- openldap-bugs - openldap.org

[Issue 8773] slapo-deref: man page and test suite needed
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8773 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=5768 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5768] [enhancement] add support for Dereference Control
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=5768 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8773 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8440] syncrepl improvements for delta-sync mmr
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8440 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8440] syncrepl improvements for delta-sync mmr
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8440 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8440] syncrepl improvements for delta-sync mmr
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8440 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |WORKSFORME Keywords|OL_2_5_REQ, replication, | |reviewed | --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- No longer appears to occur. "CSN too old" messages are limited to reqStart=XXX entries as they should be. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8742] slapd.conf/slapd-config divergence
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8742 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/274 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch, IPR_OK, |needs_review |OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #34 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to HoweverAT from comment #33) You will need to provide an IPR statement as per https://www.openldap.org/devel/contributing.html#notice for this patch to be looked at. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 05 Mar '21

05 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #4 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Thu, Mar 04, 2021 at 06:24:28PM +0000, openldap-its(a)openldap.org wrote: > --- Comment #2 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- > This used to work before #6672. The code used to unlock the ld_conn_mutex > before the select call. > > what if one thread is doing ldap_result with indefinite wait while other thread > is doing something, not necessary cancel, which also requires holding the > ld_conn_mutex lock? Are you saying no other thread is allowed to do anything > requiring the same ld_conn_mutex? You can't use the connection while another thread is waiting there (and holding the mutex), this is not how libldap works. What you can do is retrieve the fd with LDAP_OPT_DESC, wait until there's activity and then call ldap_result with a timeout set to 0 to see if you got what you were interested in. Then you're able to send more requests while waiting, from any thread you want as long as they're not stuck waiting on network. > If I can not use the same connection, how do I do multiple connections? Can I > cancel operations from different connection? Cancel and unbind operations can only stop the processing of a request sent over the same connection. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #33 from HoweverAT <laeufer4321(a)gmx.at> --- Hi, I would like to take over this task. @Ryan Tandy thank you for your great feedback, I have tried to work everything into the new patch. -whitespace style -sorted lists and typos -IPv6 ifdefs -useless comments -add initial NULLARG for new struct -ldap_set_option reset to default if invalue==NULL -ldap_validate_and_fill_sourceip moved to new position -inet_pton is only used if LDAP_PF_INET6 like in existing code -os-ip.c i didn't changed the position of the code. For me it was cleaner if we set address (local or remote) in one place Im not sure about the MinGW Compile Fix - part Is there an instruction how the mingw environment should be set up to retest it? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 HoweverAT <laeufer4321(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #803|Client Address Binding |client_address_binding_2021 description| |-03-05 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #32 from HoweverAT <laeufer4321(a)gmx.at> --- Created attachment 803 --> https://bugs.openldap.org/attachment.cgi?id=803&action=edit Client Address Binding -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8724] slapo-pcache truncates remote results
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8724 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 932d18fd by Quanah Gibson-Mount at 2021-03-04T21:44:38+00:00 ITS#8724 - Note that paged results is stripped -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WONTFIX |INVALID --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- The use case here is invalid, and the code prior to ITS#6672 was broken. There is nothing here to be fixed. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7990] (docs) Admin guide: bad link in password policy overlay section
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7990 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 76142803 by Quanah Gibson-Mount at 2021-03-04T20:43:08+00:00 ITS#7990 - add section on hashing cleartext passwords -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #2 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- This used to work before #6672. The code used to unlock the ld_conn_mutex before the select call. what if one thread is doing ldap_result with indefinite wait while other thread is doing something, not necessary cancel, which also requires holding the ld_conn_mutex lock? Are you saying no other thread is allowed to do anything requiring the same ld_conn_mutex? If I can not use the same connection, how do I do multiple connections? Can I cancel operations from different connection? Thanks for any feedback! -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9477] New: slapd on master branch segfaults at first connection establishment with an LDAP client
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9477 Issue ID: 9477 Summary: slapd on master branch segfaults at first connection establishment with an LDAP client Product: OpenLDAP Version: 2.5 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: david.coutadeur(a)gmail.com Target Milestone: --- Everything is in the title: slapd on master branch segfaults at first connection establishment with an LDAP client slapd-2.5.X-Devel Compilation options: ./configure --prefix=/usr/local/openldap --libdir=/usr/local/openldap/lib64 --enable-overlays --enable-modules --enable-dynamic=yes --with-tls=openssl --enable-debug --with-cyrus-sasl --enable-spasswd --enable-ppolicy --enable-crypt --enable-ldap -enable-slapi --enable-meta --enable-sock --enable-wrappers --enable-rlookups using default slapd.conf file: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/local/openldap/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # MDB database definitions ####################################################################### database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data # Indices to maintain index objectClass eq For information, I also converted this configuration into cn=config with the same result. some commands after installation: mkdir /usr/local/openldap/var/openldap-data chown -R ldap:ldap /usr/local/openldap Launch command: /usr/local/openldap/libexec/slapd -h 'ldap://*:389 ldaps://*:636' -f /usr/local/openldap/etc/openldap/slapd.conf -u ldap -g ldap -d -1 Establish connection with any client with manager credential on 389 port. Console output: 6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 slap_listener_activate(7): 6036a1a3 daemon: epoll: listen=7 busy 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 >>> slap_listener(ldap://*:389) 6036a1a3 daemon: accept() = 14 6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 daemon: epoll: listen=7 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 daemon: listen=7, new connection on 14 Erreur de segmentation -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9433] New: ldapsearch -Z fails to continue when StartTLS fails
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9433 Issue ID: 9433 Summary: ldapsearch -Z fails to continue when StartTLS fails Product: OpenLDAP Version: 2.4.56 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- Created attachment 783 --> https://bugs.openldap.org/attachment.cgi?id=783&action=edit ldapsearch debug log When -Z is passed to an OpenLDAP utility, it will try to establish a TLS connection with StartTLS, and in case it fails to do so it should continue without the TLS layer. OpenLDAP version: openldap-2.4.56-4.fc34.x86_64 (but it also doesn't work on older versions too) How reproducible: Always Steps to Reproduce: 1. Run `ldapsearch ...' against a server and see successful operation result. 2. Run `ldapsearch -Z ...' against a server whose certificate is not trusted (e.g. a hostname mismatch) and observe it fails to connect as in point 1. Actual results: ~~~ ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate # and it hangs there ~~~ Expected results: The line ~~~ ldap_result: Can't contact LDAP server (-1) ~~~ is not present and the utility successfully continues with plain LDAP protocol as expected. Additional info: I'm attaching a full debug log (-d -1) to this bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 8846] Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8846 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WONTFIX |INVALID Status|RESOLVED |VERIFIED --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Works as per RFC defined behavior -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8846] Patch to introduce new LDAP option to ignore hostname checking while verifying certificates in TLS mode
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

1 0

[Issue 5738] back-monitor: registering a new backend (via moduleload) should add the corresponding entry in cn=monitor
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=5738 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5738] back-monitor: registering a new backend (via moduleload) should add the corresponding entry in cn=monitor
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=5738 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8064 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8064] SIGSEGV in monitor-shutdown code
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8064 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=5738 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9489] New: Change UAF moto in documentation to "Naturally Inspiring"
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9489 Issue ID: 9489 Summary: Change UAF moto in documentation to "Naturally Inspiring" Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: jlrine2(a)alaska.edu Target Milestone: --- Created attachment 801 --> https://bugs.openldap.org/attachment.cgi?id=801&action=edit Included patch file fixing documentation error -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9488] New: Tomcat Application hangs when user tries to login via opendlap authentication
by openldap-its＠openldap.org 04 Mar '21

04 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9488 Issue ID: 9488 Summary: Tomcat Application hangs when user tries to login via opendlap authentication Product: OpenLDAP Version: 2.4.32 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: chandan.cse06217(a)gmail.com Target Milestone: --- Hi Experts, I am facing an issue often that my tomcat application hangs, when large no of users attempt login in short span of time authenticating via openLDAP. I have a mirror mode replication configured and writes are going to one of the slapd instance. Below is the stack trace: at com.sun.jndi.ldap.Connection.readReply(Connection.java:467) - locked <0x00000007505767c8> (a com.sun.jndi.ldap.LdapRequest) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:640) Issue goes away when i restart tomcat. Can you please advise. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs