- openldap-bugs - openldap.org

[Issue 8659] accesslog man page updates
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8659 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Ever confirmed|0 |1 Target Milestone|2.5.3 |2.5.2 Status|UNCONFIRMED |IN_PROGRESS --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/254 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8454] slapo-auditlog man page needs some improvement
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8454 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #2) > https://git.openldap.org/openldap/openldap/-/merge_requests/254 Whoops that's for ITS#8659 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8454] slapo-auditlog man page needs some improvement
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8454 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.2 Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8454] slapo-auditlog man page needs some improvement
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8454 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/254 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8659] accesslog man page updates
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8659 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- reqEntryUUID was added in 4035016796f2d505d3b6885002339b8c20581ada -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7262] slapo-ppolicy overlay cannot use a policy stored in a different backend from the account that it controls
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7262 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 38ea26b3 by Ondřej Kuzník at 2021-02-24T22:15:48+00:00 ITS#7262 Retrieve the policy from the correct backend -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9293] New: slapo-ppolicy stores pwdGraceUseTime only with seconds
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9293 Issue ID: 9293 Summary: slapo-ppolicy stores pwdGraceUseTime only with seconds Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- If password is expired slapo-ppolicy can return the number of grace logins for changing own password (graceAuthNsRemaining). slapd derives graceAuthNsRemaining from number of pwdGraceUseTime values. But those timestamps are only stored with a granularity of a second. Thus multiple grace logins are possible within a second without decremeting graceAuthNsRemaining value. This is unexpected and also leads to absurd work-arounds when writing automated tests like this: https://gitlab.com/ae-dir/python-ldap0/-/blob/master/tests/test_ppolicy.py#… Either a real Integer counter should be used or fraction of seconds should be used in pwdGraceUseTime values. This is a similar problem like pwdFailureTime solved in ITS#7161. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 7596] slapo-ppolicy: OpenLDAP returning incorrect value for "graceAuthNsRemaining"
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7596 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7596] slapo-ppolicy: OpenLDAP returning incorrect value for "graceAuthNsRemaining"
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7596 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • d1799a50 by Ondřej Kuzník at 2021-02-24T17:03:22+00:00 ITS#7596 Report correct number of grace authentications left -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5365] Library symbol versioning or other help for library transitions
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=5365 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.3 Severity|normal |blocker -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5365] Library symbol versioning or other help for library transitions
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=5365 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |OL_2_5_REQ --- Comment #6 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Since we're about to release a new version and I think we're bumping ABI again, we should really get this in. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7259] slapo-policy count bytes not characters
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7259 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7259] slapo-policy count bytes not characters
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7259 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3925b8e0 by Ondřej Kuzník at 2021-02-24T13:19:40+00:00 ITS#7259 Clarify password length considerations -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #18 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #17) > (In reply to Quanah Gibson-Mount from comment #16) > > > > - I get a segfault when my client first connects to slapd when I compile > > > master branch with: > > Also please provide the exact configuration file or cn=config database you > are testing with. Additionally, file the fact it's crashing as its own issue with the above config as an attachment. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9347 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- https://git.openldap.org/ondra/openldap/-/tree/its9347 tries to add better logs and potentially above mentioned fallback, if that's found to be desirable. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9347 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- This is certainly not an integer overflow of any kind, just an invalid policy, hence it is ignored and an error is logged. Whether that is a security issue is debatable, as every policy admin should make sure the policy they set is valid and is enforced correctly. As an aside, it might be worth trying to apply the default policy if a specified policy doesn't exist/doesn't validate, but that would be a change from existing behaviour as enshrined in the test suite. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #17 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #16) > > - I get a segfault when my client first connects to slapd when I compile > > master branch with: Also please provide the exact configuration file or cn=config database you are testing with. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to David Coutadeur from comment #14) > Hello, > > I have made some progress in ppm integration, but I have some blocking > questions: > > - I suppose you want a merge request on openldap/openldap master branch and > not OPENLDAP_REL_ENG_2_5, am I right? Correct, all merges go against master. > - I get a segfault when my client first connects to slapd when I compile > master branch with: > Do you have the same error? Is this due to a specific option? I've not encountered any segfaults, so it may be a compile specific option. The master branch goes through constant CI/CD with the full test suite and is not exhibiting any problems. I will see if I can reproduce the issue with your specific compile options. > - I noticed nssov overlay does not compile correctly: there is a missing > #include <errno.h> somewhere, and other remaining bugs. Ok, feel free to open up issue reports about it. > - do you expect other integration things than the code deployed into > contrib/slapd-modules with an appropriate Makefile, README, LICENSE,...? Yes. > - about the Notice, I have made two separate files in the ppm directory: > LICENSE and NOTICES. The license is the OpenLDAP License. The notice is the > following: The IPR notification goes into this bug, not as a separate file. The LICENSE file itself sounds fine. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #15 from David Coutadeur <david.coutadeur(a)gmail.com> --- For reference, my merge request: https://git.openldap.org/openldap/openldap/-/merge_requests/252 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #14 from David Coutadeur <david.coutadeur(a)gmail.com> --- Hello, I have made some progress in ppm integration, but I have some blocking questions: - I suppose you want a merge request on openldap/openldap master branch and not OPENLDAP_REL_ENG_2_5, am I right? - I get a segfault when my client first connects to slapd when I compile master branch with: ``` ./configure --prefix=/usr/local/openldap --libdir=/usr/local/openldap/lib64 --enable-overlays --enable-modules --enable-dynamic=yes --with-tls=openssl --enable-debug --with-cyrus-sasl --enable-spasswd --enable-ppolicy --enable-crypt --enable-ldap -enable-slapi --enable-meta --enable-sock --enable-wrappers --enable-rlookups ``` Do you have the same error? Is this due to a specific option? ppm was working with my last test with Ondrej 6 month ago, so I suppose when this segfault is fixed it will work quite fast. - I noticed nssov overlay does not compile correctly: there is a missing #include <errno.h> somewhere, and other remaining bugs. - do you expect other integration things than the code deployed into contrib/slapd-modules with an appropriate Makefile, README, LICENSE,...? - about the Notice, I have made two separate files in the ppm directory: LICENSE and NOTICES. The license is the OpenLDAP License. The notice is the following: "The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2021 David Coutadeur Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License." Does it seem correct to you? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7262] slapo-ppolicy overlay cannot use a policy stored in a different backend from the account that it controls
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7262 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/250 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8950 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.1 |2.5.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7768 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- slapo-chain already says "All URIs not listed in the configuration are chained anonymously", works as designed. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs