- openldap-bugs - openldap.org

[Issue 9966] New: slapd crashes in pcache consistency_check()
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9966 Issue ID: 9966 Summary: slapd crashes in pcache consistency_check() Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: aweits(a)rit.edu Target Milestone: --- The pcache overlay (when run with multiple templates) crashes in the consistency checker. Cause appears to be that "expires" is not reset for the next iteration of the template loop. I can provide more details if necessary. Server does not crash with this in place: diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 423c19641e72..7b9e2061f927 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -3628,6 +3628,8 @@ consistency_check( if ( rem ) free_query(query); } + expires = NULL; + /* handle refreshes that we skipped earlier */ if ( templ->ttr ) { ldap_pvt_thread_rdwr_rlock(&templ->t_rwlock); valgrind says: ==217138== Thread 13: ==217138== Invalid read of size 8 ==217138== at 0x63949EE: consistency_check (pcache.c:3604) ==217138== by 0x48A5DB9: ldap_int_thread_pool_wrapper (tpool.c:1053) ==217138== by 0x5016801: start_thread (in /usr/lib64/libc.so.6) ==217138== by 0x4FB6313: clone (in /usr/lib64/libc.so.6) ==217138== Address 0x6d14c60 is 160 bytes inside a block of size 240 free'd ==217138== at 0x48470E4: free (vg_replace_malloc.c:872) ==217138== by 0x63949DE: UnknownInlinedFun (pcache.c:1548) ==217138== by 0x63949DE: consistency_check (pcache.c:3628) ==217138== by 0x48A5DB9: ldap_int_thread_pool_wrapper (tpool.c:1053) ==217138== by 0x5016801: start_thread (in /usr/lib64/libc.so.6) ==217138== by 0x4FB6313: clone (in /usr/lib64/libc.so.6) ==217138== Block was alloc'd at ==217138== at 0x484486F: malloc (vg_replace_malloc.c:381) ==217138== by 0x48C8804: ber_memalloc_x (memory.c:228) ==217138== by 0x4598C2: ch_malloc (in /usr/local/libexec/slapd) ==217138== by 0x6391276: add_query (pcache.c:1562) ==217138== by 0x639ADEF: pcache_op_cleanup (pcache.c:2376) ==217138== by 0x52498D: ??? (in /usr/local/libexec/slapd) ==217138== by 0x452C32: ??? (in /usr/local/libexec/slapd) ==217138== by 0x4536BC: slap_send_ldap_result (in /usr/local/libexec/slapd) ==217138== by 0x4CF9EA: ldap_back_search (in /usr/local/libexec/slapd) ==217138== by 0x4BD022: overlay_op_walk (in /usr/local/libexec/slapd) ==217138== by 0x4BD1A0: ??? (in /usr/local/libexec/slapd) ==217138== by 0x4415D8: fe_op_search (in /usr/local/libexec/slapd) ==217138== Happy Holidays! -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9960] New: Problem with accesslog overlay along with dynlist overlay
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9960 Issue ID: 9960 Summary: Problem with accesslog overlay along with dynlist overlay Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: carsten.jaeckel(a)tu-dortmund.de Target Milestone: --- As long as only the accesslog overlay is used the logging works as expected. Successfully logged search access: ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W -b dc=users,dc=example,dc=com cn=user1 mail Result of ldapsearch -H ldaps://ldap.example.com:636 -D cn=log -W -b cn=log objectclass=*: ###################################### ... # 20221212145029.000000Z, log dn: reqStart=20221212145029.000000Z,cn=log objectClass: auditBind reqStart: 20221212145029.000000Z reqEnd: 20221212145029.000001Z reqType: bind reqSession: 1022 reqAuthzID: reqDN: cn=manager,dc=example,dc=com reqResult: 0 reqVersion: 3 reqMethod: SIMPLE # 20221212145029.000002Z, log dn: reqStart=20221212145029.000002Z,cn=log objectClass: auditSearch reqStart: 20221212145029.000002Z reqEnd: 20221212145029.000003Z reqType: search reqSession: 1022 reqAuthzID: manager,dc=example,dc=com reqDN: dc=users,dc=example,dc=com reqResult: 0 reqScope: sub reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (cn=user1) reqAttr: mail reqEntries: 1 reqTimeLimit: -1 reqSizeLimit: -1 # 20221212145029.000004Z, log dn: reqStart=20221212145029.000004Z,cn=log objectClass: auditObject reqStart: 20221212145029.000004Z reqEnd: 20221212145029.000005Z reqType: unbind reqSession: 1022 reqAuthzID: manager,dc=example,dc=com ###################################### After adding overlay dynlist the information in the accesslog database after the same search operation ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W -b dc=users,dc=example,dc=com cn=user1 mail is as follows: ###################################### ... # 20221212144859.000000Z, log dn: reqStart=20221212144859.000000Z,cn=log objectClass: auditBind reqStart: 20221212144859.000000Z reqEnd: 20221212144859.000001Z reqType: bind reqSession: 1019 reqAuthzID: reqDN: manager,dc=example,dc=com reqResult: 0 reqVersion: 3 reqMethod: SIMPLE # 20221212144859.000002Z, log dn: reqStart=20221212144859.000002Z,cn=log objectClass: auditSearch reqStart: 20221212144859.000002Z reqEnd: 20221212144859.000003Z reqType: search reqSession: 1019 reqAuthzID: manager,dc=example,dc=com reqDN: dc=users,dc=example,dc=com reqResult: 0 reqScope: sub reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (objectClass=groupOfURLs) reqAttr: memberURL reqEntries: 0 reqTimeLimit: -1 reqSizeLimit: -1 # 20221212144859.000005Z, log dn: reqStart=20221212144859.000005Z,cn=log objectClass: auditObject reqStart: 20221212144859.000005Z reqEnd: 20221212144859.000006Z reqType: unbind reqSession: 1019 reqAuthzID: manager,dc=example,dc=com ###################################### Configuration: ###################################### dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb ... olcSuffix: dc=example,dc=com olcSyncUseSubentry: FALSE dn: olcOverlay={0}refint,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: {0}refint olcRefintAttribute: member olcRefintAttribute: memberOf olcRefintNothing: cn=tgroup,dc=groups,dc=example,dc=com dn: olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcPPolicyConfig objectClass: top olcOverlay: {1}ppolicy olcPPolicyHashCleartext: TRUE dn: olcOverlay={2}dynlist,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcDynListConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {2}dynlist olcDynListAttrSet: {0}groupOfURLs memberURL member+memberOf@groupOfNames dn: olcOverlay={3}lastbind,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 86400 dn: olcOverlay={4}accesslog,olcDatabase={1}mdb,cn=config objectClass: olcAccessLogConfig objectClass: olcConfig objectClass: olcOverlayConfig objectClass: top olcAccessLogDB: cn=log olcOverlay: {4}accesslog olcAccessLogOld: (objectClass=inetOrgPerson) olcAccessLogOldAttr: description olcAccessLogOps: all olcAccessLogPurge: 01:00 00:15 ###################################### -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9929] New: slapo-dynlist unnecessary search for dynamic lists
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9929 Issue ID: 9929 Summary: slapo-dynlist unnecessary search for dynamic lists Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- An extra initial search is performed by slapo-dynlist to make dynamic groups filterable. This search is not needed for dynamic lists, but is still occurring. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9924] New: Increased/RunAway memory usage slapo-deref
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9924 Issue ID: 9924 Summary: Increased/RunAway memory usage slapo-deref Product: OpenLDAP Version: 2.5.13 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: erikdewaard(a)gmail.com Target Milestone: --- Created attachment 916 --> https://bugs.openldap.org/attachment.cgi?id=916&action=edit slapd.conf Increased/RunAway memory usage slapo-deref Running: 2.5.13 After enabling slapo-deref slapd memory usage increased and growing. I can reproduce this on every consumer with deref enabled. From: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 173229 ldap 20 0 26.6g 1.0g 941996 S 4.0 0.8 3674:19 slapd To: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2745810 ldap 20 0 141.5g 115.8g 468940 S 3.0 92.5 312:42.93 slapd How best to debug this? I should probably recompile to get all symbols for slapd available. #valgrind.sh valgrind --leak-check=full \ --show-leak-kinds=all \ --extra-debuginfo-path=/usr/lib/debug/usr/lib64/openldap \ --allow-mismatched-debuginfo=yes \ --track-origins=yes \ --error-limit=no \ --verbose \ --log-file=valgrind-out.txt \ /usr/sbin/slapd -F /etc/openldap/slapd.d -u ldap -h "ldap:/// ldaps:/// ldapi:///" #mleak.sh LD_PRELOAD=/tmp/mleak/mleak.so \ /usr/sbin/slapd -F /etc/openldap/slapd.d -u ldap -h "ldap:/// ldaps:/// ldapi:///" sent kill -2 #mleak_report.sh ./mdump /usr/sbin/slapd ml.* ./report.sh | more fncdump: Cant open linux-vdso.so.1 Memory leaks (14480 total): -- You are receiving this mail because: You are on the CC list for the issue.

1 16

[Issue 9915] New: Changing slapo-unique to use serialize causes cn=config replication to fail
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9915 Issue ID: 9915 Summary: Changing slapo-unique to use serialize causes cn=config replication to fail Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- I updated my slapo-unique configuration from: olcUniqueURI: ldap:///?uid?sub? to olcUniqueURI: "serialize ldap:///?uid?sub?" and replication of the config database fails with the following error: syncrepl_null_callback: error code 0x50 syncrepl_entry: rid=001 be_modify olcOverlay={2}unique,olcDatabase={2}mdb,cn=config (80) syncrepl_entry: rid=001 be_modify failed (80) -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9897] New: ldapcompare return FALSE when dynlist in use
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9897 Issue ID: 9897 Summary: ldapcompare return FALSE when dynlist in use Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: sdalu(a)sdalu.com Target Milestone: --- The server configuration enable dynlist with: overlay dynlist dynlist-attrset groupOfURLs memberURL member Entry is: dn: cn=Admins,ou=Services,ou=Members,dc=zog,dc=com member: uid=foo,ou=People,dc=zog,dc=com cn: Admins objectClass: groupOfNames The ldap compare will return false, was expected true ldapcompare -x cn=Admins,ou=Services,ou=Members,dc=zog,dc=com member:uid=foo,ou=People,dc=zog,dc=com Now if I comment the dynlist-attrset directive, I will get TRUE for the same ldapcompare request -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9984] New: Balancer listener thread exits when all listeners are suspended
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9984 Issue ID: 9984 Summary: Balancer listener thread exits when all listeners are suspended Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- If lloadd runs out of file descriptors, the listeners are paused temporarily, however the event base is not configured to stick around if all of its tasks have finished. In case all of the listeners are paused, the event base exits and listener thread goes away. A patch is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9983] New: operation_unlink files the operation before it is fully unlinked
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9983 Issue ID: 9983 Summary: operation_unlink files the operation before it is fully unlinked Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- In epoch based memory management, objects should only be submitted for reclaiming when no actors can reach them unless they've done that before the submission happened. This is broken in operation_unlink(): It calls try_release_ref() at the beginning where the operation is added to the to-reclaim list, only then it proceeds to unlink it from other objects. The following sequence is then possible: - current_epoch == 1 (no threads are alive in epoch == 0) - in thread 1 (epoch = 1), try_release_ref() marks the object to be reclaimed in current_epoch - thread 2 activates and current_epoch is incremented (current_epoch == 2) - thread 2 handles an Unbind for the operation's client and reaches client_reset() (epoch == 2) - thread 2 (client_reset) snapshots and clears client->c_ops (among other things, c->c_ops links to our object) - thread 1 finishes operation_unlink, deactivates and there are no more threads in epoch == 1 - thread 3 activates and current_epoch is incremented (current_epoch == 3), there are objects in epoch == 1, namely the object above which is now destroyed (freed) - thread 2 wakes up again and tries to call operation_abandon on the above object, this accesses memory freed epoch_append (and try_release_ref) should only be called when unlinking has finished. I'm testing a patch right now. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9947] New: Race in epoch.c
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9947 Issue ID: 9947 Summary: Race in epoch.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: lloadd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When epoch_leave() tests whether other threads might still be alive, it can test things in reverse order, testing too early to catch a thread to come in and too late to see a thread that just left. If those two saw each other, the clock would not advance and the data in refs might actually still be a reachable pointer. The tests in epoch_leave can actually be simplified leading to machine code not all compilers could figure out by themselves. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9925] New: Fix some compilation issues around usage of #if and #ifdef
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9925 Issue ID: 9925 Summary: Fix some compilation issues around usage of #if and #ifdef Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: connor.smith(a)hitachivantara.com Target Milestone: --- Created attachment 918 --> https://bugs.openldap.org/attachment.cgi?id=918&action=edit git format-patch I noticed a few issues while working with OpenLDAP that would lead to compiler warnings and the like in our particular build environment. They're quite minor, but it would still be good to have them patched upstream. In include/ac/socket.h: Use #elif defined(...) for HAVE_WINSOCK and MACOS. All other instances of these macros use #ifdef or similar. A compiler may warn about them not being defined. In libraries/liblber/sockbuf.c, (DOS && PCNFS) and (DOS && NCSA) were replaced with HAVE_PCNFS and HAVE_NCSA, respectively. It seems logical to do the same at the only remaining occurrence of DOS, PCNFS, and NCSA. For context on the latter: the actual warning was about #elif DOS, similar to #elif HAVE_WINSOCK and #elif MACOS, but looking into it it seemed to make sense to bring socket.h in line with sockbuf.c. In libraries/liblunicode/ucdata/ucgendat.c: Use #if HARDCODE_DATA consistently, replacing two instances of #ifdef. HARDCODE_DATA is always defined, and this way you can set HARDCODE_DATA to 0 and have it work, rather than it going down the wrong branch and failing in these two cases. An IPR notice, with this work having been done as part of my employment: The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch were developed by Hitachi Vantara. Hitachi Vantara has not assigned rights and/or interest in this work to any party. I, Connor Smith, am authorized by Hitachi Vantara, my employer, to release this work under the following terms. Hitachi Vantara hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. Please let me know if there are any issues with the attached patch, or if there's anything else I need to do. Thanks. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9904] New: A Potential NPD
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9904 Issue ID: 9904 Summary: A Potential NPD Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: 1157401338(a)qq.com Target Milestone: --- Created attachment 911 --> https://bugs.openldap.org/attachment.cgi?id=911&action=edit diagram of NPD Hi, I found a NPD bug in the project source code of ldap, and I have shown the execution sequence of the program that may have generated the bug on a diagram,which is added to the attachment The red text illustrates the steps that created the bug the red arrows represent the call relationships the file path can be seen in the blue framed section. additionally,at step 4 I do not expand more detail about why function ber_memalloc_x can return null(actually it can be seen as function malloc and the reason ber_memalloc_x return null is same with malloc),because there are many code snippet can be found in project source code that judge whether ber_memalloc_x return null and make further process if return value equal to null. I look forward to your reply and thank you very much for your patience! -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9901] New: Fix non-standard printf arguments in liblbert and libldap
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9901 Issue ID: 9901 Summary: Fix non-standard printf arguments in liblbert and libldap Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- Created attachment 910 --> https://bugs.openldap.org/attachment.cgi?id=910&action=edit Patch gainst source tarball As a followup to Bug 9898 and Bug 9899 I have played around with LLVM 13 and "-std=c17 -pedantic -Wall" it fails to compile several files. Find a patch attached which makes it standards compliant. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9899] New: "cyrus.c" uses non-portable GNU extension for void pointer arithmetics and fails on HP-UX aCC
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9899 Issue ID: 9899 Summary: "cyrus.c" uses non-portable GNU extension for void pointer arithmetics and fails on HP-UX aCC Product: OpenLDAP Version: 2.6.3 Hardware: All OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- On HP-UX with cc: HP C/aC++ B3910B A.06.29 [Oct 18 2016] tells me libtool: compile: /opt/aCC/bin/aCC -Ae -g -I../../include -I../../include -I/opt/ports/include -DLDAP_LIBRARY -c cyrus.c -DPIC -o .libs/cyrus.o "cyrus.c", line 420: error #3143: arithmetic on pointer to void or function type memcpy( cb_data + plen, cbv.bv_val, cbv.bv_len ); ^ 1 error detected in the compilation of "cyrus.c". gmake[2]: *** [Makefile:434: cyrus.lo] Error 1 void pointer arithmetics is not valid/undefined and just a GNU extension supported by GCC or clang. I was able to reproduce this on FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303): osipovmi@deblndw011x:~/var/Projekte/openldap-2.6.3/libraries/libldap $ cc -std=c17 -I../../include -I../../include -I/usr/local/include -DLDAP_LIBRARY -c cyrus.c -o cyrus.o -pedantic -Werror cyrus.c:420:18: error: arithmetic on a pointer to void is a GNU extension [-Werror,-Wpointer-arith] memcpy( cb_data + plen, cbv.bv_val, cbv.bv_len ); ~~~~~~~ ^ 1 error generated. I am not a daily C hacker, but I guess cb_data needs to be typed to "unsigned char" just like data from sasl_channel_binding_t (https://github.com/cyrusimap/cyrus-sasl/blob/cb549ef71c5bb646fe583697ebdcab…). Or at least a malloc with an "unsigned char", save the pointer start address, copy the prefix, increment by prefix length, copy the channel binding value and then assign the pointer start address to the output struct. I will unset SASL_CHANNEL_BINDING for now since it is not required in your AD environment when SASL GSSAPI with minssf=1 is set. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9976] New: ldap_sasl_bind_s man page missing details on freeing the returned servercredp parameter
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9976 Issue ID: 9976 Summary: ldap_sasl_bind_s man page missing details on freeing the returned servercredp parameter Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: wmjchs(a)hotmail.com Target Milestone: --- Source code for ldap_sasl_bind_s shows that the parameter is to be freed via ber_bvfree when no longer used. (https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/…) However, the documentation (https://www.openldap.org/software/man.cgi?query=ldap_sasl_bind_s&apropos=0&…) makes no mention of this. The following sources also omitted this information: https://linux.die.net/man/3/ldap_sasl_bind_s https://www.ibm.com/docs/en/i/7.4?topic=ssw_ibm_i_74/apis/ldap_sasl_bind_s.… https://learn.microsoft.com/en-us/windows/win32/api/winldap/nf-winldap-ldap… While the following didn't: https://www.novell.com/documentation/developer/cldap/ldaplibc/data/a401rtp.… https://www.ibm.com/docs/en/zos/2.3.0?topic=routines-ldap-sasl-bind-ldap-sa… https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp57022 -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9957] New: slapo-dynlist manpage needs better description of dynlist-attrset
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9957 Issue ID: 9957 Summary: slapo-dynlist manpage needs better description of dynlist-attrset Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Each dynlist-attrset defines one of three distinct behaviours: - dynamic list (attributes are gathered from other entries) - dynamic group (DNs are gathered based on other entries) - static group (DNs are gathered based on DNs stored on entries) With the groups possibly being recursive, requiring traversal. Since the above do not mix, the documentation should be more explicit about how each one should look and behave. It should also be noted somewhere what happens (or not) when multiple dynlist-attrset stanzas would apply to the same entry. At that point, configuration code could also be made more strict to reject configurations that satisfy the apparent dynlist-attrset syntax but do not actually represent anything that fits just one of the above and is therefore nonsensical (with parts of it apparently ignored at runtime). With nonsensical configuration rejected, it would be possible to streamline internal dynlist structures and make critical parts of the overlay code more readable. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9941] New: back-asyncmeta(5) man page has incorrect information
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9941 Issue ID: 9941 Summary: back-asyncmeta(5) man page has incorrect information Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: nivanova(a)symas.com Target Milestone: --- Currently the man page states that asyncmeta selects the connection queue with the least number of pending operations as the next connection, but that was dropped a while ago, and the connections queues are selected round-robin. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9985] New: slapd-modules/passwd/totp does not build .so file
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9985 Issue ID: 9985 Summary: slapd-modules/passwd/totp does not build .so file Product: OpenLDAP Version: 2.6.3 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: bastian-bugopenldap21(a)t6l.de Target Milestone: --- I try to build the contrib module totp from openldap 2.6.3. The README states to run `make` in order to build the dynamic link-able .so file. It does not so on my test system (could be a flaw on the test system though). Many thanks, -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 9917] New: Remove -h and -p from options[] in client tools
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9917 Issue ID: 9917 Summary: Remove -h and -p from options[] in client tools Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: daniels.thomas(a)pm.me Target Milestone: --- Created attachment 914 --> https://bugs.openldap.org/attachment.cgi?id=914&action=edit patch for this issue The options -h and -p got removed from client tools (https://bugs.openldap.org/show_bug.cgi?id=8618). However, they were still present in the options[] array in several client tools source files. So, if one of those tools got executed with -h or -p followed by a value, this lead to the error "unrecognized option -", without mentioning which option was problematic. Removing 'h' and 'p' from options[] fixes this. This patch does that. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9908] New: LDAP* leak in slapd-tester children when retrying a bind
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9908 Issue ID: 9908 Summary: LDAP* leak in slapd-tester children when retrying a bind Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Happens in lloadd's test002 where the balancer routinely returns BUSY in response to a bind. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9860] New: ldapsearch memory leaks
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9860 Issue ID: 9860 Summary: ldapsearch memory leaks Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: hamano(a)osstech.co.jp Target Milestone: --- When using page control, The control value leaks with each goto getNextPage; loop due to `i` and `nctrl` step back. ``` 1114 getNextPage: ... 1124 save_nctrls = nctrls; 1125 i = nctrls; ``` ``` 1284 if ( ldap_create_page_control_value( ld, 1285 pageSize, &pr_cookie, &c[i].ldctl_value ) ) ``` ``` 1445 /* step back to the original number of controls, so that 1446 * those set while parsing args are preserved */ 1447 nctrls = save_nctrls; ``` ``` 1612 goto getNextPage; ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9926] New: Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9926 Issue ID: 9926 Summary: Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: ksmith(a)blackducksoftware.com Target Milestone: --- The current archive openldap-OPENLDAP_REL_ENG_2_5.tar.gz (downloaded 10/4/22) contains files that were included as invalid links. This causes errors when trying to unzip via 7zip or trying to scan with various software tools. The tar.gz is successfully expanded using "tar -xvzf" but the problem files do not exist. Error output in 7zip is: Can not create symbolic link: A required priviledge in not held by the client.: openldap-OPENLDAP_REL_ENG_2_5\servers\lloadd\design.md openldap-OPENLDAP_REL_ENG_2_5\servers\lloadd\nt_svc.c openldap-OPENLDAP_REL_ENG_2_5\tests\data\homedir\skel\directory\broken link openldap-OPENLDAP_REL_ENG_2_5\tests\data\homedir\skel\svmlink Bad file links in openldap-OPENLDAP_REL_ENG_2_5.tar.gz -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9900] New: configure.ac contains non-portable statement (bashism)
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9900 Issue ID: 9900 Summary: configure.ac contains non-portable statement (bashism) Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: michael.osipov(a)siemens.com Target Milestone: --- My shell on HP-UX tells me: ./configure[22349]: ==: A test command parameter is not valid. which is causes by > 2038 if test $ol_enable_slapd == no && test $ol_enable_balancer != yes ; then in configure.ac. Similar I have reported to BIND9: https://gitlab.isc.org/isc-projects/bind9/-/issues/2873. POSIX expects one equals sign. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9894] New: NetBSD build needs gmake, the default make utility does not have all the necessary features.
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9894 Issue ID: 9894 Summary: NetBSD build needs gmake, the default make utility does not have all the necessary features. Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: lucio.dere(a)gmail.com Target Milestone: --- Please include in your build instructions that NetBSD's "make" (bmake, I seem to recall) rejects some Makefile stuff (for the bare "make" command, "make depend" completed successfully). Perhaps configure can figure that out or just check for gmake and use it if found? I did not try "make test". -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9942] New: back-mdb fails to release Added entries
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9942 Issue ID: 9942 Summary: back-mdb fails to release Added entries Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Detected by valgrind on test002. Appears to be a regression since some time after ITS#7915. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9895] New: Increase max number of index DBs in back-mdb
by openldap-its＠openldap.org 09 Feb '23

09 Feb '23

https://bugs.openldap.org/show_bug.cgi?id=9895 Issue ID: 9895 Summary: Increase max number of index DBs in back-mdb Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- Currently there is a hardcoded limit of 128 index DBs in back-mdb. Some sites want more than this (although there's no evidence they actually use more than 128 attributes in all of their applications' search filters). For 2.5/2.6 we can simply double the constant. For 2.7 consider making it configurable. Note that increasing the number increases the size of an LMDB transaction structure, and also increases the time needed to initialize it whenever creating a transaction, so it's a bad idea to just set this to an arbitrarily large number. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs