- openldap-bugs - openldap.org

[Issue 7084] Password Modify Extended Operation to set pwdReset: TRUE
by openldap-its＠openldap.org 03 Jun '20

03 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7084 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #4 from Ondřej Kuzník <ondra(a)mistotebe.net> --- I have created a patchset that attempts to address this and other ppolicy related issues here: https://git.openldap.org/openldap/openldap/-/merge_requests/77 Please review, test and let me know if this addresses the issue and if you have any other comments. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7788] pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
by openldap-its＠openldap.org 03 Jun '20

03 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7788 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- I have created a patchset that attempts to address this and other ppolicy related issues here: https://git.openldap.org/openldap/openldap/-/merge_requests/77 Please review, test and let me know if this addresses the issue and if you have any other comments. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7788] pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
by openldap-its＠openldap.org 02 Jun '20

02 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7788 --- Comment #4 from Clément OUDOT <clement.oudot(a)worteks.com> --- I don't think this solves the issue. The problem is on entries that are not linked to any password policy are updated by ppolicy overlay. Adding a parameter in the password policy is not a good solution from my point of view. The entry should never be updated by ppolicy overlay if no ppolicy definition is applied to it. Note that this bug was opened 6 years ago, I did not test recent OpenLDAP versions. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7788] pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
by openldap-its＠openldap.org 02 Jun '20

02 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7788 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Hi Clément, this should still be possible if you set a default policy with pwdMaxRecordedFailure == 0, is there a reason this would not be appropriate before we go changing the default behaviour? Thanks, Ondrej -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8888] doc: sdf number disorder
by openldap-its＠openldap.org 01 Jun '20

01 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=8888 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST Keywords|OL_2_5_REQ | --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 47974536 by Quanah Gibson-Mount at 2020-06-01T19:05:26+00:00 Issue #8888 - Change numbered list to Note format -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8675] tools continuing after ldap_start_tls_ returns non-LDAP error
by openldap-its＠openldap.org 28 May '20

28 May '20

https://bugs.openldap.org/show_bug.cgi?id=8675 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch, IPR_OK, | |openldap-scratch | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9020] Inconsistent cn=config objectClasses for overlays
by openldap-its＠openldap.org 27 May '20

27 May '20

https://bugs.openldap.org/show_bug.cgi?id=9020 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- In fact, for autoCA, I'm not a fan of the other olc config attr names either -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9020] Inconsistent cn=config objectClasses for overlays
by openldap-its＠openldap.org 27 May '20

27 May '20

https://bugs.openldap.org/show_bug.cgi?id=9020 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- and Dyngroup does this as well -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9020] Inconsistent cn=config objectClasses for overlays
by openldap-its＠openldap.org 27 May '20

27 May '20

https://bugs.openldap.org/show_bug.cgi?id=9020 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- autoca continues this unfortunate trend -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8888] doc: sdf number disorder
by openldap-its＠openldap.org 27 May '20

27 May '20

https://bugs.openldap.org/show_bug.cgi?id=8888 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/75 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7530] gethostbyname_r fails if initial buffer size is too small
by openldap-its＠openldap.org 27 May '20

27 May '20

https://bugs.openldap.org/show_bug.cgi?id=7530 --- Comment #4 from ujvari(a)microsec.hu <ujvari(a)microsec.hu> --- Én köszönöm a javítást. It's me who thank you for fixing the problem. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8873] slapd-meta/ldap - Remove deprecated options
by openldap-its＠openldap.org 26 May '20

26 May '20

https://bugs.openldap.org/show_bug.cgi?id=8873 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • f926e667 by Quanah Gibson-Mount at 2020-05-26T19:59:56+00:00 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7990] (docs) Admin guide: bad link in password policy overlay section
by openldap-its＠openldap.org 26 May '20

26 May '20

https://bugs.openldap.org/show_bug.cgi?id=7990 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9156 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9156] latest ppolicy draft support
by openldap-its＠openldap.org 26 May '20

26 May '20

https://bugs.openldap.org/show_bug.cgi?id=9156 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7990 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7530] gethostbyname_r fails if initial buffer size is too small
by openldap-its＠openldap.org 26 May '20

26 May '20

https://bugs.openldap.org/show_bug.cgi?id=7530 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to ujvari(a)microsec.hu from comment #0) > Full_Name: Aron Ujvari köszönöm -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7530] gethostbyname_r fails if initial buffer size is too small
by openldap-its＠openldap.org 26 May '20

26 May '20

https://bugs.openldap.org/show_bug.cgi?id=7530 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • fb1933f5 by Quanah Gibson-Mount at 2020-05-26T19:18:02+00:00 Issue#7530 - Test for ERANGE when using 6 form gethostbyname_r -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Bug 9257] New: Abstract attribute types can be instantiated
by openldap-its＠openldap.org 25 May '20

25 May '20

https://bugs.openldap.org/show_bug.cgi?id=9257 Bug ID: 9257 Summary: Abstract attribute types can be instantiated Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- If you add 'name' or 'distinguishedName' attributes somewhere they are added seamlessly. However, these attributes are SLAP_AT_ABSTRACT, which > slap.h: #define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Issue 9267] New: libldap incorrectly accepts IP addresses in cert subject field as valid
by openldap-its＠openldap.org 23 May '20

23 May '20

https://bugs.openldap.org/show_bug.cgi?id=9267 Issue ID: 9267 Summary: libldap incorrectly accepts IP addresses in cert subject field as valid Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- With a cert that has no subjectAltName, and has an IP address in the subject, ldap client connections are still made instead of rejected. This appears to violate RFC 4513, section 3.1.3: The server's identity may also be verified by comparing the reference identity to the Common Name (CN) [RFC4519] value in the leaf Relative Distinguished Name (RDN) of the subjectName field of the server's certificate. This comparison is performed using the rules for comparison of DNS names in Section 3.1.3.1, below, with the exception that no wildcard matching is allowed. Although the use of the Common Name value is existing practice, it is deprecated, and Certification Authorities are encouraged to provide subjectAltName values instead. Note that the TLS implementation may represent DNs in certificates according to X.500 or other conventions. For example, some X.500 implementations order the RDNs in a DN using a left-to-right (most significant to least significant) convention instead of LDAP's right-to-left convention. I do know we have an exception to the above in relation to wildcards in subject, since many CAs only issue certs that way (or at least did so at the time). However that still revolves around DNS names. The acceptance of IP addresses is a separate matter and seems like it should be treated as a bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 7501] added TCP keepalive support to back_ldap
by openldap-its＠openldap.org 22 May '20

22 May '20

https://bugs.openldap.org/show_bug.cgi?id=7501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |FIXED Target Milestone|2.5.0 |--- --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #10) > Need to confirm that dynamic config conversion still works. conversion works > Need to ensure similar support in back-meta (back-asyncmeta too?) Support exists > Need to examine the bits that use #if 0 (comment#1) Looks fine Fixed in 2.4.34 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9059] session log parsing triggers cascading REFRESH
by openldap-its＠openldap.org 22 May '20

22 May '20

https://bugs.openldap.org/show_bug.cgi?id=9059 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 709d805f by Ondřej Kuzník at 2020-05-22T16:57:53+00:00 ITS#9059 Skip mincsn check if sessionlog replay was successful • f3952d94 by Ondřej Kuzník at 2020-05-22T16:57:53+00:00 ITS#9059 Document why we do FIND_CSN -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9165] Paged search results on FreeBSD exceed static buffer
by openldap-its＠openldap.org 21 May '20

21 May '20

https://bugs.openldap.org/show_bug.cgi?id=9165 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Side note: there were no security issues with the code, but it did have room for improvement which has now been done. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9165] Paged search results on FreeBSD exceed static buffer
by openldap-its＠openldap.org 20 May '20

20 May '20

https://bugs.openldap.org/show_bug.cgi?id=9165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 57d5aefe by Howard Chu at 2020-05-20T19:58:28+01:00 ITS#9165 Fix pageedResults cookie printing -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

https://bugs.openldap.org/show_bug.cgi?id=8376 --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Suspending until someone cares to work on this. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

https://bugs.openldap.org/show_bug.cgi?id=8376 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 19 May '20

19 May '20

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs