- openldap-bugs - openldap.org

[Issue 9534] New: Persistent test043 failures
by openldap-its＠openldap.org 07 Jul '22

07 Jul '22

https://bugs.openldap.org/show_bug.cgi?id=9534 Issue ID: 9534 Summary: Persistent test043 failures Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- In testing current RE25 as of 4/23/2021 (73b2769d05529a7d474661023f2c4f3a931417b2) test043 is sporadically failing. Examining the testrun log, it appears replication never even initiated. -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 9877] New: Session Tracking failing to log IP addresses
by openldap-its＠openldap.org 05 Jul '22

05 Jul '22

https://bugs.openldap.org/show_bug.cgi?id=9877 Issue ID: 9877 Summary: Session Tracking failing to log IP addresses Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- From slapd log in master with session tracking enabled: 62c45cfe.3b59f358 0x7fa3b0aa8700 conn=1002 fd=15 ACCEPT from IP=127.0.0.1:58790 (IP=127.0.0.1:9012) 62c45cff.017af6f5 0x7fa3b0aa8700 conn=1002 op=1 [IP=[ USERNAME=cn=manager,dc=example,dc=com] modifications: 62c45cff.017b2c53 0x7fa3b0aa8700 conn=1002 op=1 [IP=[ USERNAME=cn=manager,dc=example,dc=com] MOD dn="cn=replicator,dc=example,dc=com" 62c45cff.017bb35e 0x7fa3b0aa8700 conn=1002 op=1 [IP=[ USERNAME=cn=manager,dc=example,dc=com] MOD attr=pwdLastSuccess Note the missing IP address. This works correctly in current 2.6.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9874] New: slapadd is returning garbage error data
by openldap-its＠openldap.org 05 Jul '22

05 Jul '22

https://bugs.openldap.org/show_bug.cgi?id=9874 Issue ID: 9874 Summary: slapadd is returning garbage error data Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- When slapadd encounters an error, instead of returning that error it is returning garbage text. Example: slapadd: could not add entry dn="olcDatabase={1}mdb,cn=config" (line=1119): #]I Note the: "#]I" If run with -d -1, we see the actual error is: mdb_db_init: Initializing mdb database olcDbDirectory: value #0: invalid path: No such file or directory slapadd: could not add entry dn="olcDatabase={1}mdb,cn=config" (line=1119): olcDbDirectory: value #0: invalid path: No such file or directory slapadd shutdown: initiated -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9642] New: Adding a task to runqueue doesn't wake the main thread
by openldap-its＠openldap.org 05 Jul '22

05 Jul '22

https://bugs.openldap.org/show_bug.cgi?id=9642 Issue ID: 9642 Summary: Adding a task to runqueue doesn't wake the main thread Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- If a connection adds a new syncrepl stanza, that is not started until the main thread comes around to doing it. However if that thread is currently stuck in SLAP_EVENT_WAIT() and nothing else happens (like an unbind over the connection that modified the config), the task is never started. This can take a long time. No idea yet how to wake it up with/from ldap_pvt_runqueue_insert() given that sits within libldap and not really something that should be calling slap_wake_listener(). -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9875] New: OpenLDAP 2.6 libldap_r.so is missing
by openldap-its＠openldap.org 05 Jul '22

05 Jul '22

https://bugs.openldap.org/show_bug.cgi?id=9875 Issue ID: 9875 Summary: OpenLDAP 2.6 libldap_r.so is missing Product: OpenLDAP Version: 2.6.2 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: andysyam61(a)gmail.com Target Milestone: --- OpenLDAP 2.6 libldap_r.so is missing https://github.com/python-ldap/python-ldap/issues/432 -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9468] New: slapd-ldap does anonymous bind even if rebind-as-user is set
by openldap-its＠openldap.org 30 Jun '22

30 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9468 Issue ID: 9468 Summary: slapd-ldap does anonymous bind even if rebind-as-user is set Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: tero.saarni(a)est.tech Target Milestone: --- When back-ldap retries bind operation after connection retry, it will do it as anonymous even if rebind-as-user is set to yes. Expected behavior is that (re)bind is done with user's credentials from the initial bind operation. I observed following (Warning: I might have understood details of the code incorrectly): When rebind-as-user is set and bind operation from client is processed, proxy will copy the credentials to ldapconn_t representing the remote LDAP connection. When remote LDAP connection is closed (e.g. by the proxy itself due to timeout), the bind credentials information is lost when freeing the old ldapconn_t. At this point, client still holds the connection to proxy and is unaware of the remote connection being lost. Proxy then re-establishes the connection and "synthetically" generates new bind itself, but since it does not have the credentials stored in memory anymore, it sends anonymous bind on behalf of the client. As a side effect, slapd currently crashes if remote server does not allow anonymous bind and responds with InvalidCredentials instead. The crash is due to assert(), which is handled in separate issue https://bugs.openldap.org/show_bug.cgi?id=9288 -- You are receiving this mail because: You are on the CC list for the issue.

1 12

[Issue 6166] Overlay/backend restructuring
by openldap-its＠openldap.org 29 Jun '22

29 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=6166 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- See also https://git.openldap.org/openldap/openldap/-/merge_requests/543#note_4422 for thoughts on ppolicy as well. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7468] ppolicy and rwm/relay segfaulting
by openldap-its＠openldap.org 29 Jun '22

29 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=7468 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9871 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind
by openldap-its＠openldap.org 24 Jun '22

24 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=7966 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind
by openldap-its＠openldap.org 24 Jun '22

24 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=7966 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also|https://bugs.openldap.org/s | |how_bug.cgi?id=9871 | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind
by openldap-its＠openldap.org 24 Jun '22

24 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=7966 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|6166 | Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE Target Milestone|2.7.0 |--- --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** This issue has been marked as a duplicate of issue 9871 *** Referenced Issues: https://bugs.openldap.org/show_bug.cgi?id=6166 [Issue 6166] Overlay/backend restructuring -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6166] Overlay/backend restructuring
by openldap-its＠openldap.org 24 Jun '22

24 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=6166 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|7966 | Referenced Issues: https://bugs.openldap.org/show_bug.cgi?id=7966 [Issue 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7966] OpenLDAP server 2.4.40 crashes with rwm and ppolicy overlay during bind
by openldap-its＠openldap.org 24 Jun '22

24 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=7966 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9871 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9862] New: segmentation fault in ldap_simple_bind_s and openssl
by openldap-its＠openldap.org 23 Jun '22

23 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9862 Issue ID: 9862 Summary: segmentation fault in ldap_simple_bind_s and openssl Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: atsoi(a)marklogic.com Target Milestone: --- We have segmentation fault when using ldap_simple_bind_s. The openldap version is 2.4.59 The openssl version is 1.0.2zd. 2021-05-09 01:11:22.021 Critical:+#5 0x00007f8f7212a038 in signalHandler(int, siginfo_t, void) () from /usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.282.b08-1.el7_9.x86_64/lib/amd64/server/libjvm.so 2021-05-09 01:11:22.021 Critical:+#6 2021-05-09 01:11:22.021 Critical:+#7 0x00007f8f78dc7f6e in BIO_set () from lib/libcrypto.so.1.0.0 2021-05-09 01:11:22.021 Critical:+#8 0x00007f8f78dc7fe2 in BIO_new () from lib/libcrypto.so.1.0.0 2021-05-09 01:11:22.021 Critical:+#9 0x00007f8f78a34574 in tlso_sb_setup () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#10 0x00007f8f787f6062 in ber_sockbuf_add_io () from lib/liblber-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#11 0x00007f8f78a31a68 in ldap_int_tls_connect.isra.1 () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#12 0x00007f8f78a32288 in ldap_int_tls_start () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#13 0x00007f8f78a0da70 in ldap_int_open_connection () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#14 0x00007f8f78a2014d in ldap_new_connection () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#15 0x00007f8f78a0d15a in ldap_open_defconn () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#16 0x00007f8f78a21568 in ldap_send_initial_request () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#17 0x00007f8f78a167a2 in ldap_sasl_bind () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#18 0x00007f8f78a16b8a in ldap_sasl_bind_s () from lib/libldap_r-2.4.so.2 2021-05-09 01:11:22.021 Critical:+#19 0x00007f8f78a172e0 in ldap_simple_bind_s () from lib/libldap_r-2.4.so.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 8245] slapo-unique constraints bypassed by manageDsaIt, change to relax?
by openldap-its＠openldap.org 23 Jun '22

23 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=8245 --- Comment #15 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 81b5ca91 by Ondřej Kuzník at 2022-06-14T21:52:18+00:00 ITS#8245 Do not try to release a NULL entry RE26 (2.6.3): • 85649edf by Ondřej Kuzník at 2022-06-23T18:34:57+00:00 ITS#8245 Do not try to release a NULL entry RE25 (2.5.13): • c8059b5d by Ondřej Kuzník at 2022-06-23T18:46:44+00:00 ITS#8245 Do not try to release a NULL entry -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8227] syncprov should use more threads
by openldap-its＠openldap.org 23 Jun '22

23 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=8227 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.7.0 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9870] New: Remove optional overlay syntax
by openldap-its＠openldap.org 23 Jun '22

23 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9870 Issue ID: 9870 Summary: Remove optional overlay syntax Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- While the module/overlay support was really young, an unreleased version of OpenLDAP supported 'optional overlays' that could fail start up without that being treated as a fatal error. This was later disabled, never documented and nowadays it can't work anyway, but the configuration option is still there in config_overlay() honouring overlay names starting with the '-' character as an alias. A patch to remove that leftover is coming. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9869] New: LDAP over TLS not doing hostname verification in version 2.4.59
by openldap-its＠openldap.org 22 Jun '22

22 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9869 Issue ID: 9869 Summary: LDAP over TLS not doing hostname verification in version 2.4.59 Product: OpenLDAP Version: 2.4.59 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: radiatejava(a)gmail.com Target Milestone: --- My software was using openldap client 2.4.44 to talk to the LDAP server. We have shifted to 2.4.59 now to address some issues. Ever since we shifted, the new version is allowing LDAP over TLS without hostname verification. In the older 2.4.44, I always got this error if hostname did not match the CN value: return code -1 - Can't contact LDAP server) diagnostic message TLS: hostname does not match CN in peer certificate But after the lib update, no such error even if I am using LDAP server IP to do LDAP bind while LDAP server certificate has CN set as some FQDN (say test.ldap.com). Our client side code has not changed while we updated the ldap lib. For our client, we are only doing these settings: ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, lCertsDir) ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, lCert) Has there been any change in this regard? How do I enforce hostname verification now? Thanks -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 8227] syncprov should use more threads
by openldap-its＠openldap.org 21 Jun '22

21 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=8227 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |WORKSFORME --- Comment #6 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Yeah, just gone all the way to backlogging one consumer till we block in slapd_wait_writer() and the other one keeps receiving all messages as they are prepared, just as one would hope. Resuming the blocked consumer seems to flush everything down that connection as well. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8227] syncprov should use more threads
by openldap-its＠openldap.org 21 Jun '22

21 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=8227 --- Comment #5 from Howard Chu <hyc(a)openldap.org> --- Possibly this ticket is obsolete then. If you're satisfied that suspending/blocking one consumer doesn't interfere with other consumers' progress, we can just close this. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8227] syncprov should use more threads
by openldap-its＠openldap.org 21 Jun '22

21 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=8227 --- Comment #4 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Maybe you meant something else because I'm not seeing this, syncprov_matchops->syncprov_qresp already schedules a separate syncprov_qtask for each active persist session that has anything to send out. Those sessions each have a separate response queue, sharing a reference to the resinfo provided. And those tasks then run independent of each other sending messages (since ITS#5985 just one message at a time), reclaiming syncres and since ITS#8039 possibly resinfo as they make progress. Also verified all of this at runtime. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6942] updateref config is inadequate
by openldap-its＠openldap.org 13 Jun '22

13 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=6942 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|--- |High --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Fairly critical for 2.7.0 so that we can better handle replicated environments with chaining where MMR is in play. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9861] New: Read-only databases can't be opened - regression introduced with da0527ac
by openldap-its＠openldap.org 09 Jun '22

09 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9861 Issue ID: 9861 Summary: Read-only databases can't be opened - regression introduced with da0527ac Product: LMDB Version: unspecified Hardware: aarch64 OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: jocke(a)ordo.one Target Milestone: --- Created attachment 905 --> https://bugs.openldap.org/attachment.cgi?id=905&action=edit Reduced simple test to open the environment that fails The ability to open an environment in read-only mode when the file permissions is 'read only' for the user is no longer possible after the commit da0527ac75b811419b7007202799f96b2edb5aef. It is simply reproduced by creating a database with e.g. mtest.c, then changing the permissions to read-only, then running another trivial program trying to open the environment in read-only mode / no-lock mode fails. Specifically, after some investigation it seems that the check on line 5516 "if (!(flags & (MDB_RDONLY|MDB_WRITEMAP))) {" was removed in the above commit such that mdb_fopen() is called (presumably incorrectly?). Returning that guard check seems to restore functionality, but I'm not familiar enough with the code base to say that is a valid fix - but seems likely. I applied that single change here: https://github.com/hassila/swift-lmdb/tree/hassila-mdb-merge-patch with this commit: https://github.com/hassila/swift-lmdb/commit/c940b4c807c278cea43d2e3858dc22… To reproduce with a clean checkout: 1. make 2. mkdir tested 3. ./mtest 4. chmod -wx testdb/data.mdb 5. run the attached program (reduced from real code base) -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9859] New: fix test
by openldap-its＠openldap.org 09 Jun '22

09 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9859 Issue ID: 9859 Summary: fix test Product: OpenLDAP Version: 2.5.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: hamano(a)osstech.co.jp Target Milestone: --- Created attachment 904 --> https://bugs.openldap.org/attachment.cgi?id=904&action=edit openldap-2.5-fix_test.patch 1. specifiy modulepath and moduleload moduleload ../rel/mod.la works on build directry ex: make test but it doesn't work with installed slapd. It should be specified the modulepath and moduleload separately like other tests. ``` modulepath ../servers/slapd/overlays/ moduleload mod.la ``` 2. skip test020-proxycache for back-wt -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9799] New: Clearing pending ops on Bind
by openldap-its＠openldap.org 07 Jun '22

07 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9799 Issue ID: 9799 Summary: Clearing pending ops on Bind Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ondra(a)mistotebe.net Target Milestone: --- When slapd receives some operations before it has started processing a queued bind, those get added into conn->c_ops_pending and c_n_pending_ops is updated accordingly. Bind then eventually invokes connection_abandon() which forgets to zero out c_n_pending_ops and the connection remains unusable forever. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 6461] back-sql quote characters in query
by openldap-its＠openldap.org 07 Jun '22

07 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=6461 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.5.12 Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9157] return additional error code information when OPT_X_TLS_NEWCTX fails
by openldap-its＠openldap.org 03 Jun '22

03 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9157 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 2c0707cf by Howard Chu ITS#9157: check for NULL ld RE26 (2.6.3): • 6675535c by Howard Chu at 2022-06-03T20:29:24+00:00 ITS#9157: check for NULL ld -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9020] Inconsistent cn=config objectClasses for overlays
by openldap-its＠openldap.org 03 Jun '22

03 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9020 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • 737bcd7f by Ondřej Kuzník at 2022-06-03T16:52:37+00:00 ITS#9020 Reinstate olcAutomaticGroups and document its deprecation RE26 (2.6.3): • 4a755258 by Ondřej Kuzník at 2022-06-03T17:42:35+00:00 ITS#9020 Reinstate olcAutomaticGroups and document its deprecation RE25 (2.5.13): • 02ddd515 by Ondřej Kuzník at 2022-06-03T17:43:55+00:00 ITS#9020 Reinstate olcAutomaticGroups and document its deprecation -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9857] New: add password policy
by openldap-its＠openldap.org 01 Jun '22

01 Jun '22

https://bugs.openldap.org/show_bug.cgi?id=9857 Issue ID: 9857 Summary: add password policy Product: OpenLDAP Version: 2.6.2 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: elizabeth.real(a)jpl.nasa.gov Target Milestone: --- I'm upgrading from openldap 2.4 running on RHEL7 up to 2.6.2 and RHEL8 on new hardware, apparently the way to configure password policy now is by configuring the slapd.conf file rather than loading the ppolicy schema. How do I modify that file properly? I read https://www.openldap.org/doc/admin26/overlays.html#Password%20Policies on section 12.10.2. Password Policy Configuration, what does it mean to "Instantiate the module in the database"? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9854] New: We are best digital marketing
by openldap-its＠openldap.org 26 May '22

26 May '22

https://bugs.openldap.org/show_bug.cgi?id=9854 Issue ID: 9854 Summary: We are best digital marketing Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: moldshilarious50(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9852] New: Error
by openldap-its＠openldap.org 24 May '22

24 May '22

https://bugs.openldap.org/show_bug.cgi?id=9852 Issue ID: 9852 Summary: Error Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: aarounsmind03(a)gmail.com Target Milestone: --- -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9851] New: Register Problem
by openldap-its＠openldap.org 24 May '22

24 May '22

https://bugs.openldap.org/show_bug.cgi?id=9851 Issue ID: 9851 Summary: Register Problem Product: website Version: unspecified Hardware: All OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: iampupdate(a)gmail.com Target Milestone: --- https://www.bharatpostlive.com/approval-of-amendment-in-national-bio-fuel-p… -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 9848] New: Test 022-ppolicy fails on master if slapd has only --enable-overlays and --with-tls=openssl
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=9848 Issue ID: 9848 Summary: Test 022-ppolicy fails on master if slapd has only --enable-overlays and --with-tls=openssl Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dstoychev(a)symas.com Target Milestone: --- **Steps to reproduce: - Checkout master ./configure --enable-overlays --with-tls=openssl make depend make make test **Current result: Test fails, here is the output: ./run test022-ppolicy Cleaning up test run directory leftover from previous run. Running ./scripts/test022-ppolicy for mdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to check that slapd is running... Testing redundant ppolicy instance... Using ldapadd to populate the database... Testing account lockout... Waiting 13 seconds for lockout to reset... Testing password expiration Waiting 10 seconds for password to expire... Resetting password to clear expired status Filling password history... Testing password history... Testing failed logins when password/policy missing... Testing forced reset... Clearing forced reset... Testing Safe modify... Testing length requirement... Testing hashed length requirement... Testing multiple password add/modify checks... Testing idle password expiration Switching to a policy with idle expiration... Waiting 15 seconds for password to expire... Reverting to Standard policy... Testing obsolete Netscape ppolicy controls... Enabling Netscape controls... Reconfiguring policy to remove grace logins... ldapmodify failed (255)! **Expected result: Test passed **Notes: - Reproducible on master branch only. - Same test passes on 2.6 branch (with the same slapd config) - Test could pass on master if other "configure" options are enabled, so make sure to use only "--enable-overlays" and "--with-tls=openssl" to reproduce -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- HEAD: • 205e2f1a by Howard Chu at 2022-05-16T13:54:08+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL RE26: • 7e7f01c3 by Howard Chu at 2022-05-16T15:09:08+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL RE25: • f3d89d62 by Howard Chu at 2022-05-16T15:11:51+00:00 ITS#7165 back-mdb: check for stale readers on MDB_READERS_FULL -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.5.13 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9838] New: Add decoding of the RFC 4517 Postal Address format
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=9838 Issue ID: 9838 Summary: Add decoding of the RFC 4517 Postal Address format Product: JLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: JDBC Assignee: bugs(a)openldap.org Reporter: fredrik(a)roubert.name Target Milestone: --- No software connecting to an LDAP database through JDBC can be expected to know anything at all about LDAP, so no such software can be expected to be able to decode the RFC 4517 Postal Address format (1.3.6.1.4.1.1466.115.121.1.41). -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |hyc(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 16 May '22

16 May '22

1 0

[Issue 9385] New: Opening an env with MDB_NOSUBDIR with no existing file returns error
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=9385 Issue ID: 9385 Summary: Opening an env with MDB_NOSUBDIR with no existing file returns error Product: LMDB Version: unspecified Hardware: All OS: Mac OS Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: kriszyp(a)gmail.com Target Milestone: --- Created attachment 776 --> https://bugs.openldap.org/attachment.cgi?id=776&action=edit A fix to tolerate stat call on non-existing file Calling mdb_env_open with a file path to a file that doesn't exist yet, with MDB_NOSUBDIR on a non-Windows OS will return an error indicating that the file doesn't exist. This is supposed to create a new file, and works properly on the mdb.master branch, and still functions properly on Windows. The error is due to the stat() call in mdb_env_open prior to the file existing. I attached a patch that tolerates the absence of the file before checking if the file is on a block device. I am not sure if this is the appropriate fix, or if would be better to move this check later in mdb_env_open after the file is created, or alternately, determining the parent directory and calling stat on that. -- You are receiving this mail because: You are on the CC list for the issue.

1 1

[Issue 8165] Add proper versioning to liblmdb
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=8165 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7754] Unaligned MDB_DUPSORT sub-pages
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=7754 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- mdb.master was changed long ago to pad odd-sized keys to fix this issue. Fix is still unreleased due to the resulting on-disk format change. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7364] mdb: clean up POSIX semaphores on environment close.
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=7364 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |trivial Priority|--- |Lowest -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7165] Killing slap tools breaks the running mdb
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=7165 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #6 from Howard Chu <hyc(a)openldap.org> --- > At this point the only potential action I see is to add a check for MDB_READERS_FULL as noted at the beginning of this reply. https://git.openldap.org/openldap/openldap/-/merge_requests/526 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8165] Add proper versioning to liblmdb
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=8165 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED --- Comment #1 from Howard Chu <hyc(a)openldap.org> --- *** This issue has been marked as a duplicate of issue 7794 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7794] RFE: Versioned LMDB shared library
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=7794 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |quanah(a)openldap.org --- Comment #2 from Howard Chu <hyc(a)openldap.org> --- *** Issue 8165 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9839] New: Undocumented behavior of ldap_url_parse() when port is 0 in URL string
by openldap-its＠openldap.org 13 May '22

13 May '22

https://bugs.openldap.org/show_bug.cgi?id=9839 Issue ID: 9839 Summary: Undocumented behavior of ldap_url_parse() when port is 0 in URL string Product: OpenLDAP Version: unspecified Hardware: Other OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: jiaqing.zhao(a)linux.intel.com Target Milestone: --- In ldap_url_parse(), when the port in URL string is set to 0 like "ldap://example.com:0", the output value of lud_port will be the default port (389 for LDAP, 636 for LDAPs). This behavior is undocumented. I created a patch to illustrate this behavior. As my gitlab account is pending confirmation, I put it in the attachments. This affects OpenLDAP 2.5.x and 2.6.x, but it is already been fixed in master branch https://git.openldap.org/openldap/openldap/-/commit/e3905c989821f6c09576988… for issue #9596. Will it be included in 2.7.0? If so, I may need to add something like "(Until OpenLDAP 2.7.0)" before the line I added. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 8882] Empty Directory String Overlay
by openldap-its＠openldap.org 12 May '22

12 May '22

https://bugs.openldap.org/show_bug.cgi?id=8882 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • d2057745 by Ondřej Kuzník at 2022-05-10T14:24:49+00:00 ITS#8882 Add slapo-emptyds to contrib RE26: • edc67c6d by Ondřej Kuzník at 2022-05-12T15:45:18+00:00 ITS#8882 Add slapo-emptyds to contrib RE25: • 6c9cb00f by Ondřej Kuzník at 2022-05-12T15:46:13+00:00 ITS#8882 Add slapo-emptyds to contrib -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9843] New: slapcat and slapadd have no -r option
by openldap-its＠openldap.org 12 May '22

12 May '22

https://bugs.openldap.org/show_bug.cgi?id=9843 Issue ID: 9843 Summary: slapcat and slapadd have no -r option Product: OpenLDAP Version: 2.5.12 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- I run openldap in a chrooted environment, by calling /usr/local/libexec/slapd -d0 -u openldap -r /home/openldap -F /etc/openldap/ -h 'ldap://zzz' I want to migrate 2.5 → 2.6. The manual says first to call slapcat on the databases. In the /home/openldap/etc/openldap directory are the configurations of the databases. The path there: olcDbDirectory: /var/openldap-data/yyy obviously references the path within the chrooted environment, the path is /home/openldap/var/openldap-data/yyy outside the chrooted environment. Slapcat has no -r option. So there is no way to export the databases by using slapcat -n 0 -F /home/openldap/etc/openldap/ . Strace(1) shows that the file openat(AT_FDCWD, "/var/openldap-data/yyy/DUMMY" is missing and the error message is slapcat: bad configuration directory! In fact there is a way: symlinking /var/openldap-data outside the chrooted environment to /var/openldap-data inside the chrooted environment. This way does work, but it requires expert magic like using strace. Please add -r option to slapcat and slapadd, which performs chroot to the directory, after opening the file specified by the -l parameter. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9702] New: slapadd is missing -r chroot option
by openldap-its＠openldap.org 12 May '22

12 May '22

https://bugs.openldap.org/show_bug.cgi?id=9702 Issue ID: 9702 Summary: slapadd is missing -r chroot option Product: OpenLDAP Version: 2.5.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- I want to run slapd under chroot with the -r option. In order to initialize the setup, I want to use `slapadd -n0 configuration.ldif`. The configuration file contains mdb databases and these databases have `olcDbDirectory: ` paths. Since slapd will load the databases from the chroot environment, the directory names must be submitted to slapadd to be correct in the chroot environment. This means, that outside the chroot environment the directory paths are not correct. When I call `slapadd -n0 ` I get the error olcDbDirectory: value #0: invalid path: No such file or directory slapadd: could not add entry dn="olcDatabase={1}mdb,cn=config" (line=909): Closing DB... which means, that slapadd cannot open (outside the chrooted environment) the olcDbDirectory path. Thus slapadd shall first enter the chrooted environment, but it lacks option for this. Probably slapcat will also need this option to dump the databases. The chrooted environment is created specially for openldap, so it contains no tools. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9845] New: slapd Deamon is Crashed on OpenVMS_x86
by openldap-its＠openldap.org 12 May '22

12 May '22

https://bugs.openldap.org/show_bug.cgi?id=9845 Issue ID: 9845 Summary: slapd Deamon is Crashed on OpenVMS_x86 Product: OpenLDAP Version: 2.5.7 Hardware: x86_64 OS: Other Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: jeetu.singh(a)aol.com Target Milestone: --- CH2105_SYSTEM> @SYS$COMMON:[SYS$STARTUP]LDAP$STARTUP.COM; %RUN-S-PROC_ID, identification of created process is 20E0043A CH2105_SYSTEM> sho time 11-MAY-2022 06:09:20 CH2105_SYSTEM> sho proc/id=20E0043A %SYSTEM-W-NONEXPR, nonexistent process CH2105_SYSTEM> ty ldap$varroot:[run]slapd.log; $ runcmd = "$ldap$bin:slapd.exe" $ dbglvl = f$trnlnm("LDAP$DEBUG") $ if dbglvl .nes. "" then runcmd = "$ldap$bin:slapd.exe -d " $ runcmd %DEBUGBOOT-W-EXPGFLQUOTA, exceeded pagefile quota %SYSTEM-W-EXIT_UNWIND, exit unwind currently in progress SYSTEM job terminated at 11-MAY-2022 06:09:17.86 Accounting information: Buffered I/O count: 778 Peak working set size: 44368 Direct I/O count: 117 Peak virtual size: 962112 Page faults: 3447 Mounted volumes: 0 Charged CPU time: 0 00:00:00.38 Elapsed time: 0 00:00:00.50 Please let me know if any further input needed. Request to provide "How to configure OpenLDAP on OpenVMS_x86 Environment" Manual. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs