- openldap-bugs - openldap.org

[Issue 7347] Exclusive bit masks for: ACL_WADD, ACL_WDEL, and ACL_WRITE
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7347 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |hyc(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7345] New Feature : Add Connection Information in Access Log Entries
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7345 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7345] New Feature : Add Connection Information in Access Log Entries
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7345 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch, IPR_OK | Target Milestone|2.7.0 |--- Resolution|--- |WONTFIX Status|UNCONFIRMED |RESOLVED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Better to consume this information from the operational logs at stat level -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7249] slapd segfault with memberof overlay on frontend db
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7249 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7249] slapd segfault with memberof overlay on frontend db
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7249 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Target Milestone|2.7.0 |--- Status|IN_PROGRESS |RESOLVED --- Comment #17 from Quanah Gibson-Mount <quanah(a)openldap.org> --- memberof is deprecated, any remaining issues will not be fixed. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7091] Limit ppolicy_forward_updates
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7091 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7091] Limit ppolicy_forward_updates
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7091 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Target Milestone|2.7.0 |--- Status|UNCONFIRMED |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- This would result in broken policies -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7047] slapd crash on bad indexed translucent
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7047 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7046] OpenLDAP logs nothing at info priority, excessive at debug priority
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7046 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7046] OpenLDAP logs nothing at info priority, excessive at debug priority
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7046 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|UNCONFIRMED |RESOLVED Target Milestone|2.7.0 |--- --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- better solution is to use local logging introduced with openldap 2.6 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7008] paged results against ldap-proxy errors with 'cookie is invalid'
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7008 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|SUSPENDED |WONTFIX --- Comment #17 from Quanah Gibson-Mount <quanah(a)openldap.org> --- See alternative solutions in comment #11 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7008] paged results against ldap-proxy errors with 'cookie is invalid'
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=7008 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7008] paged results against ldap-proxy errors with 'cookie is invalid'
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

1 0

[Issue 10112] New: We are working with the client that comes with openldap and cannot connect to TLS/SSL ldaps
by openldap-its＠openldap.org 12 Oct '23

12 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=10112 Issue ID: 10112 Summary: We are working with the client that comes with openldap and cannot connect to TLS/SSL ldaps Product: OpenLDAP Version: 2.6.6 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: 228844797(a)qq.com Target Milestone: --- Created attachment 985 --> https://bugs.openldap.org/attachment.cgi?id=985&action=edit slapd config Hello developers, Can you help me see how to solve this problem We are working with the client that comes with openldap and cannot connect to TLS/SSL ldaps,But I was able to access it using ldap:389 The server configuration information is as follows: Linux System version：Ubuntu 22.04.3 LTS OpenLDAP version：2.6.6 openssl version：OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) The slapd.ldif certificate is configured as follows: olcTLSCACertificateFile: /usr/local/openldap-2.6.6/cert/demoCA/newcerts/cacert.pem olcTLSCertificateFile: /usr/local/openldap-2.6.6/cert/demoCA/newcerts/slapd01-server.pem olcTLSCertificateKeyFile: /usr/local/openldap-2.6.6/cert/demoCA/private/slapd01-server-key.pem The server startup information is as follows: slapd -4 -F /usr/local/openldap-2.6.6/etc/openldap/slapd.d -h ldap:/// ldaps:/// ldapi:/// Configure the ldap.conf certificate on the client as follows: TLS_CACERT /usr/local/openldap-2.6.6/cert/demoCA/newcerts/ ####################################################################################################### Server local test failed: ldapwhoami -H ldaps://slapd.zxactions.com -d 1 The failure information is as follows: root@openldap-1:/usr/local/openldap-2.6.6/etc/openldap# ldapwhoami -H ldaps://slapd.zxactions.com -d 1 ldap_url_parse_ext(ldaps://slapd.zxactions.com) ldap_create ldap_url_parse_ext(ldaps://slapd.zxactions.com:636/??base) ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP slapd.zxactions.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.174.128:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect success TLS trace: SSL_connect:before SSL initialization TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL3 alert read:fatal:handshake failure TLS trace: SSL_connect:error in error TLS: can't connect: error:0A000410:SSL routines::sslv3 alert handshake failure. ldap_err2string ldap_sasl_interactive_bind: Can't contact LDAP server (-1) additional info: error:0A000410:SSL routines::sslv3 alert handshake failure ####################################################################################################### Failed to use the openssl tool: openssl s_client -connect slapd.zxactions.com:636 -debug The failure information is as follows: root@openldap-1:/usr/local/openldap-2.6.6/etc/openldap# openssl s_client -connect slapd.zxactions.com:636 -debug CONNECTED(00000003) write to 0x556ccbdb5c40 [0x556ccbdc5b30] (321 bytes => 321 (0x141)) 0000 - 16 03 01 01 3c 01 00 01-38 03 03 1a eb eb eb ad ....<...8....... 0010 - 52 f0 12 36 b2 cd ad 9c-6f c9 de 67 54 13 e3 47 R..6....o..gT..G 0020 - 23 ac 44 5c d9 51 2f d4-a5 0b cf 20 e6 f9 c1 6c #.D\.Q/.... ...l 0030 - e5 ce 18 9c ea f1 d6 67-a2 1f 71 3c 78 d4 c6 fb .......g..q<x... 0040 - 25 23 98 bd 38 90 1f 8c-13 94 b1 00 00 3e 13 02 %#..8........>.. 0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........ 0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.' 0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3.. 0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 b1 ...=.<.5./...... 0090 - 00 00 00 18 00 16 00 00-13 73 6c 61 70 64 2e 7a .........slapd.z 00a0 - 78 61 63 74 69 6f 6e 73-2e 63 6f 6d 00 0b 00 04 xactions.com.... 00b0 - 03 00 01 02 00 0a 00 16-00 14 00 1d 00 17 00 1e ................ 00c0 - 00 19 00 18 01 00 01 01-01 02 01 03 01 04 00 23 ...............# 00d0 - 00 00 00 16 00 00 00 17-00 00 00 0d 00 2a 00 28 .............*.( 00e0 - 04 03 05 03 06 03 08 07-08 08 08 09 08 0a 08 0b ................ 00f0 - 08 04 08 05 08 06 04 01-05 01 06 01 03 03 03 01 ................ 0100 - 03 02 04 02 05 02 06 02-00 2b 00 05 04 03 04 03 .........+...... 0110 - 03 00 2d 00 02 01 01 00-33 00 26 00 24 00 1d 00 ..-.....3.&.$... 0120 - 20 92 75 81 9c 09 28 95-68 b4 eb b1 9e 2c d5 9b .u...(.h....,.. 0130 - e3 99 13 36 68 87 b5 72-4d d6 3e 60 0f 47 50 db ...6h..rM.>`.GP. 0140 - 15 . read from 0x556ccbdb5c40 [0x556ccbdbc913] (5 bytes => 5 (0x5)) 0000 - 15 03 03 00 02 ..... read from 0x556ccbdb5c40 [0x556ccbdbc918] (2 bytes => 2 (0x2)) 0000 - 02 28 .( 800B77514E7F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 321 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- read from 0x556ccbdb5c40 [0x556ccbd0d650] (8192 bytes => 0) -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 6912] support for case sensitive SASL usernames
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] support for case sensitive SASL usernames
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

1 0

[Issue 6871] Feature Request: slapo-lastbind authTimeStamp attribute replicated in MMR deploy
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6871 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6871] Feature Request: slapo-lastbind authTimeStamp attribute replicated in MMR deploy
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6871 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- This is already built into OpenLDAP 2.6 with the pwdLastSuccess attribute which supports chaining and replicates a consistent value to all nodes. *** This issue has been marked as a duplicate of issue 9863 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9863] New: lastbind configuration fails to honor chaining configuration
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9863 Issue ID: 9863 Summary: lastbind configuration fails to honor chaining configuration Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- In an environment where consumers are configured to chain writes up to the providers, lastbind configuration fails to honor this which is generally what one would expect. This causes mismatches between the providers and consumers in regards to the database state. Additionally it introduces random serverIDs into the database. In my case, the providers have serverIDs 10, 20, 30 configured but the consumer is generating serverID 1 for the entryCSN. Expectation: consumer does not generate *any* entryCSN value and instead forwards the write op to the provider. Log from consumer: slap_get_csn: conn=1069 op=0 generated new csn=20220610180137.644625Z#000000#001#000000 manage=1 -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 6868] When used in conjunction with the translucent overlay, the rwm overlay filters out auxiliary objectclasses
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6868 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Is this still relevant since Samba4 uses its own ldap server? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6868] When used in conjunction with the translucent overlay, the rwm overlay filters out auxiliary objectclasses
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

1 0

[Issue 6477] Clarify ambiguous TLS/SSL Errors in libldap/tls2c.
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6477 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6477] Clarify ambiguous TLS/SSL Errors in libldap/tls2c.
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6477 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** This issue has been marked as a duplicate of issue 9157 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9157] return additional error code information when OPT_X_TLS_NEWCTX fails
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=9157 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bseklecki(a)noc.cfi.pgh.pa.us --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 6477 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6440] slapcat could write info about how it was run in form of LDIF comments
by openldap-its＠openldap.org 09 Oct '23

09 Oct '23

https://bugs.openldap.org/show_bug.cgi?id=6440 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs