- openldap-bugs - openldap.org

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9347 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- https://git.openldap.org/ondra/openldap/-/tree/its9347 tries to add better logs and potentially above mentioned fallback, if that's found to be desirable. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)
by openldap-its＠openldap.org 24 Feb '21

24 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9347 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- This is certainly not an integer overflow of any kind, just an invalid policy, hence it is ignored and an error is logged. Whether that is a security issue is debatable, as every policy admin should make sure the policy they set is valid and is enforced correctly. As an aside, it might be worth trying to apply the default policy if a specified policy doesn't exist/doesn't validate, but that would be a change from existing behaviour as enshrined in the test suite. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #17 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Quanah Gibson-Mount from comment #16) > > - I get a segfault when my client first connects to slapd when I compile > > master branch with: Also please provide the exact configuration file or cn=config database you are testing with. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to David Coutadeur from comment #14) > Hello, > > I have made some progress in ppm integration, but I have some blocking > questions: > > - I suppose you want a merge request on openldap/openldap master branch and > not OPENLDAP_REL_ENG_2_5, am I right? Correct, all merges go against master. > - I get a segfault when my client first connects to slapd when I compile > master branch with: > Do you have the same error? Is this due to a specific option? I've not encountered any segfaults, so it may be a compile specific option. The master branch goes through constant CI/CD with the full test suite and is not exhibiting any problems. I will see if I can reproduce the issue with your specific compile options. > - I noticed nssov overlay does not compile correctly: there is a missing > #include <errno.h> somewhere, and other remaining bugs. Ok, feel free to open up issue reports about it. > - do you expect other integration things than the code deployed into > contrib/slapd-modules with an appropriate Makefile, README, LICENSE,...? Yes. > - about the Notice, I have made two separate files in the ppm directory: > LICENSE and NOTICES. The license is the OpenLDAP License. The notice is the > following: The IPR notification goes into this bug, not as a separate file. The LICENSE file itself sounds fine. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #15 from David Coutadeur <david.coutadeur(a)gmail.com> --- For reference, my merge request: https://git.openldap.org/openldap/openldap/-/merge_requests/252 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #14 from David Coutadeur <david.coutadeur(a)gmail.com> --- Hello, I have made some progress in ppm integration, but I have some blocking questions: - I suppose you want a merge request on openldap/openldap master branch and not OPENLDAP_REL_ENG_2_5, am I right? - I get a segfault when my client first connects to slapd when I compile master branch with: ``` ./configure --prefix=/usr/local/openldap --libdir=/usr/local/openldap/lib64 --enable-overlays --enable-modules --enable-dynamic=yes --with-tls=openssl --enable-debug --with-cyrus-sasl --enable-spasswd --enable-ppolicy --enable-crypt --enable-ldap -enable-slapi --enable-meta --enable-sock --enable-wrappers --enable-rlookups ``` Do you have the same error? Is this due to a specific option? ppm was working with my last test with Ondrej 6 month ago, so I suppose when this segfault is fixed it will work quite fast. - I noticed nssov overlay does not compile correctly: there is a missing #include <errno.h> somewhere, and other remaining bugs. - do you expect other integration things than the code deployed into contrib/slapd-modules with an appropriate Makefile, README, LICENSE,...? - about the Notice, I have made two separate files in the ppm directory: LICENSE and NOTICES. The license is the OpenLDAP License. The notice is the following: "The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2021 David Coutadeur Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License." Does it seem correct to you? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7262] slapo-ppolicy overlay cannot use a policy stored in a different backend from the account that it controls
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7262 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/250 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8950 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.1 |2.5.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7768 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- slapo-chain already says "All URIs not listed in the configuration are chained anonymously", works as designed. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8950 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Created attachment 797 --> https://bugs.openldap.org/attachment.cgi?id=797&action=edit Valgrind log This still happens, see attached valgrind.log -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9475] New: Add support for MAP_POPULATE
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9475 Issue ID: 9475 Summary: Add support for MAP_POPULATE Product: LMDB Version: unspecified Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: aa531811820(a)gmail.com Target Milestone: --- In some case (such as cloud computing platforms), the reading speed of large files is very fast while the small files is very slow, and we have enough memory, so we hope to prefetch the entire LMDB file into the memory during MMAP through the MAP_POPULATE flag . According to our test, this is faster than using readahead flag. Here are some test data: # mmap with no readahead read one sample: 0.2s total time: 4800s # mmap with readahead read one sample: 0.0001s~0.03s total time: 95.86s # mmap with MAP_POPULATE db init: 20s read one sample: 0.0001s total time: 78s -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 7343] slapo-dynlist does not include attributes of an entry containing objectClass of the dynlist attrset
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7343 --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- (In reply to openldap(a)stormcloud9.net from comment #3) > I think you might have missed the second half of the issue. > > ======== > > Now the documentation clearly states recursion is not allowed, so if cn=child > were to have a 'labeledURI', this labeledURI would not be expanded. But this > is > not what is being done here, cn=child has no labeledURI present. Irrelevant. > It also > behaves > perfectly fine if I pull the "objetClass: labeledURIObject" off cn=child. Yes, because it is the objectClass: labeledURIobject that is checked to determine whether a recursive query is occurring or not. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8820] ldap_get_attribute_ber() function needs to be documented
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8820 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|quanah(a)openldap.org |hyc(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8665] limits documentation update for glued databases
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8665 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Target Milestone|2.5.3 |2.5.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8665] limits documentation update for glued databases
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8665 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/249 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8464] Documentation for enabling monitoring via cn=config
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8464 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Target Milestone|2.5.3 |2.5.2 Keywords|has_patch, OL_2_5_REQ | --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/248 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #13 from David Coutadeur <david.coutadeur(a)gmail.com> --- Hi Quanah, Ok, thanks for the update, I will do as requested. David -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8255 --- Comment #3 from Michael Ströder <michael(a)stroeder.com> --- Hmm, AFAICS Target Milestone: 2.6.0 is pretty close to WON'T FIX. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8847 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Hi David, Please open a merge request at https://git.openldap.org with your 2.5 based module so it can be considered for inclusion in OpenLDAP 2.5. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8825] slapo-memberof: memberof-memberof-ad doesn't work correctly
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8825 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8825] slapo-memberof: memberof-memberof-ad doesn't work correctly
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

1 0

[Issue 8751] deref aliases with back meta goes wrong in db_cache_find_ndn()
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8751 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs