- openldap-bugs - openldap.org

[Bug 8528] Incorrect results on replace op for olcAccess
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8528 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #5) > On Thu, Apr 02, 2020 at 04:59:46PM +0000, openldap-its(a)openldap.org wrote: > >> Not saying it's a bad idea, but the interactions with a delete mod might be > >> a little confusing: > > > > Well, that's why I limited the scope of this bug purely to replace ops where > > the entire structure is getting replaced. For add/delete, it must not re-order > > anything. > > Not so sure about that, my thinking is a replace: attr should be equal to > > delete: attr > - > add: attr > replaced values > > And you're now saying that's not the case anymore. Actually I was agreeing with you. ;) Like in this example: changetype: modify delete: olcAccess olcAccess: {2} olcAccess: {1} olcAccess: {0} It would be a disaster to re-order things, and the correct thing to do is what you proposed, which is to break them down into individual changes like: changetype: modify delete: olcAccess olcAccess: {2} - delete: olcAccess olcAccess: {1} - delete: olcAccess olcAccess: {0} I.e., reordering it to 0/1/2 would be very bad. ;) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7420] Way to bypass overlay unique and constranit
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7420 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1 Keywords| |OL_2_5_REQ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 5705] [enhancement] slapo-constraint could honor "relax" by not checking for constraints
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=5705 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9204 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8245] slapo-unique constraints bypassed by manageDsaIt, change to relax?
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8245 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9204 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7084] Password Modify Extended Operation to set pwdReset: TRUE
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7084 --- Comment #3 from Michael Ströder <michael(a)stroeder.com> --- Maybe my original comment was not clear enough. Of course it is sufficient for most use-cases to just check authz-DN != entryDN. My suggestion was to define a new attribute for a pwdPolicy entry for defining authz-IDs considered to be an administrator - kind of an additional constraint to the condition above. The syntax could be similar or the same to that already implemented for authzTo/authzFrom attributes. But no proxy authorization allowed at all. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7596] slapo-ppolicy: OpenLDAP returning incorrect value for "graceAuthNsRemaining"
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7596 --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- I'm not 100% sure that's the wrong number to return (according to the spec) as we should return "the number of values in that attribute subtracted from the value of pwdGraceAuthNLimit" and the number of values is one lower that you would expect while we're still processing the bind. Might be worth changing the message in the client to reflect that? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7084] Password Modify Extended Operation to set pwdReset: TRUE
by openldap-its＠openldap.org 06 Apr '20

06 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7084 --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- How about deciding whether this is an administrator by checking whether the authorization identity is the same as the entry DN? For those, we can add pwdReset to the modify unless already specified. The concern is there might be management frontends that use a common identity for their LDAP requests and don't do ProxyAuthZ, do we just force them to do the right thing now? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8769] Docs: Fix oid search extension syntax
by openldap-its＠openldap.org 05 Apr '20

05 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8769 --- Comment #2 from lukas.juhrich(a)agdsn.de <lukas.juhrich(a)agdsn.de> --- Updated source URL: https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_45/c… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6207] Build farm
by openldap-its＠openldap.org 04 Apr '20

04 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6207 --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- AFAIK Need to figure out first how to make a windows environment look like gitlab runner. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8245] slapo-unique constraints bypassed by manageDsaIt, change to relax?
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8245 --- Comment #13 from Ryan Tandy <ryan(a)openldap.org> --- (In reply to Michael Ströder from comment #6) > Please correct if I'm wrong but AFAIK you need 'manage' privilege to > circumvent constraints (e.g. slapo-constraint and slapo-ppolicy). That doesn't appear to be the case. A user with only 'write' privilege can actually use Relax to modify attributes freely, bypassing slapo-constraint. Personally I find this behaviour quite surprising. I would have expected both overlays to behave like slapo-unique does (Relax honoured only with manage access). As an administrator, configuring an overlay such as slapo-constraint seems fairly pointless if users can simply ignore it any time they choose. I don't understand the global Relax handling for Add/Rename, but not Modify, either. If I understand the two options Ondřej described, either we should require manage access _always_ in the presence of Relax, or only if the request actually needs some rules to be relaxed. But AFAICT neither of those is (consistently) the case right now... (I guess this gets rather off-topic for this ticket, sorry!) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8454] slapo-auditlog man page needs some improvement
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8454 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|audit-log overlay man pag |slapo-auditlog man page |needs some improvement |needs some improvement -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #5 from Ryan Tandy <ryan(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/23 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|slapd |backends -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|VERIFIED |CONFIRMED Resolution|WORKSFORME |--- Ever confirmed|0 |1 --- Comment #4 from Ryan Tandy <ryan(a)openldap.org> --- I'm reopening this, because my MSYS2/MinGW environment still reproduces it (after fixing ITS#8383): make[3]: Entering directory '/home/ryan/openldap/servers/slapd/back-mdb' /bin/sh ../../../libtool --tag=disable-shared --mode=compile cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -I./../../../libraries/liblmdb -c init.c cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -I./../../../libraries/liblmdb -c init.c -o init.o In file included from ../slap.h:39, from back-mdb.h:21, from init.c:25: ../../../include/ac/socket.h:101: warning: "EWOULDBLOCK" redefined 101 | #define EWOULDBLOCK WSAEWOULDBLOCK | In file included from ../../../include/ac/errno.h:21, from init.c:23: C:/msys64/mingw64/x86_64-w64-mingw32/include/errno.h:166: note: this is the location of the previous definition 166 | #define EWOULDBLOCK 140 | In file included from ../slap.h:39, from back-mdb.h:21, from init.c:25: ../../../include/ac/socket.h:102: warning: "EINPROGRESS" redefined 102 | #define EINPROGRESS WSAEINPROGRESS | In file included from ../../../include/ac/errno.h:21, from init.c:23: C:/msys64/mingw64/x86_64-w64-mingw32/include/errno.h:158: note: this is the location of the previous definition 158 | #define EINPROGRESS 112 | In file included from ../slap.h:39, from back-mdb.h:21, from init.c:25: ../../../include/ac/socket.h:103: warning: "ETIMEDOUT" redefined 103 | #define ETIMEDOUT WSAETIMEDOUT | In file included from ../../../include/ac/errno.h:21, from init.c:23: C:/msys64/mingw64/x86_64-w64-mingw32/include/errno.h:223: note: this is the location of the previous definition 223 | #define ETIMEDOUT 138 | In file included from init.c:25: back-mdb.h:71:2: error: unknown type name 'uint32_t' 71 | uint32_t mi_dbenv_flags; | ^~~~~~~~ back-mdb.h:85:2: error: unknown type name 'uint32_t' 85 | uint32_t mi_rtxn_size; | ^~~~~~~~ back-mdb.h:87:2: error: unknown type name 'uint32_t' 87 | uint32_t mi_txn_cp_min; | ^~~~~~~~ back-mdb.h:88:2: error: unknown type name 'uint32_t' 88 | uint32_t mi_txn_cp_kbyte; | ^~~~~~~~ init.c: In function 'mdb_db_open': init.c:90:2: error: unknown type name 'uint32_t'; did you mean 'wint_t'? 90 | uint32_t flags; | ^~~~~~~~ | wint_t make[3]: *** [Makefile:343: init.lo] Error 1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6207] Build farm
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6207 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Be great if we can add MSYS2/MINGW into the build stack, along the lines of what's done here: https://gitlab.freedesktop.org/gstreamer/gst-ci -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8753 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8383] msys build error "portable.h:1116:19: error: two or more data types in declaration specifiers"
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8383 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 27545be4 by Ryan Tandy at 2020-04-03T16:59:15+00:00 ITS#8383 Look for socklen_t in <ws2tcpip.h> too MinGW targets do not have the <sys/socket.h> header. The configure check would conclude that there is no socklen_t type, resulting in portable.h containing its own definition of socklen_t, which would later conflict with the actual definition in <ws2tcpip.h>. Add <ws2tcpip.h> to the configure check for socklen_t, so that the defined type is correctly detected. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

1 0

[Bug 6207] Build farm
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6207 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6207] Build farm
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6207 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6207] Build farm
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6207 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 6d9e9e6c by Ondřej Kuzník at 2020-04-03T09:47:46+01:00 ITS#6207 Print out test timings • e0c80d6b by Ondřej Kuzník at 2020-04-03T10:27:03+01:00 ITS#6207 Add GitLab CI -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8528] Incorrect results on replace op for olcAccess
by openldap-its＠openldap.org 03 Apr '20

03 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8528 --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Thu, Apr 02, 2020 at 04:59:46PM +0000, openldap-its(a)openldap.org wrote: >> Not saying it's a bad idea, but the interactions with a delete mod might be >> a little confusing: > > Well, that's why I limited the scope of this bug purely to replace ops where > the entire structure is getting replaced. For add/delete, it must not re-order > anything. Not so sure about that, my thinking is a replace: attr should be equal to delete: attr - add: attr replaced values And you're now saying that's not the case anymore. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9181] Non-initialised global options mutex causes problems on Windows
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9181 --- Comment #5 from Ryan Tandy <ryan(a)openldap.org> --- Hi Howard, I'm testing my patch for ITS#8383 and this one seems to have broken the build in my MSYS2/MinGW environment: cc -g -O2 -I../../include -I../../include -c -o ntservice.o ntservice.c In file included from ../../include/portable.h:1173, from ntservice.c:20: ../../include/ldap_int_thread.h:156:43: error: unknown type name 'ldap_pvt_thread_mutex_t'; did you mean 'ldap_int_thread_mutex_t'? 156 | ldap_pvt_thread_mutex_init_first LDAP_P(( ldap_pvt_thread_mutex_t *mutex )); | ^~~~~~~~~~~~~~~~~~~~~~~ ../../include/ldap_cdefs.h:32:25: note: in definition of macro 'LDAP_P' 32 | # define LDAP_P(protos) protos | ^~~~~~ make[2]: *** [<builtin>: ntservice.o] Error 1 ldap_int_thread.h is included at the top of ldap_pvt_thread.h, so this declaration is seen before the ldap_pvt_* typedefs. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8383] msys build error "portable.h:1116:19: error: two or more data types in declaration specifiers"
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8383 --- Comment #4 from Ryan Tandy <ryan(a)openldap.org> --- Thanks Quanah for spending some time on this with me. I note this bug occurs under MSYS2 when running the "MSYS2 MinGW 64-bit" environment (MSYSTEM=MINGW64). It does not occur under the "MSYS2 MSYS" environment (MSYSTEM=MSYS). Quanah's build system seems a bit unique (MSYSTEM=MSYS but adding /mingw64/bin to PATH, possibly other differences too). I think my patch is a correct fix for people wanting to build under a pure MinGW environment. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs