- openldap-bugs - openldap.org

[Issue 9505] New: Should be admin guide section on logging detail
by openldap-its＠openldap.org 17 Mar '21

17 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9505 Issue ID: 9505 Summary: Should be admin guide section on logging detail Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Currently we do not document information about the log levels, particularly stats. For example, we don't document anywhere outside the slap.h header what time units etime and qtime use (microseconds). This would be helpful, since other directory servers use (and DOCUMENT) milliseconds. Overall it would likely be helpful to end users so they understand more about what the information stats logging is providing. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9449] New: When the "lockdetect" is setted in slapd.conf, the db deadlock detected policy is setted incorrected
by openldap-its＠openldap.org 16 Mar '21

16 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9449 Issue ID: 9449 Summary: When the "lockdetect" is setted in slapd.conf, the db deadlock detected policy is setted incorrected Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: li(a)lihaitao.cn Target Milestone: --- I have the "lockdetect random" setted in slapd.conf,the expected deadlock detected policy is "DB_LOCK_RANDOM" but I got the valude "DB_LOCK_EXPIRE". After many search of the source file, the lockdetect parse source is found on openldap-2.4.57\servers\slapd\back-bdb\config.c :Line 894-903 --------------------- case BDB_LOCKD: rc = verb_to_mask( c->argv[1], bdb_lockd ); if ( BER_BVISNULL(&bdb_lockd[rc].word) ) { fprintf( stderr, "%s: " "bad policy (%s) in \"lockDetect <policy>\" line\n", c->log, c->argv[1] ); return 1; } bdb->bi_lock_detect = (u_int32_t)rc; break; --------------------- After analyse the verb_to_mask's return value, the "rc" is the index of the bdb_lockd's setting items. So it can't be passwd to bi_lock_detect. The right value is The "bdb_lockd[rc].mask". I think it is a bug, my recommendation fix is like the next. bdb->bi_lock_detect = (u_int32_t)rc; -> bdb->bi_lock_detect = bdb_lockd[rc].mask; -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8996] Please supply a pkg-config file for libldap
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8996 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3eea13bd by Hugh McMaster at 2021-03-15T21:39:55+00:00 ITS#8996 - Generate and install a pkg-config file for the liblber library • baee6c47 by Hugh McMaster at 2021-03-15T21:39:55+00:00 ITS#8996 - Generate and install a pkg-config file for the libldap library -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 4e0f0a31 by Quanah Gibson-Mount at 2021-03-15T20:30:07+00:00 ITS#8889 - Clarify loglevel and debug level portions of admin guide. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 5f935298 by Tero Saarni at 2021-03-15T19:03:59+00:00 ITS#9419 fix comparison -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9419] New: Add support for HAProxy proxy protocol v2
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9419 Issue ID: 9419 Summary: Add support for HAProxy proxy protocol v2 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: henson(a)acm.org Target Milestone: --- Add support for the HAProxy proxy protocol v2: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt This will allow slapd to receive and act upon client addresses when operating behind a NAT'ing load balancer or proxy server which would otherwise obscure the true client address. Patch will be submitted as a pull request on gitlab. The submitted pull request is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the pull request were developed by Paul B. Henson <henson(a)acm.org> based on specifications and example code provided by HAProxy at the above listed URL. I have not assigned rights and/or interest in this work to any party. The modifications to OpenLDAP Software are subject to the following notice: Copyright 2020 Paul B. Henson Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9499] New: Clean up seqmod configure bits
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9499 Issue ID: 9499 Summary: Clean up seqmod configure bits Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- seqmod is an example overlay and is not meant to be used. configure needs to be adjusted for this fact. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9503] New: Openldap client is not populating GID name instead of it just getting GID with empty Group name
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9503 Issue ID: 9503 Summary: Openldap client is not populating GID name instead of it just getting GID with empty Group name Product: OpenLDAP Version: 2.4.54 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ramsy21(a)gmail.com Target Milestone: --- Created attachment 809 --> https://bugs.openldap.org/attachment.cgi?id=809&action=edit Openldap client is not populating GID name instead of it just getting GID with empty Group name Hi Team, we are using OpenLDAP 2.4.54 version on RHEL7.8 systems and these OpenLDAP servers are using backend Microsoft AD URI to load the User POSIX info. Clients are using SSSD software. On the client's side, we are seeing odd behavior of Group name. it's failing to fetch Group name while logging in to the LDAP clients. uid=1946***(balna**) gid=1478 groups=1478 we have to similar setup on two sites, One site is working fine and the second site is not working sure where is the exact problem both the sites' OpenLDAP configuration is intact and SSL certs are offloaded properly. the only difference I see no of clients connections the working one having fewer client around 25-30 in that site whereas non-working site OpenLDAP servers takes around 3K clients connections, I am not sure if any there is additional tuning required based on no of clients. i also checked limits 4K values set for nproc/nofile and i did not see any issue with limits. we have a similar working two sites setup of 2.4.36 on RHEL6 servers for the same no of clients and we are trying to migrate to RHEL7 with 2.4.54 version where we are seeing the issue. Can you please check and help us to see if similar kind of issue reported by any clients or any tuning in required ? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 8773] slapo-deref: man page and test suite needed
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8773 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 91a51591 by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00 ITS#8773 - Add slapo-deref.5 man page • 641ecb41 by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00 ITS#8773 - Add test for slapo-deref overlay • f2e6efed by Ondřej Kuzník at 2021-03-15T16:31:55+00:00 ITS#5768 Avoid extraneous newlines in deref printing -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 --- Comment #3 from tero.saarni(a)est.tech --- Sure, no problem! MR is here https://git.openldap.org/openldap/openldap/-/merge_requests/291 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.3 Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Can you please file an MR for this? Thanks! -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | Target Milestone|2.5.3 |2.6.0 --- Comment #22 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Clément OUDOT from comment #21) > Hello Howard, > > sadly we don't know how to reproduce the bug, but we know it happens as we > had some stack traces. > > I understand that this doesn't help for the resolution, but I think the bug > should remain open/active. If someone else faces the same problem, he could > add some information. Thanks Clément, I'm going to move the target to 2.6.0 for now, unless someone is able to provide a reproduction case. --Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review Group|OpenLDAP-devs | --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- beta releases are not production releases, no need for this to be private. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 14 Mar '21

14 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9098 --- Comment #21 from Clément OUDOT <clement.oudot(a)worteks.com> --- Hello Howard, sadly we don't know how to reproduce the bug, but we know it happens as we had some stack traces. I understand that this doesn't help for the resolution, but I think the bug should remain open/active. If someone else faces the same problem, he could add some information. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6830] slapo-ppolicy.5 has incorrect schema fragments
by openldap-its＠openldap.org 12 Mar '21

12 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6830 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 Keywords|OL_2_5_REQ, reviewed | Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8677] back-sock segfaults on CONTINUE (database sock)
by openldap-its＠openldap.org 12 Mar '21

12 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8677 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|reviewed | Target Milestone|2.4.53 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9101] man pages don't reflect some global options are actually global/database
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

1 0

[Issue 9101] man pages don't reflect some global options are actually global/database
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9101 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Actually the text in the man page covering these sections explicitly states they can be configured at the DB level as well. slapd.conf(5): Options described in this section apply to all backends, unless specifically overridden in a backend definition. slapd-config(5): Options in this section may be set in the special "frontend" database and inherited in all the other databases. These options may be altered by further settings in each specific database. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/287 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8742] slapd.conf/slapd-config divergence
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8742 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 2fcfeb83 by Quanah Gibson-Mount at 2021-03-11T19:24:25+00:00 ITS#8742 - Bring slapd.conf.5 and slapd-config.5 in sync -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- And to note, if compiled with the default options (--enable-debug=yes), the *loglevel* defaults to 256 (stats). -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8736] Add test script for cn=config replication using delta-sync
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8736 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/286 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9474] New: ldap_install_tls() should return meaningful error code
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9474 Issue ID: 9474 Summary: ldap_install_tls() should return meaningful error code Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- The description of my findings (take a note that these are OpenLDAP logs that happen under the application that uses libldap): [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_write: want=610, written=610 ... [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:SSLv3 flush data [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_read: want=5 error=Interrupted system call [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS: can't connect: . [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection 1 1 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_send_unbind [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ber_flush2: 7 bytes to sd 23 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 00 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_write: want=7, written=7 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 01 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection: actually freed So, 'error=Interrupted system call' is caught by this: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/liblber/… It is only the debug message that comes from the caller itself so we can see what is passed to OpenSSL. And 'Interrupted system call' is just an EINTR string representation. What we should do is to catch the error that OpenSSL returns to us after it is interrupted. As we can see from the logs: "libldap: TLS: can't connect: ." This line returns nothing: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… So 'ld->ld_error' is set to empty value. If we go deeper into the 'tls_imp->ti_session_errmsg' call we can reach the point where ERR_peek_error() is called: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… In the conclusion: ldap_install_tls() should return meaningful error code that would allow to figure out a reason for the failure, especially network IO fail due to EITR. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs