- openldap-bugs - openldap.org

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #38 from Howard Chu <hyc(a)openldap.org> --- (In reply to HoweverAT from comment #37) > (In reply to Howard Chu from comment #36) > > Since I've just been tinkering with debug output, this came to mind. With > > this patch, it would be a good idea to add the locally bound IP:port to the > > debug output somewhere, e.g. in ldap_dump_connection. Should probably use > > the recently added lutil_sockaddrstr, and that function likely should be > > moved into ldap_pvt_ instead of lutil. > > Hello, > > thank you for your input. > > I tried to add to ldap_dump_connection( see the "from" part, which is always > printed out independet of ) > > e.g. Output: > ** ld 0x55974c710680 Connections: > * host: localhost port: 389 (default) > * from: IP=127.0.0.1:33676 > refcnt: 2 status: Connected > last used: Tue Mar 9 12:01:18 2021 > > > ** ld 0x55974c710680 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x55974c710680 request count 1 (abandoned 0) > ** ld 0x55974c710680 Response Queue: > Empty > ld 0x55974c710680 response count 0 > > I tried to add to ldap_dump_connection the "from" part which is always > output regardless of the new SOCKET_BIND_ADDRESSES option > > If this ok, i could provide a patch for it tomorrow :) Yes, this is what I had in mind, thanks. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Assignee|ondra(a)mistotebe.net |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #37 from HoweverAT <laeufer4321(a)gmx.at> --- (In reply to Howard Chu from comment #36) > Since I've just been tinkering with debug output, this came to mind. With > this patch, it would be a good idea to add the locally bound IP:port to the > debug output somewhere, e.g. in ldap_dump_connection. Should probably use > the recently added lutil_sockaddrstr, and that function likely should be > moved into ldap_pvt_ instead of lutil. Hello, thank you for your input. I tried to add to ldap_dump_connection( see the "from" part, which is always printed out independet of ) e.g. Output: ** ld 0x55974c710680 Connections: * host: localhost port: 389 (default) * from: IP=127.0.0.1:33676 refcnt: 2 status: Connected last used: Tue Mar 9 12:01:18 2021 ** ld 0x55974c710680 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x55974c710680 request count 1 (abandoned 0) ** ld 0x55974c710680 Response Queue: Empty ld 0x55974c710680 response count 0 I tried to add to ldap_dump_connection the "from" part which is always output regardless of the new SOCKET_BIND_ADDRESSES option If this ok, i could provide a patch for it tomorrow :) -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9495 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #36 from Howard Chu <hyc(a)openldap.org> --- Since I've just been tinkering with debug output, this came to mind. With this patch, it would be a good idea to add the locally bound IP:port to the debug output somewhere, e.g. in ldap_dump_connection. Should probably use the recently added lutil_sockaddrstr, and that function likely should be moved into ldap_pvt_ instead of lutil. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

1 0

[Issue 8682] Malformatted man pages on AIX
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|quanah(a)openldap.org |bugs(a)openldap.org Keywords|needs_review | Target Milestone|2.5.3 |--- --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Patch welcome -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8682] Malformatted man pages on AIX
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Malformatted man pages on |Malformatted man pages on |AIX and Solaris |AIX -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #8 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- Sorry for not using the right forum. I will use a more appropriate mailing list in the future. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #7 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Mon, Mar 08, 2021 at 12:30:55PM +0000, openldap-its(a)openldap.org wrote: > --- Comment #6 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- > It seems cancel is not very useful if one cannot cancel itself and other thread > can not cancel over same connection until the thread which performs the > cancelled operation timeout either during the operation itself or during > ldap_result, or doing the polling while waiting for ldap_result. Once you have > timed out, there is no need to cancel, isn't it? This bug tracker is not for usage questions, these should be posted to the appropriate mailing list, usually openldap-technical. None of what you're asking for would have worked if the thread calling ldap_result were to release its locks anyway. You can still send a cancel exop and you will get a response to both, if you require that the other thread be notified immediately, you need to do that in your own application as libldap has never had such ambitions. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #6 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- It seems cancel is not very useful if one cannot cancel itself and other thread can not cancel over same connection until the thread which performs the cancelled operation timeout either during the operation itself or during ldap_result, or doing the polling while waiting for ldap_result. Once you have timed out, there is no need to cancel, isn't it? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #5 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- Thanks for the explanation. What you are saying is that operations over same connection needs to be serialized among threads if not doing what you suggested. Is that correct? So if the application needs to do different operations over same connection among thread it needs to do the following: do async operation get fd do select/poll on the fd do ldap_result with 0 timeout And since every operation involves ldap_send_initial_request even the timeout value specified for the operation itself has to be reasonable short enough to prevent same lock situation. For most part we can use different connections to perform various operations among threads except cancel has to be done over same connection. Is that assumption correct? Thanks! -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 07 Mar '21

07 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 HoweverAT <laeufer4321(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #803 is|0 |1 obsolete| | --- Comment #35 from HoweverAT <laeufer4321(a)gmx.at> --- Created attachment 804 --> https://bugs.openldap.org/attachment.cgi?id=804&action=edit Client Address Binding Option A new try. I also updated the patch against latest. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Lukas Wimmer laeufer4321(a)gmx.at. I have not assigned rights and/or interest in this work to any party. I, Lukas Wimmer, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 --- Comment #4 from gray(a)nxg.name <gray(a)nxg.name> --- > > * Each URI defines a set of object attributes > > * One can have multiple olcUniqueURI attributes, _each of which_ creates a > > 'domain' > > * This doesn't say what a 'domain' is > > > The concept of a "domain" is a key part of the mathematical concept of "sets". As this is clearly talking about sets, the definition of domain follows. We may be thinking of different set theories, but in the mathematical set theory I'm familiar with, there is no notion of 'domain'. Functions have domains, codomains and ranges which are each sets, but that is part of the theory of functions, not of sets. Not that it matters, because 'domain' has a variety of meanings in computing contexts, so it does no harm to be precise here. Since the text just above this in the manpage talks of 'scope', in a sense which appears to at least overlap with 'domain' here, I merely suggest that the text explain what it means by 'domain'. For concreteness, can I suggest: Each `unique_uri` option defines a 'uniqueness domain' consisting of the set of attributes which would be returned by the specified (RFC 4516) LDAP URI, or the union of the sets of attributes returned by the URIs, if there is more than one. The overlay ensures that no two attributes in this set have the same value. In a 'strict' uniqueness domain (when the keyword 'strict' is present), at most one attribute in the domain may have a null value; in a non-strict domain more than one attribute may have a null value. This uniqueness constraint is imposed independently for the attributes in each uniqueness domain. ...and delete the paragraph 'It is possible...' [If 'scope' is a different notion from 'domain', then the text might benefit from some clarification about what the difference is; if they are the same notion, then it might be useful to use the same term for both, or else the careful reader will worry that there is a distinction being made that they don't understand.] > > * It's not clear where the quotes go, when combining with 'strict' or > > 'ignore' > > (I guess "strict ldap://..."). > > * Can 'strict' or 'ignore' be combined with the second or subsequent URIs? > > > This is already explicitly answered in the man page: > > "Strictness applies to all URIs within a uniqueness domain" thus it must be combined with the full set of URIs in a given statement. True. As implied above, it might be useful to relocate the remark about what 'strict' means, but the answer to my question was indeed implicit in the text as it stands. To be clear, I reiterate that I'm not suggesting the text is inaccurate, simply that it is not as clear as it could be, and I wouldn't bother suggesting documentation edits if the OpenLDAP documentation were not already unusually high quality. Also, when I first read the manpage I largely got the point pretty quickly (it's not a complicated notion), and it's only when I re-read carefully that I started to have doubts. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8950 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #3) > Created attachment 797 [details] > Valgrind log > > This still happens, see attached valgrind.log Still not happening here. Attach a complete script to reproduce the issue. I just get an error message: 60439aa9 connection_get(15) 60439aa9 connection_get(15): got connid=1000 60439aa9 connection_read(15): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 29 02 01 03 66 0b 04 0)...f.. ldap_read: want=35, got=35 0000: 07 63 6e 3d 74 65 73 74 30 00 a0 17 30 15 04 0e .cn=test0...0... 0010: 31 2e 33 2e 36 2e 31 2e 31 2e 32 31 2e 32 01 01 1.3.6.1.1.21.2.. 0020: ff 04 00 ... ber_get_next: tag 0x30 len 41 contents: 60439aa9 op tag 0x66, time 1615043241 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 60439aa9 conn=1000 op=2 do_modify ber_scanf fmt ({m) ber: 60439aa9 conn=1000 op=2 do_modify: dn (cn=test) 60439aa9 => get_ctrls ber_scanf fmt ({m) ber: ber_scanf fmt (b) ber: ber_scanf fmt (m) ber: 60439aa9 => get_ctrls: oid="1.3.6.1.1.21.2" (critical) 60439aa9 <= get_ctrls: n=1 rc=0 err="" 60439aa9 >>> dnPrettyNormal: <cn=test> => ldap_bv2dn(cn=test,0) <= ldap_bv2dn(cn=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=test)=0 60439aa9 <<< dnPrettyNormal: <cn=test>, <cn=test> 60439aa9 conn=1000 op=2 modifications: 60439aa9 => mdb_entry_get: ndn: "cn=test" 60439aa9 => mdb_entry_get: oc: "(null)", at: "(null)" 60439aa9 mdb_dn2entry("cn=test") 60439aa9 => mdb_dn2id("cn=test") 60439aa9 <= mdb_dn2id: got id=0x1 60439aa9 => mdb_entry_decode: 60439aa9 <= mdb_entry_decode 60439aa9 mdb_entry_get: rc=0 60439aa9 mdb_modify: cn=test 60439aa9 send_ldap_result: conn=1000 op=2 p=3 60439aa9 send_ldap_result: err=0 matched="" text="" 60439aa9 ==> mdb_add: reqStart=20210306150721.000000Z,cn=log 60439aa9 oc_check_required entry (reqStart=20210306150721.000000Z,cn=log), objectClass "auditModify" 60439aa9 Entry (reqStart=20210306150721.000000Z,cn=log): object class 'auditModify' requires attribute 'reqMod' 60439aa9 mdb_add: entry failed schema check: object class 'auditModify' requires attribute 'reqMod' (65) 60439aa9 send_ldap_result: conn=1000 op=2 p=3 60439aa9 send_ldap_result: err=65 matched="" text="object class 'auditModify' requires attribute 'reqMod'" 60439aa9 send_ldap_response: msgid=3 tag=103 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 0000: 30 0c 02 01 03 67 07 0a 01 00 04 00 04 00 0....g........ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8415] Documentation has hard coded date
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8415 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 59a21512 by Quanah Gibson-Mount at 2021-03-06T00:39:22+00:00 ITS#8415 - Fix copyright update for all known cases -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8682] Malformatted man pages on AIX and Solaris
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Keywords|OL_2_5_REQ | --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/277 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to gray(a)nxg.name from comment #0) > I understand from this text the following: > > * One can specify multiple URIs in the value of a olcUniqueURI attribute. > I > _guess_ these can be space-separated, even though that isn't shown in this > syntax. This is a typo, which will be fixed. > * Each URI defines a set of object attributes > * One can have multiple olcUniqueURI attributes, _each of which_ creates a > 'domain' > * This doesn't say what a 'domain' is The concept of a "domain" is a key part of the mathematical concept of "sets". As this is clearly talking about sets, the definition of domain follows. > * If multiple URIs are specified in a 'domain' Again, this goes back to the mathematical concept of sets. > * It's not clear where the quotes go, when combining with 'strict' or > 'ignore' > (I guess "strict ldap://..."). > * Can 'strict' or 'ignore' be combined with the second or subsequent URIs? This is already explicitly answered in the man page: "Strictness applies to all URIs within a uniqueness domain" thus it must be combined with the full set of URIs in a given statement. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- These 3 searches should all have been logged: 6042bb16 conn=1001 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1001 op=1 p=3 6042bb16 conn=1001 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000202 nentries=1 text= 6042bb16 conn=1003 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1003 op=1 p=3 6042bb16 conn=1003 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000183 nentries=1 text= 6042bb16 conn=1005 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1005 op=1 p=3 6042bb16 conn=1005 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000008 etime=0.000093 nentries=1 text= -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- This regression test that was trivial to set up shows only bind ops in the resulting accesslog database: https://git.openldap.org/quanah/openldap/-/commit/d22d10ebd7cb216496fd8c3e6… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|quanah(a)openldap.org |ondra(a)mistotebe.net Keywords|OL_2_5_REQ, reviewed | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Trivial to reproduce. Only logs bind ops. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8773] slapo-deref: man page and test suite needed
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8773 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Keywords|OL_2_5_REQ | Ever confirmed|0 |1 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/275 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs