- openldap-bugs - openldap.org

[Bug 9253] New: Access not retained when last examined olcAccess has a "break" control
by openldap-its＠openldap.org 03 May '20

03 May '20

https://bugs.openldap.org/show_bug.cgi?id=9253 Bug ID: 9253 Summary: Access not retained when last examined olcAccess has a "break" control Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: kop(a)karlpinc.com Target Milestone: --- When the last examined olcAccess control is "break" then it does not matter what access rights have been granted by the rules, access is denied. Reproduce by having a database with a single access rule: to attrs=userPassword by anonymous =x Note that ldapwhoami successfully does a simple bind. Then, modify so that the single existing access rule is: to attrs=userPassword by anonymous =x break Users can no longer do a simple bind. You will see similar behavior with SASL binds, or any number of access rules. Access is denied when the the last examined access control is "break". The problem is at line 309 of: servers/slapd/acl.c (In master/HEAD, and probably all versions) -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 9252] New: OpenLDAP ldif file import issue
by openldap-its＠openldap.org 02 May '20

02 May '20

https://bugs.openldap.org/show_bug.cgi?id=9252 Bug ID: 9252 Summary: OpenLDAP ldif file import issue Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: pranjit_biswas(a)infosys.com Target Milestone: --- We are trying to install openldap.x86_64 - 2.4.44-21.el7_6 on an Linux RHEL 7.7 on AWS . We have installed and made changes to the config files and did a slaptest of the config file as shown below . [root@efg-ac cn=config]# slaptest -u 5ea6064f ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" 5ea6064f ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" config file testing succeeded Now we are importing the ldif file from our current on-prem server . Even though we were getting different errors earlier , after all the changes we have made to the config , the error that we are getting now is ldap_bind error for the credentials . [root@efg-dev cn=config]# ldapadd -w xxxxxxxx -x -D "cn=Manager,dc=bpost,dc=be" -f ldap_dump-27042020-DEV.ldif ldap_bind: Invalid credentials (49) We are not sure which password to give here . We have given the same credentials in the config file : olcDatabase={2}hdb.ldif olcRootDN: cn=Manager,dc=bpost,dc=be olcRootPW: xxxxxxxx Please assist -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 6347] JLDAP: LDIFReader should use UTF-8 character set instead of US-ASCII
by openldap-its＠openldap.org 30 Apr '20

30 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6347 --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- (In reply to drmuey+github from comment #2) > Would this make it so that non-ascii strings ar enot base 64 encoded? Changing how the reader works has no bearing on whether the writer does base 64 encoding. Your question makes no sense. The LDIF spec says the input values may be in UTF8 or base64 encoded, so this is a legitimate bug that should be fixed. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6347] JLDAP: LDIFReader should use UTF-8 character set instead of US-ASCII
by openldap-its＠openldap.org 30 Apr '20

30 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6347 --- Comment #2 from drmuey+github(a)gmail.com --- Would this make it so that non-ascii strings ar enot base 64 encoded? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9059] session log parsing triggers cascading REFRESH
by openldap-its＠openldap.org 30 Apr '20

30 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9059 --- Comment #5 from Howard Chu <hyc(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #4) > The response is triggered by > https://git.openldap.org/openldap/openldap/-/blob/ > fd23680a447b9efe1a481dd64d9c57f3873f3108/servers/slapd/overlays/syncprov. > c#L2886 but it looks like the sessionlog has already been replayed correctly. > > In that case, we are either finished or have a persistent search set up and > all remaining responses are queued up to be sent, so we shouldn't even care > if we can still find the CSN in the DB... Moving that whole `if` under > `do_present == 1` should then be enough and it might not be related to bug > 8125 at all. > > But then I might be missing something. Sounds OK. the MinCSN check is to make sure the DB hasn't already moved on past the consumer's cookie, but if the sessionlog validly spans the consumer cookie then the check isn't needed. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8155] add support for cacertdir with gnutls
by openldap-its＠openldap.org 30 Apr '20

30 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8155 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #2 from Ryan Tandy <ryan(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/60 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9059] session log parsing triggers cascading REFRESH
by openldap-its＠openldap.org 30 Apr '20

30 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9059 --- Comment #4 from Ondřej Kuzník <ondra(a)mistotebe.net> --- The response is triggered by https://git.openldap.org/openldap/openldap/-/blob/fd23680a447b9efe1a481dd64… but it looks like the sessionlog has already been replayed correctly. In that case, we are either finished or have a persistent search set up and all remaining responses are queued up to be sent, so we shouldn't even care if we can still find the CSN in the DB... Moving that whole `if` under `do_present == 1` should then be enough and it might not be related to bug 8125 at all. But then I might be missing something. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9240] New: Can't log to stdout/stderr
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9240 Bug ID: 9240 Summary: Can't log to stdout/stderr Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hadmut(a)danisch.de Target Milestone: --- Hi, slapd can send its logs and messages to syslog, which is nice and good in common Unix/Linux environments, but I didn't see any way to have the logs sent to stdout/stderr instead of syslog. When run in a docker/kubernetes container, which is a typical use nowadays, it should be run as a single process, and not require a separate syslog process just to write some logs to a file. There are dirty workarounds, but if run cleanly, it should be a standalone process. Therefore, it would be nice if slap had a container mode, where - it doesn't fork (currently available only through debugging mode) - sends logging to stdout/stderr instead of syslog regards -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 9202] Should limit depth of nested filters
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9202 --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Michael Ströder from comment #8) > Please add the CVE-Id to CHANGES so downstream packagers take note of it. That's currently not a tracked item in the format of the CHANGES file. I have been thinking of adding a customized field to bugzilla to track CVEs (we did that at a prior job I worked at). We may want to consider a format change for RE25 to allow for CVEs in the CHANGES file as well. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9202] Should limit depth of nested filters
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9202 --- Comment #8 from Michael Ströder <michael(a)stroeder.com> --- Please add the CVE-Id to CHANGES so downstream packagers take note of it. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9202] Should limit depth of nested filters
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9202 --- Comment #7 from carnil(a)debian.org --- (In reply to Quanah Gibson-Mount from comment #3) > CVE-2020-10704 FWIW: Note that there is a dedicated CVE id for this issue in OpenLDAP, which is CVE-2020-12243. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9233] New: Add argon2 module to contrib
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9233 Bug ID: 9233 Summary: Add argon2 module to contrib Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Now that the argon2 module is complete, add it to contrib for 2.4.50 -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 9230] New: slapindex man page states that truncate option (-t) only works with Quick Mode (-q)
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9230 Bug ID: 9230 Summary: slapindex man page states that truncate option (-t) only works with Quick Mode (-q) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: requate(a)univention.de Target Milestone: --- Created attachment 712 --> https://bugs.openldap.org/attachment.cgi?id=712&action=edit Patch proposal for doc/man/man8/slapindex.8 The slapindex man page states that truncate option (-t) only works with Quick Mode (-q), but from the source code I cannot see a reason for this restriction. Git blame shows that the statement predates back-mdb. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 9214] New: back-mdb: memory leak in dnSuperiorMatch search filter
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9214 Bug ID: 9214 Summary: back-mdb: memory leak in dnSuperiorMatch search filter Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Created attachment 709 --> https://bugs.openldap.org/attachment.cgi?id=709&action=edit Fix for cursor leak This is a MDB backend issue. Each time when a dnSuperiorMatch rule of a search filter matches DN that exists in the DIT, the matching operation leaks one MDB cursor. Leak happens in servers/slapd/back-mdb/dn2id.c`mdb_dn2sups(). Leak exists since MDB backend inception, i.e. commit 2011-09-01 0ba4206 Import back-mdb Fix attached. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 9206] New: contrib/passwd/argon2: consolidate libsodium implementation
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9206 Bug ID: 9206 Summary: contrib/passwd/argon2: consolidate libsodium implementation Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: peter(a)adpm.de Target Milestone: --- Created attachment 702 --> https://bugs.openldap.org/attachment.cgi?id=702&action=edit patch to consolidate pw-argon2 implementation based on libsodium Hi, current libsodium implementation of pw-argon2 has 2 issues: - it uses crypto_pwhash_str(), which only guarantees a "memory-hard, CPU-intensive hash function", but not necessarily Argon2. - it uses a different unit for the 'memory' parameter than the libargon2 implementation: bytes instead of KiB. The attached patch aims to fix both issues. (The patch is is git format, you can merge it using 'git am') I'd appreciate if you include them into OpenLDAP. The referenced files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter Marschall <peter(a)adpm.de>. I have not assigned rights and/or interest in this work to any party. The referenced modifications to OpenLDAP Software are subject to the following notice: Copyright 2020 Peter Marschall Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 9203] New: No manual page for module 'pw-argon2'
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9203 Bug ID: 9203 Summary: No manual page for module 'pw-argon2' Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: peter(a)adpm.de Target Milestone: --- Created attachment 698 --> https://bugs.openldap.org/attachment.cgi?id=698&action=edit add manual page to pw-argon2 contrib module Hi, the pw-argon2 password module lacks a manual page. Please find attached patches to upstream to fix the issue. I'd appreciate if you include them into OpenLDAP. The referenced files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter Marschall <peter(a)adpm.de>. I have not assigned rights and/or interest in this work to any party. The referenced modifications to OpenLDAP Software are subject to the following notice: Copyright 2015 Peter Marschall Redistribution and use in source and binary forms, with or without modification, are permitted only as authorizedy y the OpenLDAP Public License. -- You are receiving this mail because: You are on the CC list for the bug.

1 19

[Bug 9202] Should limit depth of nested filters
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9202 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9198] New: libraries: memory leak in UTF8bvnormalize()
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9198 Bug ID: 9198 Summary: libraries: memory leak in UTF8bvnormalize() Product: OpenLDAP Version: 2.4.49 Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: 1259039012(a)qq.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the bug.

1 14

[Bug 9182] slapd crash with invalid pcache config
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9182 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9175] ldapsearch segfault
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9175 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9171] slapd with ppolicy and pwdAccountLockedTime crashes
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9171 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9003] Update slapd-ldap(5) idassert-authzfrom for policy difference
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9003 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8683] SLAPD_META_CLIENT_PR hidden behind LDAP_DEVEL
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8683 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8650] EAGAIN from gnutls_handshake not respected
by openldap-its＠openldap.org 28 Apr '20

28 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8650 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs