- openldap-bugs - openldap.org

[Issue 9299] New: Memory leaks in ldap_simple_bind_s
by openldap-its＠openldap.org 05 Aug '20

05 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9299 Issue ID: 9299 Summary: Memory leaks in ldap_simple_bind_s Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: Ritu.Varkey(a)microfocus.com Target Milestone: --- Created attachment 747 --> https://bugs.openldap.org/attachment.cgi?id=747&action=edit Sample code with call to bind API The call to ldap_simple_bind_s API leaks memory. Even after calling ldap_unbind_s or ldap_unbind_ext memory is not getting freed. Our application uses this API every time we make a connection to the directory. The API is being used on Windows operating system. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9085] Test suite is failing
by openldap-its＠openldap.org 03 Aug '20

03 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9085 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to kloczko.tomasz(a)gmail.com from comment #2) > Could you please say a little more about what kind of "enviroment problem" > it could be? "Hangup" indicates your OS killed the process. You'll need to examine your system logs to determine why. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9085] Test suite is failing
by openldap-its＠openldap.org 01 Aug '20

01 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9085 --- Comment #2 from kloczko.tomasz(a)gmail.com <kloczko.tomasz(a)gmail.com> --- Could you please say a little more about what kind of "enviroment problem" it could be? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9291] New: Detection of corrupted database files
by openldap-its＠openldap.org 30 Jul '20

30 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9291 Issue ID: 9291 Summary: Detection of corrupted database files Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: markus(a)objectbox.io Target Milestone: --- Let's assume we have to deal with a corrupted database for whatever reason (e.g. broken hardware or file system). Current behavior seems to be mostly undefined, which is understandable as it's not known what is broken (e.g. there are no checksums). For example, I'm seeing a SIGBUS in mdb_page_touch because the cursor's top page (mp) is pointing to invalid memory (0x7f99cf004000) during a commit: mdb_page_touch mdb.c:2772 mdb_page_search mdb.c:6595 mdb_freelist_save mdb.c:3575 mdb_txn_commit mdb.c:4060 Cursor data at that point: mc_snum = 1, mc_top = 0; myki[0] = 0 A SIGBUS is troublesome as it crashes the process, and I wonder if there are other ways to detect such inconsistencies. If that be possible there could be user-specific handling in place. E.g. a user might start a new database file. This issue was reported by our users, which also provided DB files: https://github.com/objectbox/objectbox-java/issues/859 I did not find a lot of consistency checks besides MDB_PAGE_NOTFOUND and MDB_CORRUPTED. Also, I think there's no current way to thoroughly check a DB file (e.g. like fsck for the DB file)? My first idea other than checksums was to walk through the branch pages from the root and check if the referenced pages are within reasonable bounds. Also check the page content (e.g. nodes, flags). Additionally (optionally?), it should be possible to check that the key values are actually sorted. So, it boils down to 3 points in summary: 1.) If there no way to check the DB file for consistency yet(?), which approach do you think would make sense? There might be two modes; one for a through check through all data, and a quick check that does not take long and could be e.g. done when opening the DB. Goal is to avoid process crashes and let users handle the situation. 2.) In general, is it possible to add more consistency checks in regular DB operations? 3.) Could the the particular situation (for which I provided the stack trace) detected (e.g. is myki[0] = 0 legal here?) I'd be happy to provide a patch if you provide some direction where you want to take that. -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 8784] SIGBUS in mdb_page_touch
by openldap-its＠openldap.org 27 Jul '20

27 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8784 --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- (In reply to stefan.penner from comment #2) > I realize this issue is rather old, but I have some related questions; > hopefully that is alright: > > * The reporter mentions Android 7, do we know if the problem is limited to > Android 7, or do other Androids also suffer from this issue? > * Was someone able to come up with a consistent reproduction? If so, could > it be shared or described? I'm not aware of any consistent reproducer. Also, haven't run into this in quite a while, possibly it was already fixed in Android 9 or so -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8784] SIGBUS in mdb_page_touch
by openldap-its＠openldap.org 27 Jul '20

27 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8784 --- Comment #2 from stefan.penner(a)gmail.com --- I realize this issue is rather old, but I have some related questions; hopefully that is alright: * The reporter mentions Android 7, do we know if the problem is limited to Android 7, or do other Androids also suffer from this issue? * Was someone able to come up with a consistent reproduction? If so, could it be shared or described? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 24 Jul '20

24 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9266 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Also important to note that RFC6125 specifically states in section 1.4 that it does not apply to existing protocols, such as LDAP. It even calls this out in Appendix B, section B.3, that the LDAP protocol is *not* covered by this RFC. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9301] New: Building OpenLDAP on Silicon (ARM) Mac
by openldap-its＠openldap.org 24 Jul '20

24 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9301 Issue ID: 9301 Summary: Building OpenLDAP on Silicon (ARM) Mac Product: OpenLDAP Version: unspecified Hardware: Other OS: Mac OS Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: nicolas.brachfogel(a)4d.com Target Milestone: --- There's currently no target to build OpenLDAP on the new Apple Silicon (ARM) Macs. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 6467] syncrepl enhancements
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=6467 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST Keywords|OL_2_5_REQ | --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 66a743f1 by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Record minCSN in audit container • 43ebfa8f by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Make accesslog a possible sessionlog source • ee79cb38 by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Add test script -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8645] syncrepl configuration error handling
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8645 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 4b62f3b8 by Ondřej Kuzník at 2020-07-22T20:22:50+00:00 ITS#8645 Check for all syncrepl errors -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.4.51 |2.4.52 --- Comment #19 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Going to move this to a target of 2.4.52. We will be trying to reproduce this internally with some new hardware we've acquired. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multiprovider", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Rename "mirrormode" to |Rename "mirrormode" to |"multimaster", deprecate |"multiprovider", deprecate |"mirrormode" parameter |"mirrormode" parameter -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch, IPR_OK, | |OL_2_5_REQ, | |openldap-scratch | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3716245f by Quanah Gibson-Mount at 2020-07-22T19:32:49+00:00 Issue#8511 - Update documentation and configs to correctly use multiprovider -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9121] dynlist enhancements
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9121 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 9210ed16 by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 add dynamic memberOf support for static groups • 2c0499ae by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 support nested groups • c470af37 by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 add examples to manpage -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8619] Enhancement request: Nested group support using dynlist recursion
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8619 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8619] Enhancement request: Nested group support using dynlist recursion
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8619 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Keywords|OL_2_5_REQ | Status|UNCONFIRMED |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Nested group support implemented as a part of issue#9121 *** This issue has been marked as a duplicate of issue 9121 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9121] dynlist enhancements
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9121 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |christ.klinge(a)web.de --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 8619 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9298] New: Solaris compilation errors of OpenLDAP 2.4.50
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9298 Issue ID: 9298 Summary: Solaris compilation errors of OpenLDAP 2.4.50 Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: mnesam(a)juniper.net Target Milestone: --- Created attachment 746 --> https://bugs.openldap.org/attachment.cgi?id=746&action=edit OpenLDAP 2.4.50 solaris compilation error Hi OpenLDAP team, We compiled OpenLDAP 2.4.50 with OpenSSL 1.1.1 version. It compiled without errors and worked fine. However,, the same is giving compilation errors , when compiled with openSSL 1.0.2. Is the compilation requirement to Openssl 1.1.1 mandatory for OpenLDAP 2.4.50 ? Regards, Merrylin Please find the complete log in the attachement. I'm getting the below errors during the compilation of openLDAP 2.4.50 with OpenSSL 1.0.2 in Solaris 5.10: /usr/bin/gcc -m64 -m64 -o apitest apitest.o -L/export/local/mvel/workspace/openldap_1507/openssl-1.0.2q/ -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/ -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/gssapi/ -L/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs/ -L/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/plugins/.libs/ ./.libs/libldap.a /export/local/mvel/workspace/openldap_1507/openldap-2.4.50/libraries/liblber/.libs/liblber.a -L/export/local/mvel/workspace/openldap_1507/openssl-1.0.2q/lib -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/gssapi/lib ../../libraries/liblber/.libs/liblber.a ../../libraries/liblutil/liblutil.a /export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs//libsasl2.so -ldl -lgss -lssl -lcrypto -lresolv -lgen -lnsl -lsocket -R/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs/ -R/usr/local/lib Undefined first referenced symbol in file SSL_CTX_set_options ./.libs/libldap.a(tls_o.o) OPENSSL_sk_num ./.libs/libldap.a(tls_o.o) BIO_meth_set_write ./.libs/libldap.a(tls_o.o) OPENSSL_sk_free ./.libs/libldap.a(tls_o.o) OPENSSL_sk_value ./.libs/libldap.a(tls_o.o) TLS_method ./.libs/libldap.a(tls_o.o) OPENSSL_init_ssl ./.libs/libldap.a(tls_o.o) BIO_meth_new ./.libs/libldap.a(tls_o.o) BIO_set_init ./.libs/libldap.a(tls_o.o) BIO_get_data ./.libs/libldap.a(tls_o.o) BIO_set_data ./.libs/libldap.a(tls_o.o) BIO_meth_set_create ./.libs/libldap.a(tls_o.o) ASN1_STRING_get0_data ./.libs/libldap.a(tls_o.o) OPENSSL_sk_new_null ./.libs/libldap.a(tls_o.o) X509_NAME_get0_der ./.libs/libldap.a(tls_o.o) BIO_meth_free ./.libs/libldap.a(tls_o.o) SSL_CTX_up_ref ./.libs/libldap.a(tls_o.o) BIO_meth_set_destroy ./.libs/libldap.a(tls_o.o) BIO_meth_set_gets ./.libs/libldap.a(tls_o.o) BIO_meth_set_ctrl ./.libs/libldap.a(tls_o.o) BIO_meth_set_puts ./.libs/libldap.a(tls_o.o) BIO_meth_set_read ./.libs/libldap.a(tls_o.o) ld: fatal: symbol referencing errors. No output written to apitest gmake[2]: *** [apitest] Error 1 -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9300] New: OpenLDAP 2.4.50 Dependency Details
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9300 Issue ID: 9300 Summary: OpenLDAP 2.4.50 Dependency Details Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: muthaiyan1991(a)gmail.com Target Milestone: --- I have selected product OpenLDAP 2.4.50.. can you please answer the query? We compiled OpenLDAP 2.4.50 with OpenSSL 1.1.1 version. It compiled without errors and worked fine. However,, the same is giving compilation errors , when compiled with openSSL 1.0.2. Is the compilation requirement to Openssl 1.1.1 mandatory for OpenLDAP 2.4.50 ? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9297] New: memory leak in mdb_dn2entry()
by openldap-its＠openldap.org 21 Jul '20

21 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9297 Issue ID: 9297 Summary: memory leak in mdb_dn2entry() Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Callers of mdb_dn2entry() expect that mdb_dn2entry( ..., Entry **e [out], match = 1 ) provides newborn Entry if and only if [mdb_dn2entry return value in {0, MDB_NOTFOUND}]. They are right with this, because any other error code makes asking for "matching entry" irrelevant. However, mdb_dn2entry does not anyhow restrict error code when generates a "matching" Entry: | int | mdb_dn2entry( | ... | struct berval *dn, | Entry **e, | ... | int matched ) | { | ... | int rc = mdb_dn2id( ..., dn, &id, ... ); | if ( rc ) { | if ( matched ) { | int rc2 = mdb_cursor_open( ..., "id2entry", &mc ); | if ( rc2 == MDB_SUCCESS ) { | mdb_id2entry( op, mc, id, e ); | mdb_cursor_close( mc ); | } | } | } else ... | ... | return rc; | } So, when [mdb_dn2id return value is NOT in {0, MDB_NOTFOUND}], the Entry will be allocated by mdb_id2entry and then leaked by a caller. Not exactly so. Will be leaked only by mdb_search() and by mdb_add(). It looks like that other callers of mdb_dn2entry() are, by chance, not affected by this issue. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 8701] account usability control for password less logins
by openldap-its＠openldap.org 21 Jul '20

21 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8701 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • c7b008ee by Ondřej Kuzník at 2020-07-21T10:48:47+01:00 ITS#8701 Fix documentation -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9296] New: OpenLDAP mishandles rpath and runpath tokens
by openldap-its＠openldap.org 20 Jul '20

20 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9296 Issue ID: 9296 Summary: OpenLDAP mishandles rpath and runpath tokens Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: noloader(a)gmail.com Target Milestone: --- Hi Everyone, I'm building OpenLDAP 2.4.50 release tarball on multiple operating systems. I've noticed there's a couple of issues with rpaths and runpaths. I configure OpenLDAP it includes the following LDFLAGS: LDFLAGS: -Wl,-R,'$ORIGIN/../lib' -Wl,-R,/export/home/jwalton/tmp/ok2delete/lib When I audit the result programs and shared objects, I see two issues. First, the rpaths and runpaths have been reordered. Second, rpath and runpath tokens were not preserved. The tokens include $ORIGIN, $LIB and $PLATFORM (see the ld.so(8) man page). In fact, the rpath and runpath seem to have been expanded to nothing. This is from Solaris. /export/home/jwalton/tmp/ok2delete/lib/libldap-2.4.so.2.10.13: RUNPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib RPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib And: /export/home/jwalton/tmp/ok2delete/lib/libldap_r-2.4.so.2.10.13: RUNPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib RPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib Expanding '$ORIGIN/../lib' to '/../lib' is especially problematic. '/../lib' is just '/lib', so OpenLDAP is runtime linking to the wrong libraries, like like zLib 1.2.8 and Bzip 1.0.6. Libraries like zLib 1.2.8 and Bzip 1.0.6 have active CVEs against them. It is better to runtime link against the new libraries I provide. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 17 Jul '20

17 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9266 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 15 Jul '20

15 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8376 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9287 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs