- openldap-bugs - openldap.org

[Issue 9781] New: regression test its4448 assertion
by openldap-its＠openldap.org 20 Jan '22

20 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9781 Issue ID: 9781 Summary: regression test its4448 assertion Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Starting with OpenLDAP 2.5, the ITS4448 regression case no longer passes and instead triggers an assertion: slapd: request.c:1672: ldap_find_request_by_msgid: Assertion `lr->lr_refcnt == 0' failed. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 9760] New: back-wt is not set "SLAP_DBFLAG_CLEAN"
by openldap-its＠openldap.org 20 Jan '22

20 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9760 Issue ID: 9760 Summary: back-wt is not set "SLAP_DBFLAG_CLEAN" Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hamano(a)osstech.co.jp Target Milestone: --- https://github.com/osstech-jp/openldap/issues/10 yasumatk says: > If "SLAP_DBFLAG_CLEAN" is not set for a backend database, the initialization process of the syncprov overlay reads all entries in the backend database. As a result, slapd startup time will increase on the back-wt database with a large number of entries. So, back-wt should be set "SLAP_DBFLAG_CLEAN" in back-wt/init.c. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9753] New: back-mdb index incorrect on modify/replace
by openldap-its＠openldap.org 20 Jan '22

20 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9753 Issue ID: 9753 Summary: back-mdb index incorrect on modify/replace Product: OpenLDAP Version: 2.4.6 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: hyc(a)openldap.org Target Milestone: --- When doing a modify/replace on an indexed attribute, back-mdb only deletes the old values from the index and doesn't add the new values into the index. -- You are receiving this mail because: You are on the CC list for the issue.

1 24

[Issue 9783] New: Error ldap_bind: Invalid credentials (49)
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9783 Issue ID: 9783 Summary: Error ldap_bind: Invalid credentials (49) Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: raphael.santos(a)enkel.com.br Target Milestone: --- Hello everyone, everything good? I'm having trouble making my migration. I'm migrating from the OUD tool to Openldap, but when I export a user from the OUD it comes with the password key SSHA512, and when I import it into Openldap it can't decrypt, I've read several forums but so far without success. I tried to import the module slapd-sha2.so, pw-sha2.so. Does anyone have any tips? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.1 |2.6.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7080] post read control in back-config
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=7080 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 67f7f98c by Ondřej Kuzník at 2022-01-18T18:31:32+00:00 ITS#7080 Fix debug message • a6c110d1 by Ondřej Kuzník at 2022-01-18T18:31:32+00:00 ITS#7080 cn=config postread support for modrdn when back-ldif not used RE26: • 4bf68b2c by Ondřej Kuzník at 2022-01-18T23:08:53+00:00 ITS#7080 Fix debug message • 441d54ad by Ondřej Kuzník at 2022-01-18T23:08:59+00:00 ITS#7080 cn=config postread support for modrdn when back-ldif not used -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8039] syncprov memory leak
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=8039 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 6ccc0974 by Ondřej Kuzník at 2022-01-18T16:46:09+00:00 ITS#8039 Free resinfo even if opcookie is the last owner re26: • c1f4072c by Ondřej Kuzník at 2022-01-18T23:07:06+00:00 ITS#8039 Free resinfo even if opcookie is the last owner re25: • cbc06de6 by Ondřej Kuzník at 2022-01-18T23:07:47+00:00 ITS#8039 Free resinfo even if opcookie is the last owner -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5972] Send newCookie sync info messages
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=5972 --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 4b18c2be by Ondřej Kuzník at 2022-01-18T03:34:27+00:00 ITS#5972 Consider all deletes for syncInfo messages RE26: • 329c92bd by Ondřej Kuzník at 2022-01-18T23:00:30+00:00 ITS#5972 Consider all deletes for syncInfo messages -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7239] slapo-accesslog: not all write operations logged with 'logops all'
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=7239 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |PARTIAL Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7239] slapo-accesslog: not all write operations logged with 'logops all'
by openldap-its＠openldap.org 19 Jan '22

19 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=7239 --- Comment #14 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 7e923c72 by Ondřej Kuzník at 2022-01-18T20:11:46+00:00 ITS#7239 Do not log internal ops -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5972] Send newCookie sync info messages
by openldap-its＠openldap.org 13 Jan '22

13 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=5972 --- Comment #6 from Ondřej Kuzník <ondra(a)mistotebe.net> --- If a Delete touches an entry not matching search filter, syncprov will not send out a new cookie to that consumer. Fixed in MR!471: https://git.openldap.org/openldap/openldap/-/merge_requests/471 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9538] New: Accesslog entryCSN ordering is not always monotonous
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9538 Issue ID: 9538 Summary: Accesslog entryCSN ordering is not always monotonous Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- For delta-sync replication, we rely on CSN order being preserved at all times. When logops includes anything more than "writes", we don't use li_op_rmutex to maintain serialisation. A concurrent write and another operation (like bind) can have the write have its csn assigned before the bind. But before the write finishes on the main DB and is logged, the bind has already hit accesslog. This entry out of order doesn't match the usual filter, so non-persist sessions will not notice, however running persist sessions could get a new cookie sent, depending on how things are ordered when they hit syncprov. A sample: ---- 8< ---- Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 ADD dn="uid=dm01-R1H2-41660,ou=People,dc=example,dc=com" Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 syncprov_matchops: recording uuid for dn=reqStart=20210426195604.000350Z,cn=accesslog on opc=0x7d3d2800dc50 Apr 26 19:56:04 localhost slapd[43930]: slap_get_csn: conn=1003 op=42 generated new csn=20210426195604.556053Z#000000#002#000000 manage=1 Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x7d3d38148f60 20210426195604.556053Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 BIND dn="dc=example,dc=com" method=128 Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 BIND dn="dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=256 Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 RESULT tag=105 err=0 qtime=0.005874 etime=0.015182 text= Apr 26 19:56:04 localhost slapd[43930]: slap_get_csn: conn=1005 op=1 generated new csn=20210426195604.558683Z#000000#002#000000 manage=1 Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x561f09113f80 20210426195604.558683Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 syncprov_matchops: recording uuid for dn=reqStart=20210426195604.000364Z,cn=accesslog on opc=0x561f0900fcf0 Apr 26 19:56:04 localhost slapd[43930]: conn=1002 op=2 syncprov_qresp: set up a new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: conn=1001 op=2 syncprov_qresp: set up a new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: conn=1000 op=2 syncprov_qresp: set up a new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing 0x561f09113f80 20210426195604.558683Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 RESULT tag=97 err=0 qtime=0.000020 etime=0.004297 text= Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x7d3d38148250 20210426195604.556053Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing 0x7d3d38148250 20210426195604.556053Z#000000#002#000000 Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing 0x7d3d38148f60 20210426195604.556053Z#000000#002#000000 ---- 8< ---- Example entries in the order slapcat sees them: ---- 8< ---- dn: reqStart=20210426195604.000364Z,cn=accesslog objectClass: auditBind reqStart: 20210426195604.000364Z reqEnd: 20210426195604.000365Z reqType: bind entryCSN: 20210426195604.558683Z#000000#002#000000 dn: reqStart=20210426195604.000351Z,cn=accesslog objectClass: auditAdd reqStart: 20210426195604.000351Z reqEnd: 20210426195604.000366Z reqType: add entryCSN: 20210426195604.556053Z#000000#002#000000 ---- 8< ---- -- You are receiving this mail because: You are on the CC list for the issue.

1 20

[Issue 7080] post read control in back-config
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=7080 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 2bf59ff6 by Ondřej Kuzník at 2022-01-06T03:05:45+00:00 ITS#7080 Find config entry before processing pre-read on delete RE26: • cf2a4a60 by Ondřej Kuzník at 2022-01-12T22:38:11+00:00 ITS#7080 Find config entry before processing pre-read on delete -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9768] New: slapo-translucent handling of deletion of multi-valued configuration attributes removes wrong value from list
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9768 Issue ID: 9768 Summary: slapo-translucent handling of deletion of multi-valued configuration attributes removes wrong value from list Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- If olcTranslucentLocal/olcTranslucentRemote is passed multiple attribute names in a single value that (or one further down the list) is later removed, the overlay doesn't handle its removal correctly. We should encourage users to provide a single attribute name per value, just like we do in EMIT for those provided in slapd.conf. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9767] New: slapo-unique handling of deletion of multi-valued configuration attributes removes wrong value from list
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9767 Issue ID: 9767 Summary: slapo-unique handling of deletion of multi-valued configuration attributes removes wrong value from list Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- If olcUniqueIgnore/olcUniqueAttribute is passed multiple names in a single value that is later removed, the overlay doesn't handle its removal correctly. We should encourage users to provide a single attribute name per value, just like we do in EMIT for those provided in slapd.conf. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9556] New: slapd-config should return invalidAttributeSyntax if parsing schema description fails
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9556 Issue ID: 9556 Summary: slapd-config should return invalidAttributeSyntax if parsing schema description fails Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- I'm currently testing error handling and interacting with LDAP clients (e.g. my web2ldap). Sending an invalid attribute type description results in an error (as expected) returned by slapd-config: RESULT tag=103 err=80 qtime=0.000032 etime=0.001271 text=olcAttributeTypes: Unexpected token before SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) But result code other(80) seems not very useful. It's too unspecific to decide on specific error handling. It would be much more useful if slapd-config returns invalidAttributeSyntax(21) in this case. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9576] New: Add ConfigTable link into ConfigArgs
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9576 Issue ID: 9576 Summary: Add ConfigTable link into ConfigArgs Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: enhancement Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- Would make it possible to examine defaults if necessary. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9729] New: Allow setting multiprovider before adding syncrepl stanzas
by openldap-its＠openldap.org 12 Jan '22

12 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9729 Issue ID: 9729 Summary: Allow setting multiprovider before adding syncrepl stanzas Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- It should be possible to set multiprovider first, avoiding the window of the DB being read-only while performing an online upgrade of a single provider to an MPR set up and generally simplifying configuration. Instead, the only requirement should be that serverID has been explicitly set (hopefully != 0). -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 10 Jan '22

10 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.2 |2.6.1 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9778] New: Can't find the back-xxx.la libraries
by openldap-its＠openldap.org 06 Jan '22

06 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9778 Issue ID: 9778 Summary: Can't find the back-xxx.la libraries Product: OpenLDAP Version: 2.6.0 Hardware: Other OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: burt.stampfl(a)amsc.com Target Milestone: --- Created attachment 870 --> https://bugs.openldap.org/attachment.cgi?id=870&action=edit Output from the build steps I described in the 'description' above. Hi, I'm new to OpenLDAP. Pulled down the current 2.6 release to a Debian target and am having trouble figuring out how to build the backend modules for dynamic use. What I did: 1. Downloaded openldap-2.6.0.tgz and extracted the source on my Debian target. 2. configured the 'build' via (output indicated it was successful) : ./configure --enable-sql=no --enable-wt=no --enable-spasswd=yes --enable-passwd=yes --enable-perl=yes --enable-crypt=yes --enable-ldap=yes --enable-slapd=yes --enable-ppolicy=yes --enable-otp=yes --enable-auditlog=yes --enable-modules=yes --with-cyrus-sasl=yes 3. ran 'make depend' (output indicated it was successful). 4. ran 'make' (output indicated it was successful). 5. ran the tests via 'env SLAPD_DEBUG=1 make test' (output indicated it was successful). 6. Installed it via 'su root -c 'make install' I was able to pretty easily get the slapd server running, create a database (mdb) add users, etc, and access via a remote client. Once I was able to do that I wanted to enable the ppolicy backend/overlay and have not been able to get this to work. Looking online it appears I need some 'backend' modules like back-mdb.la, ppolicy.la, etc and I cannot find them anywhere in my build tree. I had thought the --enable-xxx directives I used in the config step would have forced this to build them, but I guess not. How do I create these dynamic backend modules and is there any documentation on how to use them in the newer dynamic configuration schema ? I've attached a file with the output from the steps I performed above. Thank you Burt -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 8988] Undefined Behavior in slapadd
by openldap-its＠openldap.org 06 Jan '22

06 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=8988 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |INVALID -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8988] Undefined Behavior in slapadd
by openldap-its＠openldap.org 06 Jan '22

06 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=8988 --- Comment #23 from Howard Chu <hyc(a)openldap.org> --- > Running slapadd to build slapd database... ../../../libraries/liblmdb/mdb.c:7544:26: runtime error: member access within misaligned address 0x0000023fe67a for type 'struct MDB_page', which requires 8 byte alignment 0x0000023fe67a: note: pointer points here 00 00 00 00 03 00 00 00 00 00 00 00 00 00 52 00 10 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 The code in question is accessing an unsigned short on a 2 byte boundary. I.e., its alignment is correct. UBsan is incorrect here. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9775] New: fresh git clone will not build
by openldap-its＠openldap.org 04 Jan '22

04 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9775 Issue ID: 9775 Summary: fresh git clone will not build Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: nick(a)folino.us Target Milestone: --- git clone https://git.openldap.org/openldap/openldap.git cd openldap ./configure make depend Entering subdirectory tests make[1]: Entering directory 'openldap/tests' Making depend in openldap/tests Entering subdirectory modules make[2]: Entering directory 'openldap/tests/modules' make[2]: *** No rule to make target 'depend'. Stop. make[2]: Leaving directory 'openldap/tests/modules' make[1]: *** [Makefile:430: depend-common] Error 1 make[1]: Leaving directory 'openldap/tests' make: *** [Makefile:356: depend-common] Error 1 -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9774] New: Add and maintain file CHANGES for 2.6.x
by openldap-its＠openldap.org 04 Jan '22

04 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9774 Issue ID: 9774 Summary: Add and maintain file CHANGES for 2.6.x Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- In opposite to rel eng branches for 2.4.x and 2.5.x the branch for 2.6.x is still missing a CHANGES files. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9773] New: slapo-allowed should also list "operational" attributes
by openldap-its＠openldap.org 03 Jan '22

03 Jan '22

https://bugs.openldap.org/show_bug.cgi?id=9773 Issue ID: 9773 Summary: slapo-allowed should also list "operational" attributes Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: contrib Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- When using slapo-allowed a client may disable input fields for attributes not listed in 'allowedAttributesEffective'. This helps the user to understand that he/she should not even try to modify the attribute (better UX). But slapo-allowed never shows operational attributes in allowedAttributesEffective. In most use-cases this is understandable but there are some nice use-cases (e.g. setting pwdPolicySubentry) where it should be possible for the client to display an enabled input field even for operational attributes. See also: * Discussion in ITS#9671 * https://code.stroeder.com/ldap/web2ldap/issues/24 -- You are receiving this mail because: You are on the CC list for the issue.

1 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs