Manager,dc=vt,dc=edu" directory /usr/local/openldap-2.5.13/var/openldap-data/subordinate maxsize 17179869184 index objectClass eq index uid,entryCSN,entryUUID eq database mdb suffix "dc=vt,dc=edu" rootdn "cn=Manager,dc=vt,dc=edu" directory /usr/local/openldap-2.5.13/var/openldap-data/mdb maxsize 17179869184 index objectClass eq index uid,entryCSN,entryUUID eq ===== The LDIF: ===== dn: dc=vt,dc=edu objectClass: dcObject objectClass: organization o: Virginia Tech dc: vt structuralObjectClass: organization entryUUID: e906e392-731f-1034-98c4-c3e119ef52ff creatorsName: cn=Manager,dc=vt,dc=edu createTimestamp: 20150409161915Z entryCSN: 20150409161915.467619Z#000000#000#000000 modifiersName: cn=Manager,dc=vt,dc=edu modifyTimestamp: 20150409161915Z contextCSN: 20221025003300.622285Z#000000#000#000000 dn: ou=Subordinate,dc=vt,dc=edu objectClass: dcObject objectClass: organizationalUnit dc: vt ou: subordinate structuralObjectClass: organizationalUnit entryUUID: 40b0b450-7321-1034-9e54-3f41091a54c5 creatorsName: cn=Manager,dc=vt,dc=edu createTimestamp: 20150409162852Z entryCSN: 20150409162852.039034Z#000000#000#000000 modifiersName: cn=Manager,dc=vt,dc=edu modifyTimestamp: 20150409162852Z ===== Unfortunately, that config and LDIF did not result in a segfault, but I noticed that in my LDIFs that do, there is data after the subordinate entry, but that data is commented out. Adding a small comment did not affect things, but adding a large comment at the end of the LDIF did (4113 characters): ===== #000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a ===== If you remove the 'a' from the end of that comment, there is no segfault. Note that this is sporadic, so I'm running in a loop to detect it: for i in {1..10}; do rm /usr/local/openldap-2.5.13/var/openldap-data/*/*.mdb; slapadd -q -w -b dc=vt,dc=edu -l ./minimal.ldif; done; This also seems to be the case with entries after the subordinate entry that have long attribute values (1027 characters, only tested with dc): ===== dn: ou=1,dc=vt,dc=edu objectClass: dcObject objectClass: organizationalUnit dc: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a ou: 1 structuralObjectClass: organizationalUnit entryUUID: 40b0b450-7321-1034-9e54-3f41091a54c5 creatorsName: cn=Manager,dc=vt,dc=edu createTimestamp: 20150409162852Z entryCSN: 20150409162852.039034Z#000000#000#000000 modifiersName: cn=Manager,dc=vt,dc=edu modifyTimestamp: 20150409162852Z ===== Remove the 'a' from the end of dc, and no segfault. I hope that's enough information to recreate this issue. I'm still looking at it, but I haven't found the root cause yet. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9937] New: slapd buffer overflow in put_simple_filter()
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9937 Issue ID: 9937 Summary: slapd buffer overflow in put_simple_filter() Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: kimjuhi96(a)snu.ac.kr Target Milestone: --- Running this results in heap buffer overflow. ./servers/slapd/slapd -T c -a= SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/juhee/project/foxfuzz/programs/network/openldap-test/servers/slapd/slap d+0x726702) Shadow bytes around the buggy address: 0x0c047fffcb10: fa fa 00 07 fa fa 00 00 fa fa 03 fa fa fa 00 05 0x0c047fffcb20: fa fa 02 fa fa fa 02 fa fa fa 03 fa fa fa 07 fa 0x0c047fffcb30: fa fa 02 fa fa fa 03 fa fa fa 06 fa fa fa 00 03 0x0c047fffcb40: fa fa 00 06 fa fa 00 02 fa fa 00 01 fa fa 00 04 0x0c047fffcb50: fa fa 00 00 fa fa 00 fa fa fa 00 02 fa fa 02 fa =>0x0c047fffcb60: fa[fa]02 fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcbb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2262407==ABORTING Breakpoint 1, 0x00005555556ca320 in __asan_report_load1 () gdb-peda$ bt #0 0x00005555556ca320 in __asan_report_load1 () #1 0x0000555555c7a703 in put_simple_filter () #2 0x0000555555c7a309 in ldap_pvt_put_filter () #3 0x000055555588ca2b in str2filter_x () #4 0x000055555588ced4 in str2filter () #5 0x0000555555a31b61 in slap_tool_init () #6 0x0000555555a2e34d in slapcat () #7 0x0000555555708e1f in main () #8 0x00007ffff78cc083 in __libc_start_main (main=0x555555706ef0 <main>, argc=0x4, argv=0x7fffffffdfc8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfb8) at ../csu/libc-start.c:308 #9 0x000055555561011e in _start () -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9935] New: buffer overflow in UTF8StringValidate
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9935 Issue ID: 9935 Summary: buffer overflow in UTF8StringValidate Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: kimjuhi96(a)snu.ac.kr Target Milestone: --- I get a heap buffer overflow running this on the latest openldap on git. Built with CFLAGS="-fsanitize=address" using clang 15. ./servers/slapd/slapd $(python2 -c 'print("-Td \x4c\x3d\xc2\x8c\xf0\xf0")') SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/juhee/project/foxfuzz/programs/network/openldap-ori/servers/slapd/slapd +0x3961ac) Shadow bytes around the buggy address: 0x0c047fffcb00: fa fa 00 06 fa fa 00 00 fa fa 00 07 fa fa 00 00 0x0c047fffcb10: fa fa 00 07 fa fa 00 00 fa fa 03 fa fa fa 00 05 0x0c047fffcb20: fa fa 02 fa fa fa 02 fa fa fa 03 fa fa fa 07 fa 0x0c047fffcb30: fa fa 02 fa fa fa 03 fa fa fa 06 fa fa fa 00 03 0x0c047fffcb40: fa fa 00 06 fa fa 00 02 fa fa 00 01 fa fa 00 04 =>0x0c047fffcb50: fa fa 00 00 fa fa 00 fa fa fa 00 02 fa fa[05]fa 0x0c047fffcb60: fa fa 00 00 fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fffcba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2202218==ABORTING Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff78ca859 in __GI_abort () at abort.c:79 #2 0x00005555556eb04f in __sanitizer::Abort () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp:143 #3 0x00005555556e8aac in __sanitizer::Die () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:58 #4 0x00005555556c5dda in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7fffffffc4d6, __in_chrg=<optimized out>) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_report.cpp:192 #5 0x00005555556c6461 in __asan::ReportGenericError (pc=<optimized out>, bp=0x7fffffffd140, sp=0x7fffffffd138, addr=0x602000025af5, is_write=is_write@entry=0x0, access_size=0x1, fatal=0x1, exp=<optimized out>) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_report.cpp:199 #6 0x00005555556c99d6 in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=0x7fffffffd140, sp=sp@entry=0x7fffffffd138, addr=<optimized out>, is_write=is_write@entry=0x0, access_size=access_size@entry=0x1, exp=<optimized out>, fatal=0x1) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_atomic_clang.h:74 #7 0x00005555556ca34c in __asan::__asan_report_load1 (addr=<optimized out>) at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:118 #8 0x00005555558ea1ad in UTF8StringValidate () #9 0x000055555581e5a7 in LDAPRDN_rewrite () #10 0x000055555581d059 in LDAPDN_rewrite () #11 0x0000555555820f7f in dnPrettyNormal () #12 0x0000555555a37d1d in slapdn () #13 0x000055555570901f in main () #14 0x00007ffff78cc083 in __libc_start_main (main=0x555555706ef0 <main>, argc=0x3, argv=0x7fffffffdfd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdfc8) at ../csu/libc-start.c:308 #15 0x000055555561011e in _start () at /home/juhee/project/foxfuzz/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_internal_defs.h:397 -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9930] New: test050 deadlock on BSD OSes
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9930 Issue ID: 9930 Summary: test050 deadlock on BSD OSes Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Initially reported to me directly as an issue with NetBSD 9.1, I was able to reproduce this with FreeBSD 13.1 as well. Investigation ongoing. Running test050 in a loop eventually results in a deadlock in one of the 4 slapd provider processes. -- You are receiving this mail because: You are on the CC list for the issue.

1 15

[Issue 9898] New: slapd-addel.c contains invalid struct initialization which does not compile on HP-UX aCC
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9898 Issue ID: 9898 Summary: slapd-addel.c contains invalid struct initialization which does not compile on HP-UX aCC Product: OpenLDAP Version: 2.6.3 Hardware: All OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- My compiler (cc: HP C/aC++ B3910B A.06.29 [Oct 18 2016]) gives me: /opt/aCC/bin/aCC -Ae -g -I../../include -I../../include -I/opt/ports/include -I/opt/ports/include -c -o slapd-addel.o slapd-addel.c "slapd-addel.c", line 68: error #2029: expected an expression LDIFRecord record = {}; ^ "slapd-addel.c", line 70: error #2029: expected an expression struct berval bv = {}; ^ This is invalid C code, it can be easily solved by using "{0}" and the code does compile. -- You are receiving this mail because: You are on the CC list for the issue.

1 11

[Issue 9892] New: LDAP_TXN_SPECIFY assumes cleanup responsibility for writes but never performs it
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9892 Issue ID: 9892 Summary: LDAP_TXN_SPECIFY assumes cleanup responsibility for writes but never performs it Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When TXN extop is accepted and the client sends some write ops, the cleanup path is skipped within do_modify/do_add/... however the data is never actually freed when the transaction is being settled (regardless of whether it was committed successfully or aborted). Confirmed to happen with do_modify by tests/scripts/lloadd/test007-coherence, for others it's my assumption based on reading the code. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9880] New: reqStart filter with trailing zeros is truncated, which breaks certain searches
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9880 Issue ID: 9880 Summary: reqStart filter with trailing zeros is truncated, which breaks certain searches Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: subbarao(a)computer.org Target Milestone: --- Note: ITS#9358 seems to address this very issue, but it doesn't seem to help this particular case. Certain range searches with reqStart on the changelog don't work as expected. For example: (!(reqStart<=20220707123456.000000Z)) The idea here is to grab all entries strictly greater than the timestamp. But slapd truncates zeros in this filter, rewriting it to: (!(reqStart<=20220707123456Z)) As a result, the reqStart=20220707123456.000000Z entry is the first match since it is greater than 20220707123456Z, which is not the desired behavior. I was able to reproduce this issue on 2.5.12 as follows: 1) Start the test043-delta-syncrepl test, let it run almost to the end so that it makes many changes, and then hit ^Z to suspend the script. I waited until one of the last occurrences of "Waiting 7 seconds for syncrepl to receive changes". 2) pkill -CONT -f slapd to restart slapd (but not the test script) 3) ldapsearch -x -h localhost:9011 -b cn=log objectclass=top | grep '^dn:.*.000000Z' Look for a change with all trailing zeros. It's not as rare as one might think, I saw at least one trailing-zeros change in two consecutive runs of the test script. I suppose you could also just create an entry with all trailing zeros in the accesslog :-) 4) Run a range search to only return changes after that change (I used -z 1 and -s one so that it would only give me one result): ldapsearch -x -z 1 -h localhost:9011 -b cn=log -s one '(!(reqStart<=20220708012121.000000Z))' If you see the same entry, then the problem is present. 5) Even if you can't have an accesslog entry with all trailing zeros, you can still do the above search verbatim and look at the slapd log file testrun/slapd.1.log: 62c7873f.145b4396 0x7fabf14c9700 conn=1011 op=1 SRCH base="cn=log" scope=1 deref =0 filter="(!(reqStart<=20220708012121Z))" The filter being rewritten in the server log seems to indicate that trailing zeros are being truncated somewhere. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9966] New: slapd crashes in pcache consistency_check()
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9966 Issue ID: 9966 Summary: slapd crashes in pcache consistency_check() Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: aweits(a)rit.edu Target Milestone: --- The pcache overlay (when run with multiple templates) crashes in the consistency checker. Cause appears to be that "expires" is not reset for the next iteration of the template loop. I can provide more details if necessary. Server does not crash with this in place: diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 423c19641e72..7b9e2061f927 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -3628,6 +3628,8 @@ consistency_check( if ( rem ) free_query(query); } + expires = NULL; + /* handle refreshes that we skipped earlier */ if ( templ->ttr ) { ldap_pvt_thread_rdwr_rlock(&templ->t_rwlock); valgrind says: ==217138== Thread 13: ==217138== Invalid read of size 8 ==217138== at 0x63949EE: consistency_check (pcache.c:3604) ==217138== by 0x48A5DB9: ldap_int_thread_pool_wrapper (tpool.c:1053) ==217138== by 0x5016801: start_thread (in /usr/lib64/libc.so.6) ==217138== by 0x4FB6313: clone (in /usr/lib64/libc.so.6) ==217138== Address 0x6d14c60 is 160 bytes inside a block of size 240 free'd ==217138== at 0x48470E4: free (vg_replace_malloc.c:872) ==217138== by 0x63949DE: UnknownInlinedFun (pcache.c:1548) ==217138== by 0x63949DE: consistency_check (pcache.c:3628) ==217138== by 0x48A5DB9: ldap_int_thread_pool_wrapper (tpool.c:1053) ==217138== by 0x5016801: start_thread (in /usr/lib64/libc.so.6) ==217138== by 0x4FB6313: clone (in /usr/lib64/libc.so.6) ==217138== Block was alloc'd at ==217138== at 0x484486F: malloc (vg_replace_malloc.c:381) ==217138== by 0x48C8804: ber_memalloc_x (memory.c:228) ==217138== by 0x4598C2: ch_malloc (in /usr/local/libexec/slapd) ==217138== by 0x6391276: add_query (pcache.c:1562) ==217138== by 0x639ADEF: pcache_op_cleanup (pcache.c:2376) ==217138== by 0x52498D: ??? (in /usr/local/libexec/slapd) ==217138== by 0x452C32: ??? (in /usr/local/libexec/slapd) ==217138== by 0x4536BC: slap_send_ldap_result (in /usr/local/libexec/slapd) ==217138== by 0x4CF9EA: ldap_back_search (in /usr/local/libexec/slapd) ==217138== by 0x4BD022: overlay_op_walk (in /usr/local/libexec/slapd) ==217138== by 0x4BD1A0: ??? (in /usr/local/libexec/slapd) ==217138== by 0x4415D8: fe_op_search (in /usr/local/libexec/slapd) ==217138== Happy Holidays! -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9960] New: Problem with accesslog overlay along with dynlist overlay
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9960 Issue ID: 9960 Summary: Problem with accesslog overlay along with dynlist overlay Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: carsten.jaeckel(a)tu-dortmund.de Target Milestone: --- As long as only the accesslog overlay is used the logging works as expected. Successfully logged search access: ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W -b dc=users,dc=example,dc=com cn=user1 mail Result of ldapsearch -H ldaps://ldap.example.com:636 -D cn=log -W -b cn=log objectclass=*: ###################################### ... # 20221212145029.000000Z, log dn: reqStart=20221212145029.000000Z,cn=log objectClass: auditBind reqStart: 20221212145029.000000Z reqEnd: 20221212145029.000001Z reqType: bind reqSession: 1022 reqAuthzID: reqDN: cn=manager,dc=example,dc=com reqResult: 0 reqVersion: 3 reqMethod: SIMPLE # 20221212145029.000002Z, log dn: reqStart=20221212145029.000002Z,cn=log objectClass: auditSearch reqStart: 20221212145029.000002Z reqEnd: 20221212145029.000003Z reqType: search reqSession: 1022 reqAuthzID: manager,dc=example,dc=com reqDN: dc=users,dc=example,dc=com reqResult: 0 reqScope: sub reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (cn=user1) reqAttr: mail reqEntries: 1 reqTimeLimit: -1 reqSizeLimit: -1 # 20221212145029.000004Z, log dn: reqStart=20221212145029.000004Z,cn=log objectClass: auditObject reqStart: 20221212145029.000004Z reqEnd: 20221212145029.000005Z reqType: unbind reqSession: 1022 reqAuthzID: manager,dc=example,dc=com ###################################### After adding overlay dynlist the information in the accesslog database after the same search operation ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W -b dc=users,dc=example,dc=com cn=user1 mail is as follows: ###################################### ... # 20221212144859.000000Z, log dn: reqStart=20221212144859.000000Z,cn=log objectClass: auditBind reqStart: 20221212144859.000000Z reqEnd: 20221212144859.000001Z reqType: bind reqSession: 1019 reqAuthzID: reqDN: manager,dc=example,dc=com reqResult: 0 reqVersion: 3 reqMethod: SIMPLE # 20221212144859.000002Z, log dn: reqStart=20221212144859.000002Z,cn=log objectClass: auditSearch reqStart: 20221212144859.000002Z reqEnd: 20221212144859.000003Z reqType: search reqSession: 1019 reqAuthzID: manager,dc=example,dc=com reqDN: dc=users,dc=example,dc=com reqResult: 0 reqScope: sub reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (objectClass=groupOfURLs) reqAttr: memberURL reqEntries: 0 reqTimeLimit: -1 reqSizeLimit: -1 # 20221212144859.000005Z, log dn: reqStart=20221212144859.000005Z,cn=log objectClass: auditObject reqStart: 20221212144859.000005Z reqEnd: 20221212144859.000006Z reqType: unbind reqSession: 1019 reqAuthzID: manager,dc=example,dc=com ###################################### Configuration: ###################################### dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb ... olcSuffix: dc=example,dc=com olcSyncUseSubentry: FALSE dn: olcOverlay={0}refint,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: {0}refint olcRefintAttribute: member olcRefintAttribute: memberOf olcRefintNothing: cn=tgroup,dc=groups,dc=example,dc=com dn: olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcPPolicyConfig objectClass: top olcOverlay: {1}ppolicy olcPPolicyHashCleartext: TRUE dn: olcOverlay={2}dynlist,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcDynListConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {2}dynlist olcDynListAttrSet: {0}groupOfURLs memberURL member+memberOf@groupOfNames dn: olcOverlay={3}lastbind,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 86400 dn: olcOverlay={4}accesslog,olcDatabase={1}mdb,cn=config objectClass: olcAccessLogConfig objectClass: olcConfig objectClass: olcOverlayConfig objectClass: top olcAccessLogDB: cn=log olcOverlay: {4}accesslog olcAccessLogOld: (objectClass=inetOrgPerson) olcAccessLogOldAttr: description olcAccessLogOps: all olcAccessLogPurge: 01:00 00:15 ###################################### -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9929] New: slapo-dynlist unnecessary search for dynamic lists
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9929 Issue ID: 9929 Summary: slapo-dynlist unnecessary search for dynamic lists Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- An extra initial search is performed by slapo-dynlist to make dynamic groups filterable. This search is not needed for dynamic lists, but is still occurring. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9924] New: Increased/RunAway memory usage slapo-deref
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9924 Issue ID: 9924 Summary: Increased/RunAway memory usage slapo-deref Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: erikdewaard(a)gmail.com Target Milestone: --- Created attachment 916 --> https://bugs.openldap.org/attachment.cgi?id=916&action=edit slapd.conf Increased/RunAway memory usage slapo-deref Running: 2.5.13 After enabling slapo-deref slapd memory usage increased and growing. I can reproduce this on every consumer with deref enabled. From: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 173229 ldap 20 0 26.6g 1.0g 941996 S 4.0 0.8 3674:19 slapd To: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2745810 ldap 20 0 141.5g 115.8g 468940 S 3.0 92.5 312:42.93 slapd How best to debug this? I should probably recompile to get all symbols for slapd available. #valgrind.sh valgrind --leak-check=full \ --show-leak-kinds=all \ --extra-debuginfo-path=/usr/lib/debug/usr/lib64/openldap \ --allow-mismatched-debuginfo=yes \ --track-origins=yes \ --error-limit=no \ --verbose \ --log-file=valgrind-out.txt \ /usr/sbin/slapd -F /etc/openldap/slapd.d -u ldap -h "ldap:/// ldaps:/// ldapi:///" #mleak.sh LD_PRELOAD=/tmp/mleak/mleak.so \ /usr/sbin/slapd -F /etc/openldap/slapd.d -u ldap -h "ldap:/// ldaps:/// ldapi:///" sent kill -2 #mleak_report.sh ./mdump /usr/sbin/slapd ml.* ./report.sh | more fncdump: Cant open linux-vdso.so.1 Memory leaks (14480 total): -- You are receiving this mail because: You are on the CC list for the issue.

1 16

[Issue 9915] New: Changing slapo-unique to use serialize causes cn=config replication to fail
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9915 Issue ID: 9915 Summary: Changing slapo-unique to use serialize causes cn=config replication to fail Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- I updated my slapo-unique configuration from: olcUniqueURI: ldap:///?uid?sub? to olcUniqueURI: "serialize ldap:///?uid?sub?" and replication of the config database fails with the following error: syncrepl_null_callback: error code 0x50 syncrepl_entry: rid=001 be_modify olcOverlay={2}unique,olcDatabase={2}mdb,cn=config (80) syncrepl_entry: rid=001 be_modify failed (80) -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9897] New: ldapcompare return FALSE when dynlist in use
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9897 Issue ID: 9897 Summary: ldapcompare return FALSE when dynlist in use Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: sdalu(a)sdalu.com Target Milestone: --- The server configuration enable dynlist with: overlay dynlist dynlist-attrset groupOfURLs memberURL member Entry is: dn: cn=Admins,ou=Services,ou=Members,dc=zog,dc=com member: uid=foo,ou=People,dc=zog,dc=com cn: Admins objectClass: groupOfNames The ldap compare will return false, was expected true ldapcompare -x cn=Admins,ou=Services,ou=Members,dc=zog,dc=com member:uid=foo,ou=People,dc=zog,dc=com Now if I comment the dynlist-attrset directive, I will get TRUE for the same ldapcompare request -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9984] New: Balancer listener thread exits when all listeners are suspended
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9984 Issue ID: 9984 Summary: Balancer listener thread exits when all listeners are suspended Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- If lloadd runs out of file descriptors, the listeners are paused temporarily, however the event base is not configured to stick around if all of its tasks have finished. In case all of the listeners are paused, the event base exits and listener thread goes away. A patch is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9983] New: operation_unlink files the operation before it is fully unlinked
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9983 Issue ID: 9983 Summary: operation_unlink files the operation before it is fully unlinked Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- In epoch based memory management, objects should only be submitted for reclaiming when no actors can reach them unless they've done that before the submission happened. This is broken in operation_unlink(): It calls try_release_ref() at the beginning where the operation is added to the to-reclaim list, only then it proceeds to unlink it from other objects. The following sequence is then possible: - current_epoch == 1 (no threads are alive in epoch == 0) - in thread 1 (epoch = 1), try_release_ref() marks the object to be reclaimed in current_epoch - thread 2 activates and current_epoch is incremented (current_epoch == 2) - thread 2 handles an Unbind for the operation's client and reaches client_reset() (epoch == 2) - thread 2 (client_reset) snapshots and clears client->c_ops (among other things, c->c_ops links to our object) - thread 1 finishes operation_unlink, deactivates and there are no more threads in epoch == 1 - thread 3 activates and current_epoch is incremented (current_epoch == 3), there are objects in epoch == 1, namely the object above which is now destroyed (freed) - thread 2 wakes up again and tries to call operation_abandon on the above object, this accesses memory freed epoch_append (and try_release_ref) should only be called when unlinking has finished. I'm testing a patch right now. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9947] New: Race in epoch.c
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9947 Issue ID: 9947 Summary: Race in epoch.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When epoch_leave() tests whether other threads might still be alive, it can test things in reverse order, testing too early to catch a thread to come in and too late to see a thread that just left. If those two saw each other, the clock would not advance and the data in refs might actually still be a reachable pointer. The tests in epoch_leave can actually be simplified leading to machine code not all compilers could figure out by themselves. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9925] New: Fix some compilation issues around usage of #if and #ifdef
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9925 Issue ID: 9925 Summary: Fix some compilation issues around usage of #if and #ifdef Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: connor.smith(a)hitachivantara.com Target Milestone: --- Created attachment 918 --> https://bugs.openldap.org/attachment.cgi?id=918&action=edit git format-patch I noticed a few issues while working with OpenLDAP that would lead to compiler warnings and the like in our particular build environment. They're quite minor, but it would still be good to have them patched upstream. In include/ac/socket.h: Use #elif defined(...) for HAVE_WINSOCK and MACOS. All other instances of these macros use #ifdef or similar. A compiler may warn about them not being defined. In libraries/liblber/sockbuf.c, (DOS && PCNFS) and (DOS && NCSA) were replaced with HAVE_PCNFS and HAVE_NCSA, respectively. It seems logical to do the same at the only remaining occurrence of DOS, PCNFS, and NCSA. For context on the latter: the actual warning was about #elif DOS, similar to #elif HAVE_WINSOCK and #elif MACOS, but looking into it it seemed to make sense to bring socket.h in line with sockbuf.c. In libraries/liblunicode/ucdata/ucgendat.c: Use #if HARDCODE_DATA consistently, replacing two instances of #ifdef. HARDCODE_DATA is always defined, and this way you can set HARDCODE_DATA to 0 and have it work, rather than it going down the wrong branch and failing in these two cases. An IPR notice, with this work having been done as part of my employment: The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch were developed by Hitachi Vantara. Hitachi Vantara has not assigned rights and/or interest in this work to any party. I, Connor Smith, am authorized by Hitachi Vantara, my employer, to release this work under the following terms. Hitachi Vantara hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. Please let me know if there are any issues with the attached patch, or if there's anything else I need to do. Thanks. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9904] New: A Potential NPD
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9904 Issue ID: 9904 Summary: A Potential NPD Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: 1157401338(a)qq.com Target Milestone: --- Created attachment 911 --> https://bugs.openldap.org/attachment.cgi?id=911&action=edit diagram of NPD Hi, I found a NPD bug in the project source code of ldap, and I have shown the execution sequence of the program that may have generated the bug on a diagram,which is added to the attachment The red text illustrates the steps that created the bug the red arrows represent the call relationships the file path can be seen in the blue framed section. additionally,at step 4 I do not expand more detail about why function ber_memalloc_x can return null(actually it can be seen as function malloc and the reason ber_memalloc_x return null is same with malloc),because there are many code snippet can be found in project source code that judge whether ber_memalloc_x return null and make further process if return value equal to null. I look forward to your reply and thank you very much for your patience! -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9901] New: Fix non-standard printf arguments in liblbert and libldap
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9901 Issue ID: 9901 Summary: Fix non-standard printf arguments in liblbert and libldap Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- Created attachment 910 --> https://bugs.openldap.org/attachment.cgi?id=910&action=edit Patch gainst source tarball As a followup to Bug 9898 and Bug 9899 I have played around with LLVM 13 and "-std=c17 -pedantic -Wall" it fails to compile several files. Find a patch attached which makes it standards compliant. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9899] New: "cyrus.c" uses non-portable GNU extension for void pointer arithmetics and fails on HP-UX aCC
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9899 Issue ID: 9899 Summary: "cyrus.c" uses non-portable GNU extension for void pointer arithmetics and fails on HP-UX aCC Product: OpenLDAP Version: 2.6.3 Hardware: All OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- On HP-UX with cc: HP C/aC++ B3910B A.06.29 [Oct 18 2016] tells me libtool: compile: /opt/aCC/bin/aCC -Ae -g -I../../include -I../../include -I/opt/ports/include -DLDAP_LIBRARY -c cyrus.c -DPIC -o .libs/cyrus.o "cyrus.c", line 420: error #3143: arithmetic on pointer to void or function type memcpy( cb_data + plen, cbv.bv_val, cbv.bv_len ); ^ 1 error detected in the compilation of "cyrus.c". gmake[2]: *** [Makefile:434: cyrus.lo] Error 1 void pointer arithmetics is not valid/undefined and just a GNU extension supported by GCC or clang. I was able to reproduce this on FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303): osipovmi@deblndw011x:~/var/Projekte/openldap-2.6.3/libraries/libldap $ cc -std=c17 -I../../include -I../../include -I/usr/local/include -DLDAP_LIBRARY -c cyrus.c -o cyrus.o -pedantic -Werror cyrus.c:420:18: error: arithmetic on a pointer to void is a GNU extension [-Werror,-Wpointer-arith] memcpy( cb_data + plen, cbv.bv_val, cbv.bv_len ); ~~~~~~~ ^ 1 error generated. I am not a daily C hacker, but I guess cb_data needs to be typed to "unsigned char" just like data from sasl_channel_binding_t (https://github.com/cyrusimap/cyrus-sasl/blob/cb549ef71c5bb646fe583697ebdcab…). Or at least a malloc with an "unsigned char", save the pointer start address, copy the prefix, increment by prefix length, copy the channel binding value and then assign the pointer start address to the output struct. I will unset SASL_CHANNEL_BINDING for now since it is not required in your AD environment when SASL GSSAPI with minssf=1 is set. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9976] New: ldap_sasl_bind_s man page missing details on freeing the returned servercredp parameter
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9976 Issue ID: 9976 Summary: ldap_sasl_bind_s man page missing details on freeing the returned servercredp parameter Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: wmjchs(a)hotmail.com Target Milestone: --- Source code for ldap_sasl_bind_s shows that the parameter is to be freed via ber_bvfree when no longer used. (https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…) However, the documentation (https://www.openldap.org/software/man.cgi?query=ldap_sasl_bind_s&apropos=0&…) makes no mention of this. The following sources also omitted this information: https://linux.die.net/man/3/ldap_sasl_bind_s https://www.ibm.com/docs/en/i/7.4?topic=ssw_ibm_i_74/apis/ldap_sasl_bind_s.… https://learn.microsoft.com/en-us/windows/win32/api/winldap/nf-winldap-ldap… While the following didn't: https://www.novell.com/documentation/developer/cldap/ldaplibc/data/a401rtp.… https://www.ibm.com/docs/en/zos/2.3.0?topic=routines-ldap-sasl-bind-ldap-sa… https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp57022 -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9957] New: slapo-dynlist manpage needs better description of dynlist-attrset
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9957 Issue ID: 9957 Summary: slapo-dynlist manpage needs better description of dynlist-attrset Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Each dynlist-attrset defines one of three distinct behaviours: - dynamic list (attributes are gathered from other entries) - dynamic group (DNs are gathered based on other entries) - static group (DNs are gathered based on DNs stored on entries) With the groups possibly being recursive, requiring traversal. Since the above do not mix, the documentation should be more explicit about how each one should look and behave. It should also be noted somewhere what happens (or not) when multiple dynlist-attrset stanzas would apply to the same entry. At that point, configuration code could also be made more strict to reject configurations that satisfy the apparent dynlist-attrset syntax but do not actually represent anything that fits just one of the above and is therefore nonsensical (with parts of it apparently ignored at runtime). With nonsensical configuration rejected, it would be possible to streamline internal dynlist structures and make critical parts of the overlay code more readable. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9941] New: back-asyncmeta(5) man page has incorrect information
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9941 Issue ID: 9941 Summary: back-asyncmeta(5) man page has incorrect information Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: nivanova(a)symas.com Target Milestone: --- Currently the man page states that asyncmeta selects the connection queue with the least number of pending operations as the next connection, but that was dropped a while ago, and the connections queues are selected round-robin. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9985] New: slapd-modules/passwd/totp does not build .so file
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9985 Issue ID: 9985 Summary: slapd-modules/passwd/totp does not build .so file Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: bastian-bugopenldap21(a)t6l.de Target Milestone: --- I try to build the contrib module totp from openldap 2.6.3. The README states to run `make` in order to build the dynamic link-able .so file. It does not so on my test system (could be a flaw on the test system though). Many thanks, -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9917] New: Remove -h and -p from options[] in client tools
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9917 Issue ID: 9917 Summary: Remove -h and -p from options[] in client tools Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: daniels.thomas(a)pm.me Target Milestone: --- Created attachment 914 --> https://bugs.openldap.org/attachment.cgi?id=914&action=edit patch for this issue The options -h and -p got removed from client tools (https://bugs.openldap.org/show_bug.cgi?id=8618). However, they were still present in the options[] array in several client tools source files. So, if one of those tools got executed with -h or -p followed by a value, this lead to the error "unrecognized option -", without mentioning which option was problematic. Removing 'h' and 'p' from options[] fixes this. This patch does that. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9908] New: LDAP* leak in slapd-tester children when retrying a bind
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9908 Issue ID: 9908 Summary: LDAP* leak in slapd-tester children when retrying a bind Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Happens in lloadd's test002 where the balancer routinely returns BUSY in response to a bind. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9860] New: ldapsearch memory leaks
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9860 Issue ID: 9860 Summary: ldapsearch memory leaks Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: hamano(a)osstech.co.jp Target Milestone: --- When using page control, The control value leaks with each goto getNextPage; loop due to `i` and `nctrl` step back. ``` 1114 getNextPage: ... 1124 save_nctrls = nctrls; 1125 i = nctrls; ``` ``` 1284 if ( ldap_create_page_control_value( ld, 1285 pageSize, &pr_cookie, &c[i].ldctl_value ) ) ``` ``` 1445 /* step back to the original number of controls, so that 1446 * those set while parsing args are preserved */ 1447 nctrls = save_nctrls; ``` ``` 1612 goto getNextPage; ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9926] New: Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9926 Issue ID: 9926 Summary: Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: ksmith(a)blackducksoftware.com Target Milestone: --- The current archive openldap-OPENLDAP_REL_ENG_2_5.tar.gz (downloaded 10/4/22) contains files that were included as invalid links. This causes errors when trying to unzip via 7zip or trying to scan with various software tools. The tar.gz is successfully expanded using "tar -xvzf" but the problem files do not exist. Error output in 7zip is: Can not create symbolic link: A required priviledge in not held by the client.: openldap-OPENLDAP_REL_ENG_2_5\servers\lloadd\design.md openldap-OPENLDAP_REL_ENG_2_5\servers\lloadd\nt_svc.c openldap-OPENLDAP_REL_ENG_2_5\tests\data\homedir\skel\directory\broken link openldap-OPENLDAP_REL_ENG_2_5\tests\data\homedir\skel\svmlink Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9900] New: configure.ac contains non-portable statement (bashism)
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9900 Issue ID: 9900 Summary: configure.ac contains non-portable statement (bashism) Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- My shell on HP-UX tells me: ./configure[22349]: ==: A test command parameter is not valid. which is causes by > 2038 if test $ol_enable_slapd == no && test $ol_enable_balancer != yes ; then in configure.ac. Similar I have reported to BIND9: https://gitlab.isc.org/isc-projects/bind9/-/issues/2873. POSIX expects one equals sign. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9894] New: NetBSD build needs gmake, the default make utility does not have all the necessary features.
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9894 Issue ID: 9894 Summary: NetBSD build needs gmake, the default make utility does not have all the necessary features. Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: lucio.dere(a)gmail.com Target Milestone: --- Please include in your build instructions that NetBSD's "make" (bmake, I seem to recall) rejects some Makefile stuff (for the bare "make" command, "make depend" completed successfully). Perhaps configure can figure that out or just check for gmake and use it if found? I did not try "make test". -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9942] New: back-mdb fails to release Added entries
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9942 Issue ID: 9942 Summary: back-mdb fails to release Added entries Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Detected by valgrind on test002. Appears to be a regression since some time after ITS#7915. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9895] New: Increase max number of index DBs in back-mdb
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9895 Issue ID: 9895 Summary: Increase max number of index DBs in back-mdb Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Currently there is a hardcoded limit of 128 index DBs in back-mdb. Some sites want more than this (although there's no evidence they actually use more than 128 attributes in all of their applications' search filters). For 2.5/2.6 we can simply double the constant. For 2.7 consider making it configurable. Note that increasing the number increases the size of an LMDB transaction structure, and also increases the time needed to initialize it whenever creating a transaction, so it's a bad idea to just set this to an arbitrarily large number. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 10006] New: gitlab account awaiting approval
by openldap-its＠openldap.org 06 Feb '23

06 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=10006 Issue ID: 10006 Summary: gitlab account awaiting approval Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: facboy(a)gmail.com Target Milestone: --- i've tried creating an account on https://git.openldap.org a few weeks ago, but it is still awaiting approval. it has the same email as this bugzilla account. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10005] New: Fix flags not getting committed when using named dbs in lmdb
by openldap-its＠openldap.org 05 Feb '23

05 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=10005 Issue ID: 10005 Summary: Fix flags not getting committed when using named dbs in lmdb Product: LMDB Version: 0.9.29 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: mega.alpha100(a)gmail.com Target Milestone: --- This addition is simply a replication of some logic already in lmdb's repo to ensure flags are saved when using named db, like is already done for the main/unamed db This is a link to the requested fix https://github.com/Ultra-Code/lmdb/commit/ce001a311d8fb16afbf13df2a1e21d505… -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 10002] New: Potential memory leak in tests/progs/slapd-bind.c
by openldap-its＠openldap.org 02 Feb '23

02 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=10002 Issue ID: 10002 Summary: Potential memory leak in tests/progs/slapd-bind.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: test suite Assignee: bugs(a)openldap.org Reporter: 1061499390(a)qq.com Target Milestone: --- Version: Github:master Potential memory leak in slapd-bind.c line 139.Calling ldap_url_parse() without calling ldap_free_urldesc() to free the memory will cause a memory leak. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10001] New: Potential memory leak in libraries/libldap/urltest.c
by openldap-its＠openldap.org 02 Feb '23

02 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=10001 Issue ID: 10001 Summary: Potential memory leak in libraries/libldap/urltest.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: 1061499390(a)qq.com Target Milestone: --- Version: Github:master Potential memory leak in urltest.c line 75.Calling ldap_url_parse() without calling ldap_free_urldesc() to free the memory will cause a memory leak. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9994] New: Potential memory leak in tests/progs/slapd-modify.c
by openldap-its＠openldap.org 02 Feb '23

02 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9994 Issue ID: 9994 Summary: Potential memory leak in tests/progs/slapd-modify.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: test suite Assignee: bugs(a)openldap.org Reporter: 1061499390(a)qq.com Target Milestone: --- Version: Github:master Potential memory leak in slapd-modify.c line 164 and 191.Calling ldap_modify_ext_s() without calling ldap_mods_free() to free the memory will cause a memory leak. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9992] New: Requesting information about libraries/ldap_r
by openldap-its＠openldap.org 01 Feb '23

01 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9992 Issue ID: 9992 Summary: Requesting information about libraries/ldap_r Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: jjrobert(a)lexmark.com Target Milestone: --- Apologies if this is a duplicate - the tracking system seemed to glitch when I submitted so I'm typing it up again. We are upgrading our stack from using openldap 2.4.57 to 2.5.12 and one of our dependencies is missing lldap_r. I searched and only really found this, which gives me some idea of its purpose: https://marc.info/?l=openldap-devel&m=95218635611825 Is it simply gone now, or does it exist as a separate library? Is there any guidance on what to do if you were using it previously? Thanks, -Jeff -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 7933] [PATCH] fix frontend config
by openldap-its＠openldap.org 31 Jan '23

31 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=7933 --- Comment #8 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Thu, Jan 26, 2023 at 01:53:22PM +0000, openldap-its(a)openldap.org wrote: > Could this be the reason why I get `attribute 'olcPasswordHash' not allowed` > when trying to apply an .ldif file such as: > > dn: olcDatabase={-1}frontend,cn=config > changetype: modify > add: olcPasswordHash > olcPasswordHash: {CRYPT} > > This has popped up in Fedora > (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have copied > the respective default frontend config file before this patch (see > https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105). As you suggest, this seems to be a Fedora packaging issue: them shipping an out of date ldif file where they might have been able to copy it from upstream source. Pretty sure in that case there's nothing that can be done on the OpenLDAP project side. Someone might need to step up and help Fedora package maintainers deal with it if they say the existing team don't have the capacity. Regards, -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9718] New: test022 can fail on expiry
by openldap-its＠openldap.org 30 Jan '23

30 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9718 Issue ID: 9718 Summary: test022 can fail on expiry Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- >>>>> Starting test022-ppolicy for mdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to check that slapd is running... Testing redundant ppolicy instance... Using ldapadd to populate the database... Testing account lockout... Waiting 13 seconds for lockout to reset... Testing password expiration Waiting seconds for password to expire... sleep: missing operand Try 'sleep --help' for more information. Password expiration test failed >>>>> test022-ppolicy failed for mdb after 43 seconds (exit 1) The issue here is apparently that line 122-123 failed to populate the DELAY variable. 121 122 DELAY=`$LDAPSEARCH -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 123 -b "$USER" -E accountUsability 1.1 | sed -n -e 's/.*expire=$\d*$/\1/p'` 124 125 echo "Testing password expiration" 126 echo "Waiting $DELAY seconds for password to expire..." 127 sleep $DELAY 128 sleep 1 -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 8102] syncrepl_entry: be_modify failed (16)
by openldap-its＠openldap.org 30 Jan '23

30 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=8102 --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 868309c9 by Ondřej Kuzník at 2023-01-30T12:06:24+00:00 ITS#8102 Do not continue if deconfigured during pause RE26: • 0b2f5ad7 by Ondřej Kuzník at 2023-01-30T19:01:00+00:00 ITS#8102 Do not continue if deconfigured during pause RE25: • 6733fe4d by Ondřej Kuzník at 2023-01-30T19:02:48+00:00 ITS#8102 Do not continue if deconfigured during pause -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 30 Jan '23

30 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.4 |2.5.14 Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 12bf5a95 by Ondřej Kuzník at 2023-01-23T11:53:36+00:00 ITS#9045 rlock only if there may be other threads RE26: • 66c2b5ad by Ondřej Kuzník at 2023-01-30T18:57:18+00:00 ITS#9045 rlock only if there may be other threads RE25: • 2f3b77d4 by Quanah Gibson-Mount at 2023-01-30T18:58:16+00:00 Revert "Revert "ITS#9045 Do not share cn=config entries with outside code"" This reverts commit 393308ac1c3eb9d65b682c06826d60a0bf856070. • 5936d721 by Ondřej Kuzník at 2023-01-30T18:59:26+00:00 ITS#9045 rlock only if there may be other threads -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8698] ppolicy: responses from pwdCheckModule discarded when using an extended password modify
by openldap-its＠openldap.org 26 Jan '23

26 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=8698 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9990 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8698] ppolicy: responses from pwdCheckModule discarded when using an extended password modify
by openldap-its＠openldap.org 26 Jan '23

26 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=8698 --- Comment #3 from subbarao(a)computer.org <subbarao(a)computer.org> --- Part of the fix for this change breaks exop overlay callbacks. Fortunately the fix is simple, just revert the change to passwd.c. The rest works fine. Please see ITS#9990 for more details: https://bugs.openldap.org/show_bug.cgi?id=9990 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7933] [PATCH] fix frontend config
by openldap-its＠openldap.org 26 Jan '23

26 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=7933 --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to nilskemail+github from comment #6) > Could this be the reason why I get `attribute 'olcPasswordHash' not allowed` > when trying to apply an .ldif file such as: > > dn: olcDatabase={-1}frontend,cn=config > changetype: modify > add: olcPasswordHash > olcPasswordHash: {CRYPT} > > This has popped up in Fedora > (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have > copied the respective default frontend config file before this patch (see > https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105). I'd open a bug with redhat as to why they're doing this at all. {CRYPT} hashes are not portable. If they want to support secure hashes, they should use the ARGON2 module. You also fail to state what version of OpenLDAP you're reporting against. This bug was fixed in 2014, so unless RH is using an absolutely ancient version of OpenLDAP, this would not be related. You probably should describe the issue(s) you are encountering in a post to the openldap-technical email list (https://lists.openldap.org) -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7933] [PATCH] fix frontend config
by openldap-its＠openldap.org 26 Jan '23

26 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=7933 --- Comment #6 from nilskemail+github(a)gmail.com --- Could this be the reason why I get `attribute 'olcPasswordHash' not allowed` when trying to apply an .ldif file such as: dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash olcPasswordHash: {CRYPT} This has popped up in Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=2061966) which seem to have copied the respective default frontend config file before this patch (see https://src.fedoraproject.org/rpms/openldap/blob/f37/f/slapd.ldif#_105). -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9967] New: Please register my company on the support page, again (www.openldap.org)
by openldap-its＠openldap.org 23 Jan '23

23 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9967 Issue ID: 9967 Summary: Please register my company on the support page, again (www.openldap.org) Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: sjsong(a)aboutdap.kr Target Milestone: --- Howard Chu <hyc(a)openldap.org> 송상준 <sjsong(a)aboutdap.kr> Hi, you can submit a ticket against "website" in the ITS for this. Thanks. 송상준 wrote: > > Hello. openldap page administrater. > My name is sang jun song. > > I want to register my company on the support page. > I registered before, but it seems to have disappeared. > Our company has been attending ldapcon since 2015. > > The sysmas employees who attended the LDAPCON in 2019 may remember me. > > Please register my company on the support page. Please contact me if you need additional information.. > > thank you. > > Song. > > Registration phrase > > Seojindsa Co., Ltd. (Aboutdap Co., Ltd.)- Korea > > Provides consultancy, development, training and user support for OpenLDAP software in Korea. > > URL : seojindsa : www.seojindsa.kr > > ------------------------------------------------------ > (주) 어바웃답 기술영업팀 송상준 부장 > TEL. 010-9780-6746 > email: sjsong(a)aboutdap.kr > homepage: www.aboutdap.kr > ------------------------------------------------------- > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9987] New: OpenLdap does not set large-file-support flags
by openldap-its＠openldap.org 23 Jan '23

23 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9987 Issue ID: 9987 Summary: OpenLdap does not set large-file-support flags Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: allenwebb(a)google.com Target Milestone: --- I understand that 2.4 isn't supported, but 2.6 is blocked by other config related issues, so I wasn't able to test if it has the same problem. Ideally, the openldap configure/build scripts would be aware of large file support and would enable it when supported (arm/x86, etc). Here are the places where it would matter: openldap-2.4.58-r2: 18:33:38.552 * QA Notice: The following files were not built with LFS support: openldap-2.4.58-r2: 18:33:38.565 * Please see https://issuetracker.google.com/201531268 for details. openldap-2.4.58-r2: 18:33:38.581 * fopen,fstat /usr/bin/ldapdelete openldap-2.4.58-r2: 18:33:38.584 * fopen,fstat /usr/bin/ldapmodrdn openldap-2.4.58-r2: 18:33:38.588 * fopen,fstat /usr/bin/ldapwhoami openldap-2.4.58-r2: 18:33:38.591 * fopen,fstat /usr/bin/ldapmodify openldap-2.4.58-r2: 18:33:38.595 * fopen,mkstemp,fstat /usr/bin/ldapsearch openldap-2.4.58-r2: 18:33:38.599 * fopen,fstat /usr/bin/ldappasswd openldap-2.4.58-r2: 18:33:38.602 * fopen,fstat /usr/bin/ldapexop openldap-2.4.58-r2: 18:33:38.606 * fopen,fstat /usr/bin/ldapcompare openldap-2.4.58-r2: 18:33:38.609 * fopen /usr/lib/libldap-2.4.so.2.11.6 openldap-2.4.58-r2: 18:33:38.613 * fopen /usr/lib/libldap_r-2.4.so.2.11.6 openldap-2.4.58-r2: 18:33:38.627 * Full build files: openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/ldapdelete.o openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapdelete openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapmodrdn openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapwhoami openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapmodify openldap-2.4.58-r2: fopen,mkstemp,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapsearch openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldappasswd openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapexop openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/.libs/ldapcompare openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/ldapmodrdn.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/ldapmodify.o openldap-2.4.58-r2: fopen,mkstemp /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/clients/tools/ldapsearch.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/liblutil/getpass.o openldap-2.4.58-r2: lockf /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/liblutil/lockf.o openldap-2.4.58-r2: fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/liblutil/passfile.o openldap-2.4.58-r2: __open_2 /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/liblutil/detach.o openldap-2.4.58-r2: __open_2 /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/liblutil/sha1.o openldap-2.4.58-r2: open,fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/ltest openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/ldif.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/fetch.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/libldap_r-2.4.so.2.11.6T openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/init.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/.libs/libldap_r-2.4.so.2.11.6 openldap-2.4.58-r2: open,fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap_r/test.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/librewrite/rewrite.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/librewrite/.libs/rewrite openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/librewrite/xmap.o openldap-2.4.58-r2: open,fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/ltest openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/ldif.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/libldap-2.4.so.2.11.6T openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/fetch.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/init.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/.libs/libldap-2.4.so.2.11.6 openldap-2.4.58-r2: open,fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/libraries/libldap/test.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/tests/progs/.libs/slapd-addel openldap-2.4.58-r2: readdir,fopen,fstat /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/tests/progs/.libs/slapd-tester openldap-2.4.58-r2: readdir,fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/tests/progs/slapd-tester.o openldap-2.4.58-r2: fopen /build/arm-generic/tmp/portage/net-nds/openldap-2.4.58-r2/work/openldap-2.4.58-.arm/tests/progs/slapd-addel.o -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 23 Jan '23

23 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9045 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #9 from Ondřej Kuzník <ondra(a)mistotebe.net> --- https://git.openldap.org/openldap/openldap/-/merge_requests/595 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 23 Jan '23

23 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9045 --- Comment #8 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Oh yeah, config_back_entry_get actually wants to distinguish three situations coming from ldap_pvt_thread_pool_pausequery: - not paused - keep going, rlock cfb->cb_rwlock so the entry is safe to read - paused - keep going, we are the thread that wlocked cfb->cb_rwlock - WANT_PAUSE - a pause is starting, but we're *not* paused! We should either rlock anyway and make it the calling thread's responsibility to check for a pause if they care - should make ldap_pvt_thread_pool_pausequery return (pool->ltp_pause != PAUSED) Or we return LDAP_BUSY or something of the sort - would need ldap_pvt_thread_pool_pausequery to return pool->ltp_pause and expose the `enum { NOT_PAUSED = 0, WANT_PAUSE = 1, PAUSED = 2 };` in ldap_pvt.h -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 20 Jan '23

20 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |--- Status|RESOLVED |CONFIRMED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Still hitting this crash even with this fix in place in openldap-head: (gdb) bt [2/19314] #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f623066b535 in __GI_abort () at abort.c:79 #2 0x00007f623066b40f in __assert_fail_base (fmt=0x7f62307ccef0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x559bb9d494bf "a->a_nvals != NULL", file=0x559bb9d494b8 "attr.c", line=230, function=<optimized out>) at assert.c:92 #3 0x00007f62306791a2 in __GI___assert_fail (assertion=0x559bb9d494bf "a->a_nvals != NULL", file=0x559bb9d494b8 "attr.c", line=230, function=0x559bb9d495b0 <__PRETTY_FUNCTION__.12465> "attr_dup2") at assert.c:101 #4 0x0000559bb9c70227 in attr_dup2 (tmp=0x559bbb005068, a=0x559bbb005c08) at attr.c:230 #5 0x0000559bb9c70440 in attrs_dup (a=0x559bbb005c08) at attr.c:282 #6 0x0000559bb9c742bd in entry_dup2 (dest=0x559bbaff0658, source=0x559bbaff02e8) at entry.c:940 #7 0x0000559bb9c74301 in entry_dup (e=0x559bbaff02e8) at entry.c:949 #8 0x0000559bb9c4d635 in config_back_entry_get (op=0x7f622f541400, ndn=0x7f622f541448, oc=0x0, at=0x0, rw=0, ent=0x7f622f540998) at bconfig.c:6923 #9 0x0000559bb9d042ac in overlay_entry_get_ov (op=0x7f622f541400, dn=0x7f622f541448, oc=0x0, ad=0x0, rw=0, e=0x7f622f540998, on=0x0) at backover.c:378 #10 0x00007f622d52e577 in syncprov_matchops (op=0x7f622f541400, opc=0x7f6220002f98, saveit=1) at syncprov.c:1312 #11 0x00007f622d5343ff in syncprov_op_mod (op=0x7f622f541400, rs=0x7f622f540eb0) at syncprov.c:2810 #12 0x0000559bb9d04cbe in overlay_op_walk (op=0x7f622f541400, rs=0x7f622f540eb0, which=op_modify, oi=0x7f62201de3a0, on=0x7f62201dde50) at backover.c:691 #13 0x0000559bb9d04fe1 in over_op_func (op=0x7f622f541400, rs=0x7f622f540eb0, which=op_modify) at backover.c:766 #14 0x0000559bb9d0516e in over_op_modify (op=0x7f622f541400, rs=0x7f622f540eb0) at backover.c:808 #15 0x0000559bb9cf5fb7 in syncrepl_updateCookie (si=0x7f622410b130, op=0x7f622f541400, syncCookie=0x7f622f541190, save=1) at syncrepl.c:5366 #16 0x0000559bb9ce9ba2 in do_syncrep2 (op=0x7f622f541400, si=0x7f622410b130) at syncrepl.c:1953 #17 0x0000559bb9ceabcb in do_syncrepl (ctx=0x7f622f541b10, arg=0x7f622410c690) at syncrepl.c:2219 #18 0x0000559bb9c5d43a in slapd_rtask_trampoline (ctx=0x7f622f541b10, arg=0x7f622410c690) at daemon.c:2432 #19 0x00007f6230f5337f in ldap_int_thread_pool_wrapper (xpool=0x559bbafc69c0) at tpool.c:1053 #20 0x00007f6230810fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486 #21 0x00007f623074206f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) frame 8 #8 0x0000559bb9c4d635 in config_back_entry_get (op=0x7f622f541400, ndn=0x7f622f541448, oc=0x0, at=0x0, rw=0, ent=0x7f622f540998) at bconfig.c:6923 6923 *ent = entry_dup( e ); (gdb) print locked $1 = 0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9988] New: typo in documentation lmdb:open_db
by openldap-its＠openldap.org 20 Jan '23

20 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9988 Issue ID: 9988 Summary: typo in documentation lmdb:open_db Product: website Version: unspecified Hardware: All URL: https://lmdb.readthedocs.io/en/release/#lmdb.Environme nt.open_db OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: anthon(a)mnt.org Target Milestone: --- There is a minor typo in the description of the 'integerdup' argument to open_db https://lmdb.readthedocs.io/en/release/#lmdb.Environment.open_db integers encode din native byte should be: integers encoded in native byte Sorry could not find the source for the lmdb documentation online to make aproper diff. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9961] New: LMDB: -sizeof is an error because sizeof is unsigned
by openldap-its＠openldap.org 19 Jan '23

19 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9961 Issue ID: 9961 Summary: LMDB: -sizeof is an error because sizeof is unsigned Product: LMDB Version: 0.9.29 Hardware: All OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: openldap(a)serice.net Target Milestone: --- MSVC++ defaults to having "SDL checks" enabled which causes -sizeof(size_t) in mdb.c to cause the following compilation error: error C4146: unary minus operator applied to unsigned type With "SDL checks" disabled, this is still results in a warning which can be avoided by using the following instead: (~sizeof(size_t) + 1) -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9986] New: create account bug
by openldap-its＠openldap.org 19 Jan '23

19 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9986 Issue ID: 9986 Summary: create account bug Product: website Version: unspecified Hardware: Other OS: Android Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: fenwaykick(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9981] New: Apropos man page search on openldap.org appears to never return any results
by openldap-its＠openldap.org 13 Jan '23

13 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9981 Issue ID: 9981 Summary: Apropos man page search on openldap.org appears to never return any results Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: max.spicer(a)york.ac.uk Target Milestone: --- The Apropos feature at https://www.openldap.org/software/man.cgi does not seem to ever return any results. This makes it difficult to search the documentation. For example, with the defaults selected, enter any of the following terms and click the Apropos button: "ldap", "slapd", "olcPasswordHash". -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9980] New: LDAP connectivity issue
by openldap-its＠openldap.org 13 Jan '23

13 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9980 Issue ID: 9980 Summary: LDAP connectivity issue Product: OpenLDAP Version: 2.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: soniyayadav.kamakoni(a)clorox.com Target Milestone: --- Created attachment 941 --> https://bugs.openldap.org/attachment.cgi?id=941&action=edit Please find the attached screenshot of error I'm unable to connect to LDAP. Can you please assist me with it. Please find the screenshot of the error attached -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9979] New: Fails to build against OpenSSL 3.0.7 when pasing --with-tls-openssl
by openldap-its＠openldap.org 12 Jan '23

12 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9979 Issue ID: 9979 Summary: Fails to build against OpenSSL 3.0.7 when pasing --with-tls-openssl Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: mehdi.chinoune(a)hotmail.com Target Milestone: --- Fails to build against OpenSSL 3.0.7 when pasing --with-tls-openssl Configuration: configure \ --with-tls=openssl \ --with-cyrus-sasl \ --enable-modules=yes \ --enable-hdb=no \ --enable-bdb=no \ --disable-slapd Error: ... checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes configure: error: Could not locate TLS/SSL package checking for SSL_export_keying_material_early in -lssl... no ==> ERROR: A failure occurred -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9978] New: vrf support for openldap
by openldap-its＠openldap.org 09 Jan '23

09 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9978 Issue ID: 9978 Summary: vrf support for openldap Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: tishamol(a)gmail.com Target Milestone: --- Hi, I would like to know is there any support for passing vrf-id to openldap library ? Thanks, Smitha -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9977] New: ContourCafe
by openldap-its＠openldap.org 05 Jan '23

05 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9977 Issue ID: 9977 Summary: ContourCafe Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: countourcafe7061(a)gmail.com Target Milestone: --- Created attachment 940 --> https://bugs.openldap.org/attachment.cgi?id=940&action=edit ContourCafe Contour Cafe is a popular website that offers numerous articles, contents about the things that make you beautiful, classy, and trendy. One can find fabulous content in the contour cafe. The quality of the articles of contour cafe on every topic let it be appearance, clothes, hair, cosmetics, nails or skincare is a great one. Contour Cafe is the best site to explore every category. Read More:- https://www.contourcafe.com/2021/06/26/best-purple-shampoo-for-blonde/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9975] New: Tattoomagz
by openldap-its＠openldap.org 04 Jan '23

04 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9975 Issue ID: 9975 Summary: Tattoomagz Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: tattoomagz3(a)gmail.com Target Milestone: --- Created attachment 939 --> https://bugs.openldap.org/attachment.cgi?id=939&action=edit Tattoomagz Tattoomagz is our sole enthusiasm in wonderful tattoo plans and ink works, manufactured and created as an online accumulation display serving a large number of the coolest tattoo structures and stunning custom ink-works. Read More:- https://tattoomagz.com/eyes-tattoos-on-arms/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9974] New: Einsteinhorsemag
by openldap-its＠openldap.org 03 Jan '23

03 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9974 Issue ID: 9974 Summary: Einsteinhorsemag Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: einsteinhorsemag(a)gmail.com Target Milestone: --- Created attachment 938 --> https://bugs.openldap.org/attachment.cgi?id=938&action=edit Einsteinhorsemag Einsteinhorsemag.com is a blogging website with the best blogs in beauty, health, nutrition, lifestyle, news, technology, and entertainment. Our website includes blogs covering various topics, from fractions to conversions in our day-to-day life, lyrics of your favourite song to food recipes you love- you will get it all. Visit our website for more entertaining blogs. Read Blog- https://einsteinhorsemag.com/80-kg-to-lbs/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9973] New: Fashionhikes
by openldap-its＠openldap.org 02 Jan '23

02 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9973 Issue ID: 9973 Summary: Fashionhikes Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: fashionhikes(a)gmail.com Target Milestone: --- Created attachment 937 --> https://bugs.openldap.org/attachment.cgi?id=937&action=edit Fashionhikes We at Fashionhikes.com are here to serve all your requirements! Check out our website that offers you a plethora of answers to your queries on health, technology, geography, economics, global knowledge and what not! Read Blog- https://fashionhikes.com/0-3-as-a-fraction/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9971] New: Tech99
by openldap-its＠openldap.org 02 Jan '23

02 Jan '23

https://bugs.openldap.org/show_bug.cgi?id=9971 Issue ID: 9971 Summary: Tech99 Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: tech99.856(a)gmail.com Target Milestone: --- Created attachment 936 --> https://bugs.openldap.org/attachment.cgi?id=936&action=edit Tech99 The Tech99.co website delivers blogs with the latest breaking news and videos. It is the perfect online destination for all entertainment lovers. More swiftly than any website, it offers helpful guidance on various how-tos, health, lifestyle and trending topics for netizens. There are some fantastic entertaining blogs on this website. Visit our website to read more! https://tech99.co/how-to-check-ufone-number/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9970] New: 2plus2four
by openldap-its＠openldap.org 30 Dec '22

30 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9970 Issue ID: 9970 Summary: 2plus2four Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: 2plus2four896(a)gmail.com Target Milestone: --- Created attachment 935 --> https://bugs.openldap.org/attachment.cgi?id=935&action=edit 2plus2four 2plus2four.net is your ultimate gateway to the latest movies, queries and hacks that you wish to know. We provide you the perfect plinth on which you can place all your doubts! Check our site out to know more! Read Blog- https://2plus2four.net/time-today-lyrics-moneybagg-yo/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9969] New: Sharetok
by openldap-its＠openldap.org 30 Dec '22

30 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9969 Issue ID: 9969 Summary: Sharetok Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: sre79132(a)gmail.com Target Milestone: --- Created attachment 934 --> https://bugs.openldap.org/attachment.cgi?id=934&action=edit Sharetok ShareTok is your place where you can advertise your services, goods and everything else as well; we do it with the help of various well-designed advertising campaigns on social media and with the help of some impressive good persuading content. You can connect with us online through the website.ShareTok is your place where you can advertise your services, goods and everything else as well; we do it with the help of various well-designed advertising campaigns on social media and with the help of some impressive good persuading content. You can connect with us online through the website. Read Blog- https://www.sharetok.com/transformar-powerpoint-em-pdf/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9968] New: Sportspassion
by openldap-its＠openldap.org 29 Dec '22

29 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9968 Issue ID: 9968 Summary: Sportspassion Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: sportspassion456(a)gmail.com Target Milestone: --- Created attachment 933 --> https://bugs.openldap.org/attachment.cgi?id=933&action=edit Sportspassion Sports-passion.net is the best stop point for all types of how-to guides, blogs, articles, and all such content related to differentiation. Here, in the form of articles and all other such content, you will get all the important latest information related to a lot of things around the world. Read Blog- https://sports-passion.net/difference-between-parameter-and-statistic/ -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9965] New: Byte Bell
by openldap-its＠openldap.org 20 Dec '22

20 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9965 Issue ID: 9965 Summary: Byte Bell Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: bellbyte46(a)gmail.com Target Milestone: --- Bytebell.com is the place where you can get to read many featured stories about a lot of things like mental health, food, nutrition and many more. To read more: https://bytebell.com/spectrum-wave-2-router/ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9964] New: He and she Fitness
by openldap-its＠openldap.org 20 Dec '22

20 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9964 Issue ID: 9964 Summary: He and she Fitness Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: heandshefitness1(a)gmail.com Target Milestone: --- He and she fitness is here for you with all the secrets that can be helpful for you in the proper maintenance of the fitness of your body. To read more: https://www.heandshefitness.com/2021/06/01/how-many-calories-does-skipping-… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9963] New: Wheels Inpak
by openldap-its＠openldap.org 20 Dec '22

20 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9963 Issue ID: 9963 Summary: Wheels Inpak Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: wheelsinpak1(a)gmail.com Target Milestone: --- Wheelsinpak.com is the right place for you if you are looking for some kind of services, here you can search for the right providers of many needed services along with car and bike info. To read more: https://www.wheelsinpak.com/2021/12/08/kia-cars-price-in-pakistan-2021/ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9962] New: Etrends News
by openldap-its＠openldap.org 19 Dec '22

19 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9962 Issue ID: 9962 Summary: Etrends News Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: etrendsnews07(a)gmail.com Target Milestone: --- Created attachment 932 --> https://bugs.openldap.org/attachment.cgi?id=932&action=edit etrendsnews.com This etrendsnews.com is the new stop for all types of news updates, you can get info about cars here and other than that there are many more things for which you can take reference from the website. https://etrendsnews.com/2021/05/04/deena-cortese-welcomes-her-2nd-baby-firs… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9600] New: Rework lloadd's cn=monitor interface (connections)
by openldap-its＠openldap.org 12 Dec '22

12 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9600 Issue ID: 9600 Summary: Rework lloadd's cn=monitor interface (connections) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- At the moment, most of the lloadd's monitor entries are generated on demand for the search. To support management of the server and its connections, an entry should be created when a connection is set up and torn down accordingly. -- You are receiving this mail because: You are on the CC list for the issue.

1 11

[Issue 9958] New: Problem extracting openldap-2.5.5.tgz
by openldap-its＠openldap.org 06 Dec '22

06 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9958 Issue ID: 9958 Summary: Problem extracting openldap-2.5.5.tgz Product: OpenLDAP Version: 2.5.5 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: harshad.ghorpade(a)gmail.com Target Milestone: --- Created attachment 931 --> https://bugs.openldap.org/attachment.cgi?id=931&action=edit 7zip extracting issue Hello, we have downloaded the the openldap version 2.5.5(https://www.openldap.org/software/download/OpenLDAP/openldap-release/… from the given link but we are seeing a problem unzipping those tgz files via 7 zip on windows platform, seems like symlinks are broken(find attached screenshot). This is causing us a issue in one of our tool used for software composition analysis when it unzips the archive, if the archives are fixed that would be great. if you see in screenshot, it points to 2 files in "servers\lload\design.md" and "servers\lload\nt_svc.c". we tried removing these files(as they are of 0 size) and tar it back again and creating a tgz file out of it, it works. but we would like to use the official released version rather than one changed by us. Thank you. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9948] New: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message
by openldap-its＠openldap.org 06 Dec '22

06 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9948 Issue ID: 9948 Summary: tls_ciphers with TLSv1.2 cipher_suite gives list of TLSv1.3 ciphers in TLS Client Hello message Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: nikigen68(a)gmail.com Target Milestone: --- Created attachment 928 --> https://bugs.openldap.org/attachment.cgi?id=928&action=edit TLS server only supports TLSv1.3 in this case, and I would expect it to be rejected. For example: ldap.conf:: tls_ciphers ECDHE-ECDSA-CHACHA20-POLY1305 will give ClientHello with these cipher suites: TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 and supported versions: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3 Why do we have listed default TLSv1.3 ciphers? I would expect only ECDHE-ECDSA-CHACHA20-POLY1305. Also, why do we have listed TLSv1.0 and TLSv1.1 as supported versions when those are considered vulnerable? -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9955] UTF8bvnormalize() overruns
by openldap-its＠openldap.org 05 Dec '22

05 Dec '22

https://bugs.openldap.org/show_bug.cgi?id=9955 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Note: Not exploitable, no operational or security impact. head: • 31e6efeb by Howard Chu at 2022-12-01T14:58:37+00:00 ITS#9955 liblunicode: fix buffer size in UTF8bvnormalize RE26: • 261a4185 by Howard Chu at 2022-12-05T16:29:07+00:00 ITS#9955 liblunicode: fix buffer size in UTF8bvnormalize RE25: • cd1d0886 by Howard Chu at 2022-12-05T16:30:29+00:00 ITS#9955 liblunicode: fix buffer size in UTF8bvnormalize -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9955] UTF8bvnormalize() overruns
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9955 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9916] New: slapd crashes due to unaligned access in mdb.c on Linux SPARC
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9916 Issue ID: 9916 Summary: slapd crashes due to unaligned access in mdb.c on Linux SPARC Product: OpenLDAP Version: 2.6.3 Hardware: Other OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: glaubitz(a)physik.fu-berlin.de Target Milestone: --- The testsuite of the openldap package in Debian unstable fails on sparc64 with a "bus error" which indicates an unaligned access [1]: >>>>> Test succeeded >>>>> 00:00:02 Finished test000-rootdse for mdb after 1 seconds. >>>>> 00:00:02 Starting test001-slapadd for mdb... running defines.sh Running slapadd to build slapd database... Bus error slapadd failed (138)! >>>>> 00:00:03 Failed test001-slapadd for mdb after 1 seconds (exit 138) Building openldap from git and running the affected test with GDB results in the following backtrace: (gdb) bt #0 0x00000100000cc36c in mdb_node_add (mc=0x100004316e8, indx=<optimized out>, key=0x7feffffe570, data=0x7feffffe560, pgno=0, flags=0) at ./../../../libraries/liblmdb/mdb.c:7358 #1 0x00000100000d0894 in mdb_cursor_put (mc=0x100004316e8, key=0x7feffffe570, data=0x7feffffe560, flags=16) at ./../../../libraries/liblmdb/mdb.c:6960 #2 0x00000100000d1224 in mdb_cursor_put (mc=0x10000431560, key=0x7feffffe6b0, data=0x7feffffe6c0, flags=36) at ./../../../libraries/liblmdb/mdb.c:7007 #3 0x00000100000f0d24 in mdb_dn2id_add (op=0x7feffffea28, mcp=0x10000431560, mcd=0x100004267a0, pid=<optimized out>, nsubs=<optimized out>, upsub=<optimized out>, e=0x1000044c6b8) at dn2id.c:141 #4 0x00000100000dd79c in mdb_tool_next_id (op=0x7feffffea28, tid=<optimized out>, e=0x1000044c6b8, text=0x7feffffec78, hole=<optimized out>) at tools.c:519 #5 0x00000100000de67c in mdb_tool_entry_put (be=0x100003d9080, e=0x1000044c6b8, text=0x7feffffec78) at tools.c:731 #6 0x00000100000b72f4 in slapadd (argc=<optimized out>, argv=<optimized out>) at slapadd.c:453 #7 0x0000010000016858 in main (argc=<optimized out>, argv=0x7fefffff438) at main.c:540 (gdb) This was reproduced with: $ gdb --args /home/glaubitz/openldap/servers/slapd/slapd -Ta -d 0 -f /home/glaubitz/openldap/tests/testrun/slapadd.conf -l ./testdata/test-ordered.ldif On the machine gcc202 running Debian on sparc64 in the GCC compile farm. Access to the machines in the GCC compile farm can be obtained by any developer [2]. > [1] https://buildd.debian.org/status/fetch.php?pkg=openldap&arch=sparc64&ver=2.… > [2] https://gcc.gnu.org/wiki/CompileFarm -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 9806] New: MDB_PAGE_FULL on mdb_put
by openldap-its＠openldap.org 28 Nov '22

28 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9806 Issue ID: 9806 Summary: MDB_PAGE_FULL on mdb_put Product: LMDB Version: unspecified Hardware: Other OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: casey(a)rodarmor.com Target Milestone: --- I'm using the using latest lmdb from OpenLDAP, commit e8813b12b6188d5ba5f174ff8726c438c8ca4bfd. I'm getting an MDB_PAGE_FULL error after calling `mdb_put`. If I delete the database and perform the same sequence of inserts, I get the same error in on the same mdb_put. If there's any information I can provide to help debug this, let me know. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9954] New: RE26 make test fails on riscv64
by openldap-its＠openldap.org 20 Nov '22

20 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9954 Issue ID: 9954 Summary: RE26 make test fails on riscv64 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- Created attachment 929 --> https://bugs.openldap.org/attachment.cgi?id=929&action=edit Excerpt of OBS' build log In openSUSE build system make test fails for RE26 on riscv64 (see attached file including tests/testrun/slapd.1.log). -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9950] New: Need example configuration backend-sock
by openldap-its＠openldap.org 15 Nov '22

15 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9950 Issue ID: 9950 Summary: Need example configuration backend-sock Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: earyutin(a)gmail.com Target Milestone: --- Hi all ! I set up two backends on different ports, one is a proxy for MS AD, and the second is a backend shell. I want to update to the latest version of OpenLDAP, but there is no backend shell support in the next versions. I can't find any documentation or examples that I could rely on to set up a backend for backend sock. Added the following to the files: port 389 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema modulepath /usr/lib/ldap moduleload back_ldap.la moduleload rwm.la pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://ldap.test.com" suffix "dc=test,dc=com" overlay rwm rwm-map attribute uid sAMAccountName rwm-map attribute mail proxyAddresses rebind-as-user yes access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * none port 9000 modulepath /usr/lib/ldap moduleload back_sock.la moduleload back_sock database sock suffix "dc=test,dc=com" socketpath /tmp/slapd.sock Next, I don't know where to go. Could you demonstrate a working example of running and processing scripts based on the backend-sock? I need to launch my own script that would check the second factor (should check for the presence of a certain attribute in the Active Directors directory and then skip or not skip authorization based on a given condition). Help me figure it out please.. Thank you ! -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9949] New: MDB_RDONLY txn segfaults on newly created database
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9949 Issue ID: 9949 Summary: MDB_RDONLY txn segfaults on newly created database Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: jeffrey.reynolds(a)ticketmaster.com Target Milestone: --- The very simple code will cause a seg fault. ``` auto env = create_env("env_name"); // creates the environment. not included here because this part is in rust // it will open or create the database. i don't think the problem lies in here. MDB_txn* txn{}; mdb_txn_begin(*env, nullptr, MDB_RDONLY, &txn); MDB_dbi dbi{}; mdb_dbi_open(txn, "db_name", MDB_CREATE, &dbi); ``` This segfaults on `liblmdb/mdb.c:11050`. Specifically `tracked->mc_next = *tp;` However, the problem isn't in mdb_dbi_open, it is failing because mt_cursors is never initialized. A small change ` mdb_txn_begin(*env, nullptr, 0, &txn);` and mt_cursors will be initialized with the default env->me_txn0, that has a properly initialized mt_cursors, per this line `liblmdb/mdb.c:5581`, `txn->mt_cursors = (MDB_cursor **)(txn->mt_dbs + env->me_maxdbs);` for the MDB_RDONLY transaction, it looks like it will initialize mt_cursors _if_ it happens to have a parent, `liblmdb/mdb.c:3178`, but otherwise it leaves it uninitialized. Is this a bug, or do have i have to a parent to start a readonly transaction on a new database? -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8988] Undefined Behavior in slapadd
by openldap-its＠openldap.org 14 Nov '22

14 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=8988 --- Comment #24 from Howard Chu <hyc(a)openldap.org> --- (In reply to openldap-technical(a)kolttonen.fi from comment #21) > Hello, > Spending long time on comp.lang.c should be mandatory for all C > programmers out there. It is shocking to invoke UB and not bother to fix > it, instead blaming compiler writers and C standard writers. > > Best regards, > Jokke Hämäläinen I'm quite sure I've spent more time on comp.lang.c than most people out there. https://groups.google.com/g/comp.lang.c/c/BiVJrHbtZE4/m/W1C3fC-n2pEJ https://groups.google.com/g/comp.lang.c/c/3TGIxk3epBw/m/CXVzV5aEehsJ ... I was also a gcc maintainer from gcc 1.x to 2.x days. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9946] New: TLS: could not load verify locations
by openldap-its＠openldap.org 04 Nov '22

04 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9946 Issue ID: 9946 Summary: TLS: could not load verify locations Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hrishikesh.durg(a)gmail.com Target Milestone: --- Hi, Am seeing below errors on one of ldap proxy server --ANy clue how to fix it ? =============== 635a3252 openotp_parse_conf: global: server_url = https://iad37-c-sec-afe-01.us6.oraclecloud.com:443/openotp/,https://ch3-c-s… 635a3252 openotp_parse_conf: global: soap_timeout = 10 635a3252 openotp_parse_conf: global: user_settings = ChallengeMode=No 635a3252 openotp_parse_conf: global: uid_attribute = uid, cn 635a3252 openotp_parse_conf: global: client_id = LDAP 635a3252 openotp_parse_conf: global: default_domain = oraclecloud 635a3252 openotp_parse_conf: global: server_policy = 1 635a3252 openotp_parse_conf: global: status_cache = 10 635a3252 openotp_parse_conf: global: nolock_usernames = ldapro-oci-sharedservices,ldapro-saas,ldapro-sbs 635a3252 openotp_parse_conf: global: denied_usernames = (none) 635a3252 openotp_init: Initializing libopenotp TLS: could not load verify locations (file:`/opt/ldproxy/conf/ca.crt',dir:`'). TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:175 TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:182 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:253 635a3252 main: TLS init def ctx failed: -1 635a3252 slapd stopped. 635a3252 connections_destroy: nothing to destroy. =========== Not seeing anything when checked on location specified from logs : [root@ldap-proxy-01 certs]# ls -l /opt/ldproxy total 0 drwxr-xr-x. 2 root root 48 Nov 4 08:27 logs [root@ldap-proxy-01 certs]# ============== ldap.conf file looks as below : # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on Any help /clue is much appreciated -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9945] New: Unable to import initial configuration (cn=config)
by openldap-its＠openldap.org 04 Nov '22

04 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9945 Issue ID: 9945 Summary: Unable to import initial configuration (cn=config) Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: annamariet(a)crimsonlogic.com Target Milestone: --- Created attachment 927 --> https://bugs.openldap.org/attachment.cgi?id=927&action=edit slapd.ldif I was able to install openldap 2.5.13 successfully but I was getting error below whenever I will import the initial configuration using this command: /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l /usr/local/etc/openldap/slapd.ldif Error: str2entry: entry -1 has multiple DNs "cn=config" and "cn=module,cn=config" slapadd: could not parse entry (line=1) Closing DB... In my slapd.ldif file, both DNs are enabled. Only this cn=module is throwing error while other dn e.g. dn: cn=schema,cn=config are accepted. Am I missing some packages or RPMs? dn: cn=config objectClass: olcGlobal cn: config . . . dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/local/libexec/openldap olcModuleload: back_mdb.la olcModuleload: back_ldap.la olcModuleload: back_passwd.la olcModuleload: back_shell.la . . . -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 02 Nov '22

02 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Removed from RE25 as it is missing the requisite libldap functionality to fix the issue there. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 02 Nov '22

02 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.14 |2.6.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 01 Nov '22

01 Nov '22

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|CONFIRMED |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • a6f3106a by Ondřej Kuzník at 2022-10-31T18:16:42+00:00 ITS#9045 Do not share cn=config entries with outside code RE26: • 99a7c141 by Ondřej Kuzník at 2022-11-01T17:05:36+00:00 ITS#9045 Do not share cn=config entries with outside code RE25: • ce7a7997 by Ondřej Kuzník at 2022-11-01T17:07:15+00:00 ITS#9045 Do not share cn=config entries with outside code -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 31 Oct '22

31 Oct '22

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.14 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs