- openldap-bugs - openldap.org

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 23 Sep '21

23 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.1 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6097] MMR problems with deletes
by openldap-its＠openldap.org 23 Sep '21

23 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6097 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.0 |2.6.1 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9704] New: Failing Configuration of OpenLDAP
by openldap-its＠openldap.org 22 Sep '21

22 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9704 Issue ID: 9704 Summary: Failing Configuration of OpenLDAP Product: OpenLDAP Version: 2.5.7 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: narendra.challa(a)cscs.ch Target Milestone: --- Created attachment 845 --> https://bugs.openldap.org/attachment.cgi?id=845&action=edit Error Hi There, I am new to OpenLDAP and followed the steps mentioned in this quick start guide as it is https://www.openldap.org/doc/admin25/quickstart.html but failing the configuration of OpenLDAP. I followed the below steps on CentOS 8 with 2.5.7 and successfully installed but while configuring facing issues, please correct me if I am doing this in the wrong way. 1. Created a Linux user dedicated to OpenLDAP with the name "nchalla" which has sudo permissions. 2. Login with Root user and created a folder /u01 3. change permissions on /u01 (for time being granted 777 ( 4. change ownership of /u01 to "nchalla" 5. downloaded the tarball and extracted the OpenLDAP 2.5.7 7. downloaded the required developer libraries 8. Logged in as nchalla and navigated to the OpenLDAP 2.5.7 extracted folder and start compiling and installing with the below commands ./configure --prefix=/u01/ldap make depend make make test (all tests were passed) make install 9. Started the configuration following the below steps a. created a folder /u01/ldap/etc/slapd.d b. updated the slapd.ldif with our domain name c. navigate to /u01/ldap and executed the command below, sbin/slapadd -n 0 -F /u01/ldap/etc/slapd.d -l /u01/ldap/etc/openldap/slapd.ldif which is throwing error messages -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9701] New: OpenLDAP replica skips few items while synchronization
by openldap-its＠openldap.org 21 Sep '21

21 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9701 Issue ID: 9701 Summary: OpenLDAP replica skips few items while synchronization Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: mgkrishnan(a)gmail.com Target Milestone: --- I have an OpenLdap cluster with 6 nodes, when an item is added/deleted in the master, the synchronization kicks in and the changes are replicated to other slave nodes in the cluster, but sometimes one of the slave cluster nodes (the same node all the time) misses the updates and hence there is a difference between this slave node and the rest of the slave nodes and the master, so sometimes when the request goes to the unsynchronized slave it yields invalid results. In the problematic slave's ldap logs, there is no error information during this operation to the master which explains the miss, so cant figure out what has caused this problem, bringing down that slave and re-add does not help either. What could be the root cause of this issue ? -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #14 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/412 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9698] New: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9698 Issue ID: 9698 Summary: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend Product: OpenLDAP Version: 2.5.7 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- I have these databases: cn=config frontend,cn=config mdb/suffix o=A,cn=config mdb/suffix o=B,cn=confix slapd listens on port 389. I want to make sure, that • all requests to suffix o=A are served after STARTTLS, as these come from the wild internet. • all requests to suffix o=B do not have to utilize STARTTLS (ldaps), as these are local to the machine, and • if a request to the root DSE is made, without using STARTTLS, the client shall gets “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To enforce STARTTLS for suffix o=A I put there `olcSecurity: tls=1`. If I set dn: olcDatabase=frontend,cn=config olcAccess: to dn="" by tls_ssf=256 * read and the rootDSE is requested without STARTTLS, the result is just empty, rather than “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To get the “confidentiality required” for the root DSE I have to put dn: olcDatabase=frontend,cn=config olcSecurity: tls=1 or dn: cn=config olcSecurity: tls=1 It was unclear to me which one shall I use, but both serve the same purpose. Now, I want to enable no-STARTTLS to suffix o=B. I put there “olcSecurity: tls=0”. Irrespective, if only cn=config, or only olcDatabase=frontend,cn=config contain “olcSecurity: tls=1” the “olcSecurity: tls=0” in suffix o=B is not enacted. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Generally, it looks like this feature was implemented using slapd options and ignoring the slapd configured loglevel. This is problematic in that it: a) Breaks the longstanding expectation of being able to control logging via the loglevel/olcLogLevel settings in slapd.conf/cn=config b) Requires a restart to change the logging level c) Is going to be a multi-step issue on systemd based systems, as the debug level would need to be modified in the systemd overrides configuration file. I.e., one cannot simply do even a slapd restart to change the loglevel with this implementation. Generally expectation: a) loglevel continues to control logging b) it is possible to change the loglevel on the fly without restarting slapd c) It is not necessary to fiddle with the -d option to slapd to get logging. Setting -s 0 seems fine. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |--- Status|RESOLVED |CONFIRMED --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Unable to get this to work in master. Set up a generic slapd with cn=config Did an ldapmodify to set the logging options: ldapmodify -x -H ldapi:/// -D cn=config -w secret dn: cn=config changetype: modify add: olcLogFile olcLogFile: /var/symas/slapd.log - add: olcLogFileOnly olcLogFileOnly: TRUE - add: olcLogFileRotate olcLogFileRotate: 12 10 1 modifying entry "cn=config" Logfile is created, but nothing is logged to it. Restarted slapd, still nothing logged to it. Explicitly set the loglevel to stats sync Still nothing logged to it. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9697] New: healthcare software development
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9697 Issue ID: 9697 Summary: healthcare software development Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: ritesh.patil732(a)gmail.com Target Milestone: --- https://mobisoftinfotech.com/industry/healthcare-software-development -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 16 Sep '21

16 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- For reference, with the test008 config, timings for progs/slapd-tester -H ldap://:9011 -D cn=manager,dc=example,dc=com -w secret -d testdata -P progs -l 1000 -s0 -dnone 18.92 seconds -s0 -d256 23.37 seconds -s0 -d256 + rotate 27.00 seconds -s256 -dnone 45.33 seconds Logfile params were logfile testrun/logfile logfile-rotate 12 10 1 logfile-only true -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9464] New: Test suite file conf.sh tries to sed unused items
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9464 Issue ID: 9464 Summary: Test suite file conf.sh tries to sed unused items Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The conf.sh script tries to sed values that are not meant for replacement but instead are environment variables handled by run.in and defines.sh. This should be deleted from conf.sh -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9694] New: Can Delta-sync’s changelog be based on a sessionlog?
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9694 Issue ID: 9694 Summary: Can Delta-sync’s changelog be based on a sessionlog? Product: OpenLDAP Version: 2.5.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- In the replication terminology, the terms sessionlog and accesslog are used. sessionlog is created by the syncprov-overlay/syncprov-sessionlog directive; accesslog is created in first place by the accesslog overlay. Delta-syncrepl introduces an additional term: changelog. The example at https://www.openldap.org/devel/admin/replication.html#Delta-syncrepl%20Prov… uses accesslog for the changelog. The documentation is unclear, whether the changelog must be backed on accesslog-database, or it can be backed also on a sessionlog. (⇔Is delta-sync happy just with a sessionlog?) The documentation in slapo-syncprov(5) for syncprov-nopresent says “This value should only be set TRUE for a syncprov instance on top of a log database (such as one managed by the accesslog overlay).” Is sessionlog a log database? -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 7595] OpenLDAP lacks a ECDHE key generation callback
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=7595 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9687 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7595] OpenLDAP lacks a ECDHE key generation callback
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=7595 --- Comment #7 from Howard Chu <hyc(a)openldap.org> --- (In reply to Howard Chu from comment #1) > Some background info in this thread > http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA- > AES256-SHA384-td42229.html nabble.com seems to have reorganized their domains and the above URL is now broken. The same thread is available at https://www.mail-archive.com/openssl-users@openssl.org/msg69181.html > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8341] Matching rules for 'namingContexts'
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=8341 --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Re25: • 2a537ad0 by Ondřej Kuzník at 2021-09-14T16:17:45+00:00 ITS#8341 Allow normalised values for namingContexts in cn=monitor -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8341] Matching rules for 'namingContexts'
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=8341 --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE26: • ea92405a by Ondřej Kuzník at 2021-09-14T16:17:25+00:00 ITS#8341 Allow normalised values for namingContexts in cn=monitor -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8341] Matching rules for 'namingContexts'
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=8341 --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • bfe3d19e by Ondřej Kuzník at 2021-09-09T10:26:06+01:00 ITS#8341 Allow normalised values for namingContexts in cn=monitor -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9619] New: mdb_env_copy2 with MDB_CP_COMPACT in mdb.master3 produces corrupt mdb file
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9619 Issue ID: 9619 Summary: mdb_env_copy2 with MDB_CP_COMPACT in mdb.master3 produces corrupt mdb file Product: LMDB Version: 0.9.29 Hardware: All OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: kriszyp(a)gmail.com Target Milestone: --- When copying an LMDB database with mdb_env_copy2 with the MDB_CP_COMPACT with mdb.master3, the resulting mdb file seems to be corrupt and when using it in LMDB, I get segmentation faults. Copying without the compacting flag seems to work fine. I apologize, I know this is not a very good issue report, as I haven't had a chance to actually narrow this down to a more reproducible/isolated case, or look for how to patch. I thought I would report in case there are any ideas on what could cause this. The segmentation faults always seem to be memory write faults (as opposed to try fault on trying to read). Or perhaps the current backup/copying functionality is eventually going to be replaced by incremental backup/copying anyway (https://twitter.com/hyc_symas/status/1315651814096875520). I'll try to update this if I get a chance to investigate more, but otherwise feel free to ignore/consider low-priority since the work around is easy. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 6467] syncrepl enhancements
by openldap-its＠openldap.org 13 Sep '21

13 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6467 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE25: commit a00ec090bdcdfdb390ace2238f581ad147e5974f Author: Ondřej Kuzník <ondra(a)mistotebe.net> Date: Tue Jun 1 13:56:58 2021 +0100 ITS#6467 Free uuid list after we're finished -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6467] syncrepl enhancements
by openldap-its＠openldap.org 13 Sep '21

13 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6467 --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit 726a2031334d066a6e463d7b992b6ca7b390e631 Author: Ondřej Kuzník <ondra(a)mistotebe.net> Date: Tue Jun 1 13:56:58 2021 +0100 ITS#6467 Free uuid list after we're finished -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9571] New: Add Behera Draft 8 compatibility flag to ppolicy overlay
by openldap-its＠openldap.org 11 Sep '21

11 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9571 Issue ID: 9571 Summary: Add Behera Draft 8 compatibility flag to ppolicy overlay Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: mhardin(a)symas.com Target Milestone: --- The RFC for Behera Password Policy, Draft, 10 changes modification semantics of certain policy attributes from those that were in effect in Draft 8. To preserve compatibility with applications that depend on the Draft 8 semantics, a compatibility flag needs to be added to the ppolicy configuration that restores the Draft 8 semantics. -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 9608] New: slapo-syncprov: Replace op on olcSpSessionlog segfault
by openldap-its＠openldap.org 11 Sep '21

11 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9608 Issue ID: 9608 Summary: slapo-syncprov: Replace op on olcSpSessionlog segfault Product: OpenLDAP Version: 2.4.59 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- With the following Syncprov overlay configuration: dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcSyncProvConfig objectClass: olcOverlayConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 You can crash slapd with the following modification as the cn=config rootdn: dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config changetype: modify replace: olcSpSessionlog olcSpSessionlog: 10000 GDB backtrace shows: #0 0x00007f7b43f8b954 in sp_cf_gen (c=0x7f7b0761b450) at syncprov.c:3164 on = 0x55d6fb385b90 si = 0x55d6fb35c700 rc = 0 #1 0x000055d6fa4da4ec in config_modify_internal (ca=0x7f7b0761b450, rs=<optimized out>, op=<optimized out>, ce=<optimized out>) at bconfig.c:5773 vals = 0x7f7af8002680 nvals = 0x0 d = <optimized out> e = 0x55d6fb335a38 save_attrs = 0x55d6fb349498 a = 0x55d6fb350180 i = <optimized out> dels = 0x0 rc = <optimized out> oc_at = <optimized out> ct = 0x7f7b441970e0 <spcfg+64> nocs = 3 ptr = <optimized out> s = 0x0 deltail = 0x0 ml = 0x7f7af8102cd0 #2 config_back_modify (op=<optimized out>, rs=<optimized out>) at bconfig.c:5943 cfb = <optimized out> ce = <optimized out> last = 0x55d6fb387f30 ml = <optimized out> ca = {argc = 1, argv = 0x7f7af8103610, argv_size = 513, line = 0x0, tline = 0x0, fname = 0x55d6fa5f5a91 "slapd", lineno = 0, log = "olcSpSessionlog: value #0", '\000' <repeats 4098 times>, reply = {err = 0, msg = "modify/delete: olcSpSessionlog: no such attribute", '\000' <repeats 206 times>}, depth = 0, valx = -1, values = {v_int = 10000, v_uint = 10000, v_long = 10000, v_ulong = 10000, v_ber_t = 10000, v_string = 0x2710 <Address 0x2710 out of bounds>, v_bv = {bv_len = 10000, bv_val = 0x0}, v_dn = {vdn_dn = { bv_len = 10000, bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}, v_ad = 0x2710}, rvalue_vals = 0x0, rvalue_nvals = 0x0, op = 1, type = 2, ca_op = 0x7f7af80028f0, be = 0x55d6fb35c880, bi = 0x55d6fb385b90, ca_entry = 0x55d6fb335a38, ca_private = 0x0, cleanup = 0x0, table = Cft_Overlay} rdn = {bv_len = 10, bv_val = 0x55d6fb385d70 "olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config"} ptr = <optimized out> rad = 0x55d6fb31a570 do_pause = <optimized out> #3 0x000055d6fa508b89 in fe_op_modify (op=0x7f7af80028f0, rs=0x7f7b0761d860) at modify.c:303 update = <optimized out> repl_user = <optimized out> op_be = <optimized out> bd = 0x55d6fa87da80 <slap_frontendDB> textbuf = "\006\000\000\000y\000\000\000\001\000\000\000\300\000\000\000\000\000\000\000\020\001\000\000\000\000\000\000\000\000\000\000P\215.\373\326U\000\000 \307a\a{\177\000\000\006\000\000\000\000\000\000\000u\335P\372\326U\000\000`\330a\a{\177\000\000\344l\207\372\326U\000\000\005\000\000\000\000\000\000\000 \036\000\370z\177\000\000\017\000\000\000\000\000\000\000B[\233G{\177\000\000\064\000\000\000\000\000\000\000\000_Z\004\321WbM\300\307a\a{\177", '\000' <repeats 18 times>, "\320,\020\370z\177\000\000p]5\373\326U", '\000' <repeats 18 times>, "J\227P\372\326U\000\000\200\n\000\370z\177\000\000"... #4 0x000055d6fa50ab7d in do_modify (op=0x7f7af80028f0, rs=0x7f7b0761d860) at modify.c:177 dn = {bv_len = 51, bv_val = 0x7f7af8002867 "olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config"} textbuf = "olcSpSessionlog", '\000' <repeats 240 times> tmp = 0x0 #5 0x000055d6fa4f068c in connection_operation (ctx=ctx@entry=0x7f7b0761dad0, arg_v=arg_v@entry=0x7f7af80028f0) at connection.c:1182 rc = 80 cancel = <optimized out> op = 0x7f7af80028f0 rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = { r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = { r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} tag = 102 opidx = SLAP_OP_MODIFY conn = 0x55d6fb522120 memctx = 0x7f7af8000a80 memctx_null = 0x0 memsiz = 1048576 __PRETTY_FUNCTION__ = "connection_operation" #6 0x000055d6fa4f09fb in connection_read_thread (ctx=0x7f7b0761dad0, argv=0xb) at connection.c:1318 rc = <optimized out> cri = {op = 0x7f7af80028f0, func = 0x0, arg = 0x0, ctx = <optimized out>, nullop = <optimized out>} s = <optimized out> #7 0x00007f7b4937527a in ldap_int_thread_pool_wrapper (xpool=0x55d6fb3101d0) at tpool.c:696 pool = 0x55d6fb3101d0 task = 0x7f7b00000b40 work_list = <optimized out> ctx = {ltu_id = 140166381561600, ltu_key = {{ltk_key = 0x55d6fa4ee6a0 <conn_counter_init>, ltk_data = 0x7f7af8002710, ltk_free = 0x55d6fa4ee780 <conn_counter_destroy>}, {ltk_key = 0x55d6fa549200 <slap_sl_mem_init>, ltk_data = 0x7f7af8000a80, ltk_free = 0x55d6fa5490c0 <slap_sl_mem_destroy>}, {ltk_key = 0x55d6fa504fd0 <slap_op_free>, ltk_data = 0x0, ltk_free = 0x55d6fa504f30 <slap_op_q_destroy>}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 26 times>, {ltk_key = 0x0, ltk_data = 0x7f7b484ffd61 <_L_unlock_3056+19>, ltk_free = 0x0}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}}} kctx = <optimized out> keyslot = <optimized out> hash = <optimized out> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #8 0x00007f7b484feea5 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #9 0x00007f7b479bb9fd in clone () from /lib64/libc.so.6 No symbol table info available. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 6916] slapo-unique returns operations error when assertion control is used
by openldap-its＠openldap.org 11 Sep '21

11 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6916 --- Comment #14 from Mehmet gelisin <mehmetgelisin(a)aol.com> --- the following Syncprov overlay configuration: dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcSyncProvConfig objectClass: olcOverlayConfig http://www-look-4.com/ olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 http://www.compilatori.com/ You can crash slapd with the following modification as the cn=config rootdn: dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config changetype: modify replace: olcSpSessionlog http://www.wearelondonmade.com/ olcSpSessionlog: 10000 GDB backtrace shows: http://www.jopspeech.com/ #0 0x00007f7b43f8b954 in sp_cf_gen (c=0x7f7b0761b450) at syncprov.c:3164 on = 0x55d6fb385b90 si = 0x55d6fb35c700 rc = 0 http://joerg.li/ #1 0x000055d6fa4da4ec in config_modify_internal (ca=0x7f7b0761b450, rs=<optimized out>, op=<optimized out>, ce=<optimized out>) at bconfig.c:5773 vals = 0x7f7af8002680 nvals = 0x0 d = <optimized out> http://connstr.net/ e = 0x55d6fb335a38 save_attrs = 0x55d6fb349498 a = 0x55d6fb350180 i = <optimized out> dels = 0x0 rc = <optimized out> http://embermanchester.uk/ oc_at = <optimized out> ct = 0x7f7b441970e0 <spcfg+64> nocs = 3 ptr = <optimized out> s = 0x0 deltail = 0x0 ml = 0x7f7af8102cd0 http://www.slipstone.co.uk/ #2 config_back_modify (op=<optimized out>, rs=<optimized out>) at bconfig.c:5943 cfb = <optimized out> ce = <optimized out> last = 0x55d6fb387f30 ml = <optimized out> http://www.logoarts.co.uk/ ca = {argc = 1, argv = 0x7f7af8103610, argv_size = 513, line = 0x0, tline = 0x0, fname = 0x55d6fa5f5a91 "slapd", lineno = 0, log = "olcSpSessionlog: value #0", '\000' <repeats 4098 times>, reply = {err = 0, http://www.acpirateradio.co.uk/ msg = "modify/delete: olcSpSessionlog: no such attribute", '\000' <repeats 206 times>}, depth = 0, valx = -1, values = {v_int = 10000, v_uint = 10000, v_long = 10000, v_ulong = 10000, v_ber_t = 10000, v_string = 0x2710 <Address 0x2710 out of bounds>, v_bv = {bv_len https://waytowhatsnext.com/ = 10000, bv_val = 0x0}, v_dn = {vdn_dn = { bv_len = 10000, bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}, v_ad = 0x2710}, rvalue_vals = 0x0, rvalue_nvals = 0x0, op = 1, type = 2, https://www.webb-dev.co.uk/ ca_op = 0x7f7af80028f0, be = 0x55d6fb35c880, bi = 0x55d6fb385b90, ca_entry = 0x55d6fb335a38, ca_private = 0x0, cleanup = 0x0, table = Cft_Overlay} rdn = {bv_len = 10, bv_val = 0x55d6fb385d70 "olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config"} ptr = <optimized out> rad = 0x55d6fb31a570 do_pause = <optimized out> #3 0x000055d6fa508b89 in fe_op_modify (op=0x7f7af80028f0, rs=0x7f7b0761d860) at modify.c:303 http://www.iu-bloomington.com/ update = <optimized out> repl_user = <optimized out> op_be = <optimized out> bd = 0x55d6fa87da80 <slap_frontendDB> -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5555] authzTo ACL check for wrong principal
by openldap-its＠openldap.org 11 Sep '21

11 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=5555 --- Comment #19 from Mehmet gelisin <mehmetgelisin(a)aol.com> --- textbuf = "\006\000\000\000y\000\000\000\001\000\000\000\300\000\000\000\000\000\000\000\020\001\000\000\000\000\000\000\000\000\000\000P\215.\373\326U\000\000 http://www-look-4.com/ \307a\a{\177\000\000\006\000\000\000\000\000\000\000u\335P\372\326U\000\000`\330a\a{\177\000\000\344l\207\372\326U\000\000\005\000\000\000\000\000\000\000 \036\000\370z\177\000\000\017\000\000\000\000\000\000\000B[\233G{\177\000\000\064\000\000\000\000\000\000\000\000_Z\ http://www.compilatori.com/ 004\321WbM\300\307a\a{\177", '\000' <repeats 18 times>, "\320,\020\370z\177\000\000p]5\373\326U", '\000' <repeats 18 times>, "J\227P\372\326U\000\000\200\n\000\370z\177\000\000"... http://www.wearelondonmade.com/ #4 0x000055d6fa50ab7d in do_modify (op=0x7f7af80028f0, rs=0x7f7b0761d860) at modify.c:177 dn = {bv_len = 51, bv_val = 0x7f7af8002867 "olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config"} http://www.jopspeech.com/ textbuf = "olcSpSessionlog", '\000' <repeats 240 times> tmp = 0x0 #5 0x000055d6fa4f068c in connection_operation (ctx=ctx@entry=0x7f7b0761dad0, arg_v=arg_v@entry=0x7f7af80028f0) at connection.c:1182 http://joerg.li/ rc = 80 cancel = <optimized out> op = 0x7f7af80028f0 rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, http://connstr.net/ sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = { r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = { r_rspoid = 0x0, r_rspdata = 0x0}}, sr_flags = 0} http://embermanchester.uk/ tag = 102 opidx = SLAP_OP_MODIFY conn = 0x55d6fb522120 memctx = 0x7f7af8000a80 memctx_null = 0x0 memsiz = 1048576 __PRETTY_FUNCTION__ = "connection_operation" http://www.slipstone.co.uk/ #6 0x000055d6fa4f09fb in connection_read_thread (ctx=0x7f7b0761dad0, argv=0xb) at connection.c:1318 rc = <optimized out> cri = {op = 0x7f7af80028f0, func = 0x0, arg = 0x0, ctx = <optimized out>, nullop = <optimized out>} s = <optimized out> http://www.logoarts.co.uk/ #7 0x00007f7b4937527a in ldap_int_thread_pool_wrapper (xpool=0x55d6fb3101d0) at tpool.c:696 pool = 0x55d6fb3101d0 task = 0x7f7b00000b40 work_list = <optimized out> http://www.acpirateradio.co.uk/ ctx = {ltu_id = 140166381561600, ltu_key = {{ltk_key = 0x55d6fa4ee6a0 <conn_counter_init>, ltk_data = 0x7f7af8002710, ltk_free = 0x55d6fa4ee780 <conn_counter_destroy>}, {ltk_key = 0x55d6fa549200 <slap_sl_mem_init>, ltk_data = 0x7f7af8000a80, https://waytowhatsnext.com/ ltk_free = 0x55d6fa5490c0 <slap_sl_mem_destroy>}, {ltk_key = 0x55d6fa504fd0 <slap_op_free>, ltk_data = 0x0, ltk_free = 0x55d6fa504f30 <slap_op_q_destroy>}, { ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 26 times>, {ltk_key = 0x0, ltk_data = 0x7f7b484ffd61 <_L_unlock_3056+19>, ltk_free = 0x0}, { https://www.webb-dev.co.uk/ ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0}}} kctx = <optimized out> keyslot = <optimized out> hash = <optimized out> __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #8 0x00007f7b484feea5 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. http://www.iu-bloomington.com/ #9 0x00007f7b479bb9fd in clone () from /lib64/libc.so.6 No symbol table info available. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8962] Dead links in FAQ page "Where can I find listings of schema items?"
by openldap-its＠openldap.org 11 Sep '21

11 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=8962 --- Comment #5 from Mehmet gelisin <mehmetgelisin(a)aol.com> --- master: Commits: • 0ae71baf by Howard Chu at 2021-07-13T12:10:28+01:00 ITS#9608 fix delete of nonexistent sessionlog http://www-look-4.com/ RE25: Commits: • 11e0c783 by Howard Chu at 2021-07-13T15:04:31+00:00 ITS#9608 fix delete of nonexistent sessionlog http://www.compilatori.com/ RE24: Commits: • db23304b by Howard Chu at 2021-07-13T15:05:36+00:00 ITS#9608 fix delete of nonexistent sessionlog http://www.wearelondonmade.com/ master: Commits: • 0ae71baf by Howard Chu at 2021-07-13T12:10:28+01:00 http://www.jopspeech.com/ ITS#9608 fix delete of nonexistent sessionlog RE25: Commits: • 11e0c783 http://joerg.li/ by Howard Chu at 2021-07-13T15:04:31+00:00 ITS#9608 fix delete of nonexistent sessionlog RE24: http://connstr.net/ Commits: • db23304b by Howard Chu at 2021-07-13T15:05:36+00:00 ITS#9608 fix delete of nonexistent sessionlog master: Commits: • 0ae71baf by Howard Chu at 2021-07-13T12:10:28+01:00 ITS#9608 fix delete of nonexistent sessionlog http://embermanchester.uk/ RE25: Commits: • 11e0c783 by Howard Chu at 2021-07-13T15:04:31+00:00 ITS#9608 fix delete of nonexistent sessionlog http://www.slipstone.co.uk/ RE24: Commits: • db23304b by Howard Chu at 2021-07-13T15:05:36+00:00 ITS#9608 fix delete of nonexistent sessionlog http://www.logoarts.co.uk/ but unfortunatley the FAQ software breaks Apache when you try and delete an answer. I think the better solution is just to remove the FAQ software completely. I experimented a bit with a service file. It seems to work well with either Type=forking and NotifyAccess=all, or Type=notify and http://www.acpirateradio.co.uk/ ExecStart=slapd -d none. The latter (disabling forking) is definitely what systemd upstream recommends. In either case, MAINPID= didn't actually seem to help anything. NotifyAccess=main has a chicken-and-egg problem, because systemd needs to know the main PID in order for us to send it the message containing the PID! :) I think the only reasonable way to leave forking enabled https://waytowhatsnext.com/ would be to also require a PIDFile= setting, which solves that problem. But I'd rather sidestep the entire thing, omit MAINPID= as well, and Looking at the systemctl output I still think STATUS= is redundant and could be omitted. https://www.webb-dev.co.uk/ So I guess my recommendation for the notify call boils down to: rc = sd_notify( 1, "READY=1" ); and a slapd.service along the lines of: [Unit] Description=OpenLDAP server [Service] Type=notify ExecStart=%LIBEXECDIR%/slapd -h 'ldap:/// ldapi:///' -d0 [Install] WantedBy=multi-user.target (basically identical to the example in systemd.service(5).) Side note: the version message from slapd appears in the journal twice, once with the timestamp and once without... I experimented a bit with a service file. It seems to work well with either Type=forking and NotifyAccess=all, or Type=notify and ExecStart=slapd -d none. The latter (disabling forking) is definitely what systemd upstream recommends. In either case, MAINPID= didn't actually seem to help anything. NotifyAccess=main has a chicken-and-egg problem, because systemd needs to know the main PID in order for us to send it the message containing the PID! :) I think the only reasonable way to leave forking enabled http://www.iu-bloomington.com/ would be to also require a PIDFile= setting, which solves that problem. But I'd rather sidestep the entire thing, omit MAINPID= as well, and Looking at the systemctl output I still think STATUS= is redundant and could be omitted. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs