- openldap-bugs - openldap.org

[Bug 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind
by openldap-its＠openldap.org 17 Apr '20

17 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7966 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.6.0 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9009] 2.6: Switch to LMDB v1.0
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9009 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|2.5: Switch to LMDB v1.0 |2.6: Switch to LMDB v1.0 Target Milestone|2.5.0 |2.6.0 Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6745] HEAD emfile race condition -> slapd stopping listening?
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6745 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6745] HEAD emfile race condition -> slapd stopping listening?
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6745 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit 0daf80129a7e3fa9ac10738fb8b86dfcdfa6eb09 (HEAD -> OPENLDAP_REL_ENG_2_4, origin/OPENLDAP_REL_ENG_2_4) Author: Ryan Tandy <ryan(a)nardis.ca> Date: Thu Apr 16 10:46:18 2020 -0700 ITS#9181 fix ldap_pvt_thread_mutex_t used before its definition -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • d5e133f4 by Ryan Tandy at 2020-04-16T19:15:31+00:00 ITS#9181 fix ldap_pvt_thread_mutex_t used before its definition 2 changed files: • include/ldap_int_thread.h • libraries/libldap_r/thr_nt.c -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 --- Comment #7 from Ryan Tandy <ryan(a)openldap.org> --- (In reply to Howard Chu from comment #6) > Can you retry, changing that declaration to use ldap_int_thread_mutex_t > instead? Looks like it's on its way to compiling with that, yeah. I'll wait for the build to finish and put up a merge request. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.4.50 |2.4.51 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.4.50 Resolution|TEST |FIXED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit f5143f99eeb66d4f5698284391ed7adf6cef9f03 (HEAD -> OPENLDAP_REL_ENG_2_4, origin/OPENLDAP_REL_ENG_2_4) Author: Ryan Tandy <ryan(a)nardis.ca> Date: Fri Apr 3 15:15:27 2020 -0700 ITS#7878 Replace uint32_t with unsigned in back-mdb init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares flags as unsigned int. search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to silence a warning about signed/unsigned comparison. config.c: parse checkpoint config more carefully. Reject negative or unreasonably large values for kbytes and minutes. Ensure both values are parsed successfully before making any changes. Fixes a compilation failure under MinGW, where stdint.h types are not implicitly pulled in by other headers. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8383] msys build error "portable.h:1116:19: error: two or more data types in declaration specifiers"
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8383 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED Target Milestone|2.5.0 |2.4.50 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit 6fe9b0c65479363e4f9f03dd85fc81b2940f62df Author: Ryan Tandy <ryan(a)nardis.ca> Date: Sun Sep 1 11:53:37 2019 -0700 ITS#8383 Look for socklen_t in <ws2tcpip.h> too MinGW targets do not have the <sys/socket.h> header. The configure check would conclude that there is no socklen_t type, resulting in portable.h containing its own definition of socklen_t, which would later conflict with the actual definition in <ws2tcpip.h>. Add <ws2tcpip.h> to the configure check for socklen_t, so that the defined type is correctly detected. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 --- Comment #6 from Howard Chu <hyc(a)openldap.org> --- (In reply to Ryan Tandy from comment #5) > Hi Howard, I'm testing my patch for ITS#8383 and this one seems to have > broken the build in my MSYS2/MinGW environment: > > cc -g -O2 -I../../include -I../../include -c -o ntservice.o > ntservice.c > In file included from ../../include/portable.h:1173, > from ntservice.c:20: > ../../include/ldap_int_thread.h:156:43: error: unknown type name > 'ldap_pvt_thread_mutex_t'; did you mean 'ldap_int_thread_mutex_t'? > 156 | ldap_pvt_thread_mutex_init_first LDAP_P(( ldap_pvt_thread_mutex_t > *mutex )); > | ^~~~~~~~~~~~~~~~~~~~~~~ > ../../include/ldap_cdefs.h:32:25: note: in definition of macro 'LDAP_P' > 32 | # define LDAP_P(protos) protos > | ^~~~~~ > make[2]: *** [<builtin>: ntservice.o] Error 1 > > ldap_int_thread.h is included at the top of ldap_pvt_thread.h, so this > declaration is seen before the ldap_pvt_* typedefs. Can you retry, changing that declaration to use ldap_int_thread_mutex_t instead? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9223] New: Add support for incremental backup
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9223 Bug ID: 9223 Summary: Add support for incremental backup Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- For LMDB 1.0, add support for incremental backups -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 6937] Remove --enable-proctitle and strdup(optarg)
by openldap-its＠openldap.org 16 Apr '20

16 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6937 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • a97eed06 by Quanah Gibson-Mount at 2020-04-15T19:32:28+00:00 ITS#6937 - Remove unused proctitle bits -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6531] Modify updateref to generate referrals on the backend
by openldap-its＠openldap.org 15 Apr '20

15 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6531 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |OL_2_5_REQ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6166] Overlay/backend restructuring
by openldap-its＠openldap.org 15 Apr '20

15 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6166 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |OL_2_5_REQ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.0 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #6 from Ryan Tandy <ryan(a)openldap.org> --- Commits: 38f9dd2f by Ryan Tandy at 2020-04-14T10:04:33-07:00 ITS#7878 Replace uint32_t with unsigned in back-mdb -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

1 0

[Bug 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9043 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • f6d9fdc4 by Ondřej Kuzník at 2020-04-14T09:58:03+01:00 ITS#9043 Improve replication loggging -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9156] latest ppolicy draft support
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9156 --- Comment #10 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Thu, Apr 09, 2020 at 02:41:54PM +0000, openldap-its(a)openldap.org wrote: > The problem was that I was using old lastbind overlay, which in some way was in > conflict with current lastbind. > If I understand correctly, the current lastbind is now completely included into > OpenLDAP 2.5? No, features you might want to configure lastbind with do not (yet) have an equivalent in the core implementation, so I haven't removed it from 2.5 yet. > It is very important to me, because as a maintainer of OpenLDAP-LTB, we would > have to warn people that the configuration parameters have changed (overlay > lastbind -> lastbind on) and that the overlay won't be provided any more. > > >> - pwdStartTime, pwdEndTime: OK, but there is no special ppolicy code returned, >> and if I read correctly the draft >> (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.1), >> an "accountLocked" extended error code should be triggered. > > I was simply missing the ppolicy_use_lockout parameter. > One remark though: the reason of locking is not very explicit. > I understand that many companies/organizations will consider it is a good thing > to hide this information for security reasons. For the others, maybe could we > have some sort of level? > Configuration example: > lockout_message_description [none|minimal|verbose] The message is output by the client, the only information provided is the ppolicy response control: https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-6.2 (or rather https://git.openldap.org/openldap/openldap/-/blob/master/doc/drafts/draft-b…) Providing any more information would need to be integrated into the draft as well. > In the specification the extended error code could simply stay as it is: > "(1)Account locked", but we could add a more precise description in case the > verbose mode is enabled: "(1)Account locked (account unused for a too long > time)" -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8731] Variadic Debug() macro
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8731 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • bbe20cbf by Ryan Tandy at 2020-04-13T18:57:50+00:00 ITS#8731 cleanup unused logbuf -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6567] Delete and remove everything related to ldap_gssapi_bind_s
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6567 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • e50741e4 by Quanah Gibson-Mount at 2020-04-13T17:19:35+00:00 ITS#6567 - More cleanup -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8650] EAGAIN from gnutls_handshake not respected
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

1 0

[Bug 9210] New: [with patch] Infinite retry-loop (and thus 100% CPU-Usage) when lots of requests are issued
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9210 Bug ID: 9210 Summary: [with patch] Infinite retry-loop (and thus 100% CPU-Usage) when lots of requests are issued Product: OpenLDAP Version: 2.4.47 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: lukas.juhrich(a)agdsn.de Target Milestone: --- Created attachment 706 --> https://bugs.openldap.org/attachment.cgi?id=706&action=edit Patch adding errno resets *tl;dr* single-stepping revealed a missing `errno` reset in `ber_int_sb_write`s retry loop. An sssd-setup of ours, which we use for basic-auth on one of our services, issues ldap calls. When under load, i.e. when many `ldap_search_ext` calls had to be issued due to many requests, we observed that the corresponding process/thread went up to 100% CPU usage and stayed there. - This was the [flamegraph](https://helios.wh2.tu-dresden.de/~shreyder/sssd_be%20--domain%20dom-http-wiki.svg), where you can see that it was stuck below `ber_int_sb_write`. - Single-Stepping with GDB revealed that we are stuck in the `for(;;)`-Retry-loop. Indeed, we could observe that the `sbi_write` was successful, but the `errno` continued to be `EINTR` every time I hit that breakpoint. - Patching `sockbuf.c` as attached and rebuilding resolved the issue. I also noticed similar sections with such a loop in `sockbuf.c` and added `errno = 0;` at the beginning of each iteration. In principle, they should suffer from the same problem. The reasoning for why this happened under load is that with many requests being issued, the probability that the write happens when the process gets an _actual_ interrupt is much higher, and once that happens, we're stuck in the infinite loop. -- You are receiving this mail because: You are on the CC list for the bug.

1 18

[Bug 8650] EAGAIN from gnutls_handshake not respected
by openldap-its＠openldap.org 12 Apr '20

12 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8650 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #18 from Howard Chu <hyc(a)openldap.org> --- Commits: • 735e1ab by Howard Chu at 2020-04-12T22:18:51+00:00 ITS#8650 loop on incomplete TLS handshake -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs