- openldap-bugs - openldap.org

[Issue 9421] New: SIGSEGV in the MMR synchro
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9421 Issue ID: 9421 Summary: SIGSEGV in the MMR synchro Product: OpenLDAP Version: 2.4.56 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs(a)openldap.org Reporter: benjamin.demarteau(a)liege.be Target Milestone: --- We are in the process of migrating from a single outdated node to an up to date MMR cluster. Through this process we write LSC synchronizations from the old server to the new server so we can keep the old server around. Our preliminary tests show that when LSC hammers the ldap using multiple threads while another node is included in the replication, we get segmentation faults with the following backtrace: #0 0x00007f7f578748ef in __strncasecmp_l_avx () from /lib64/libc.so.6 #1 0x000056094a7ca298 in avl_find (root=0x56094bb28820, data=data@entry=0x7f7e74000cd0, fcmp=fcmp@entry=0x56094a7166a0 <oc_index_name_cmp>) at avl.c:545 #2 0x000056094a716bde in oc_bvfind (ocname=0x7f7e74000cd0) at oc.c:186 #3 oc_bvfind (ocname=ocname@entry=0x7f7e74000cd0) at oc.c:178 #4 0x000056094a70ec5a in objectSubClassMatch (matchp=0x7f7e5fff8c8c, flags=256, syntax=<optimized out>, mr=<optimized out>, value=<optimized out>, assertedValue=0x7f7e74000cd0) at schema_prep.c:214 #5 0x000056094a6e9fb9 in ordered_value_match (match=match@entry=0x7f7e5fff8c8c, ad=0x56094bb184e0, mr=mr@entry=0x56094bb09810, flags=flags@entry=256, v1=v1@entry=0x7f7e5810f470, v2=v2@entry=0x7f7e74000cd0, text=0x7f7e5fff8c90) at value.c:693 #6 0x000056094a6ec44d in test_ava_filter (op=op@entry=0x7f7e5fff90c0, e=e@entry=0x56094bb54a88, ava=0x7f7e74000cc8, type=type@entry=163) at filterentry.c:777 #7 0x000056094a6ecfec in test_filter (op=op@entry=0x7f7e5fff90c0, e=e@entry=0x56094bb54a88, f=f@entry=0x7f7e74000d08) at filterentry.c:88 #8 0x000056094a6ecc81 in test_filter_and (flist=<optimized out>, e=0x56094bb54a88, op=0x7f7e5fff90c0) at filterentry.c:879 #9 test_filter (op=op@entry=0x7f7e5fff90c0, e=0x56094bb54a88, f=<optimized out>) at filterentry.c:118 #10 0x00007f7f5382c58f in syncprov_matchops (op=op@entry=0x7f7e5fff9c80, opc=opc@entry=0x7f7e58001808, saveit=saveit@entry=0) at syncprov.c:1393 #11 0x00007f7f5382e37f in syncprov_op_response (op=0x7f7e5fff9c80, rs=<optimized out>) at syncprov.c:2115 #12 0x000056094a6dcb98 in slap_response_play (op=op@entry=0x7f7e5fff9c80, rs=rs@entry=0x7f7e5fff9c10) at result.c:508 #13 0x000056094a6dd11c in send_ldap_response (op=op@entry=0x7f7e5fff9c80, rs=rs@entry=0x7f7e5fff9c10) at result.c:583 #14 0x000056094a6ddd43 in slap_send_ldap_result (op=0x7f7e5fff9c80, rs=0x7f7e5fff9c10) at result.c:861 #15 0x000056094a7a86fd in mdb_add (op=0x7f7e5fff9c80, rs=0x7f7e5fff9c10) at add.c:435 #16 0x000056094a73cd78 in overlay_op_walk (op=op@entry=0x7f7e5fff9c80, rs=0x7f7e5fff9c10, which=op_add, oi=0x56094bb8a720, on=<optimized out>) at backover.c:677 #17 0x000056094a73ceab in over_op_func (op=0x7f7e5fff9c80, rs=<optimized out>, which=<optimized out>) at backover.c:730 #18 0x00007f7f5361ff6a in accesslog_response (op=<optimized out>, rs=<optimized out>) at accesslog.c:1877 #19 0x000056094a6dcb98 in slap_response_play (op=op@entry=0x7f7e7410fff0, rs=rs@entry=0x7f7e5fffa870) at result.c:508 #20 0x000056094a6dd11c in send_ldap_response (op=op@entry=0x7f7e7410fff0, rs=rs@entry=0x7f7e5fffa870) at result.c:583 #21 0x000056094a6ddd43 in slap_send_ldap_result (op=0x7f7e7410fff0, rs=0x7f7e5fffa870) at result.c:861 #22 0x000056094a7a86fd in mdb_add (op=0x7f7e7410fff0, rs=0x7f7e5fffa870) at add.c:435 #23 0x000056094a73cd78 in overlay_op_walk (op=op@entry=0x7f7e7410fff0, rs=0x7f7e5fffa870, which=op_add, oi=0x56094bb8a900, on=<optimized out>) at backover.c:677 #24 0x000056094a73ceab in over_op_func (op=0x7f7e7410fff0, rs=<optimized out>, which=<optimized out>) at backover.c:730 #25 0x000056094a6d32bd in fe_op_add (op=0x7f7e7410fff0, rs=0x7f7e5fffa870) at add.c:334 #26 0x000056094a6d4139 in do_add (op=0x7f7e7410fff0, rs=0x7f7e5fffa870) at add.c:194 #27 0x000056094a6cbfc0 in connection_operation (ctx=ctx@entry=0x7f7e5fffaab0, arg_v=arg_v@entry=0x7f7e7410fff0) at connection.c:1175 #28 0x000056094a6ccdbe in connection_read_thread (ctx=0x7f7e5fffaab0, argv=0x1a) at connection.c:1311 #29 0x00007f7f5903bead in ldap_int_thread_pool_wrapper (xpool=0x56094bb2a1d0) at tpool.c:696 #30 0x00007f7f57ae414a in start_thread () from /lib64/libpthread.so.0 #31 0x00007f7f57815f23 in clone () from /lib64/libc.so.6 If we take down the second node, we cannot reproduce the segfaults anymore. Let me know if we can provide more information (we can't provide the core dump since it's full of passwords). -- You are receiving this mail because: You are on the CC list for the issue.

1 19

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9347 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9045 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9045] Crashes in cn=config (test050)
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

1 0

[Issue 9001] try_read1msg() takes O(n) steps to lookup a matching request
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9001 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8820] ldap_get_attribute_ber() function needs to be documented
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8820 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8788] slapd-pcache undef not compatible with mdb
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8788 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8775] PASSMOD exop fails with RWM and tight ACLs
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8775 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 Keywords|OL_2_5_REQ, reviewed | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8736] Add test script for cn=config replication using delta-sync
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8736 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6206] Admin guide appendices or tools in contrib should be better than Ubuntu docs
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6206 --- Comment #4 from Gavin Henry <ghenry(a)openldap.org> --- I think these are now them: https://ubuntu.com/server/docs/service-ldap -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8064] SIGSEGV in monitor-shutdown code
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8064 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7335] Create process for updating man pages to handle both cn=config and slapd.conf configurations
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7335 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6206] Admin guide appendices or tools in contrib should be better than Ubuntu docs
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6206 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6206] Admin guide appendices or tools in contrib should be better than Ubuntu docs
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6206 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |SUSPENDED Status|UNCONFIRMED |RESOLVED Target Milestone|2.5.3 |--- --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- upstream docs no longer exist for comparison -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7832 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8967] back-mdb "unchecked" limit broken vs. search scope
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8967 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 5398d44a by Howard Chu at 2021-03-22T09:18:32+00:00 ITS#8967 additional check -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8967] back-mdb "unchecked" limit broken vs. search scope
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8967 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • a3935c72 by Howard Chu at 2021-03-22T08:36:49+00:00 ITS#8967 back-mdb: fix adminlimit check -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8967] back-mdb "unchecked" limit broken vs. search scope
by openldap-its＠openldap.org 22 Mar '21

22 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8967 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #1 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8707] slapd: Add systemd service notification support
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8707 --- Comment #29 from Quanah Gibson-Mount <quanah(a)openldap.org> --- This patch is broken, at the least it's missing a mutex lock prior to calling ldap_pvt_thread_cond_wait( &listener_init_cond, &listener_init_mutex );, see https://git.openldap.org/openldap/openldap/-/merge_requests/261#note_2412 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8458] syncrepl ppolicy with LDIF backend fails
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8458 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8545] Undesired timeout when polling for results
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8545 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8458] syncrepl ppolicy with LDIF backend fails
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8458 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Keywords|OL_2_5_REQ, replication, | |reviewed | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9507] New: Output when setting LBER_OPT_DEBUG_LEVEL or LDAP_OPT_DEBUG_LEVEL
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9507 Issue ID: 9507 Summary: Output when setting LBER_OPT_DEBUG_LEVEL or LDAP_OPT_DEBUG_LEVEL Product: OpenLDAP Version: 2.4.44 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: john(a)iastate.edu Target Milestone: --- I have a web application (cgi) that uses libldap. When I set either of the options LBER_OPT_DEBUG_LEVEL or LDAP_OPT_DEBUG_LEVEL then the library's debug info goes to stderr, which ends in Apache's error_log file rather than my application's log file. By reading the code, I discovered that I can do: extern int ber_pvt_err_file; ber_pvt_err_file = getMyLogFP(); and redirect the output where I want it. This is, of course, fragile. So, I would like to suggest the addition of something like: FILE * fp = getYourDesiredFP(); ldap_set_option(NULL, LDAP_OPT_DEBUG_FILE, &fp); <and> ber_set_option(NULL, LBER_OPT_DEBUG_FILE, &fp); -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 8589] cn=config replication plus DB replication can break replication
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8589 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, replication, | |reviewed | --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • f2740c79 by Howard Chu at 2021-03-21T17:41:19+00:00 ITS#8589 syncrepl: defer on REFRESH_REQUIRED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9152] Configuring autoca before database exists crashes slapd
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9152 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • cc2834c8 by Howard Chu at 2021-03-21T17:28:50+00:00 ITS#9152 autoca: no-op if DB doesn't exist yet -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8577] Accesslog overlay hangs slapd depending on module loading order
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8577 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 7a4e70f3 by Howard Chu at 2021-03-21T17:20:05+00:00 ITS#8577 don't allow setting logDB to current DB -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8726] slapd -d pcache not available when pcache is a module
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8726 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • cbb6441c by Howard Chu at 2021-03-21T16:36:30+00:00 ITS#8726 check newly registered loglevels immediately -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7295] Problem with TLS: threads and OpenSSL
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7295 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • bb6844e2 by Howard Chu at 2021-03-21T15:26:57+00:00 ITS#7295 don't init TLS threads by default -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8246] defining multiple frontend DBs should probably not be allowed
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8246 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 7ff1f42f by Howard Chu at 2021-03-21T14:58:22+00:00 ITS#8246 frontend and config DBs are unique -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9016] cn=config should fail on EMIT if target directory not empty
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9016 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • cf67fc22 by Ondřej Kuzník at 2021-03-19T12:48:09+00:00 ITS#9016 Do not forget to close directory handle -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8589] cn=config replication plus DB replication can break replication
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8589 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #2 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9152] Configuring autoca before database exists crashes slapd
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9152 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #1 from Howard Chu <hyc(a)openldap.org> --- Fixed in master. Note that in this case, the overlay will never auto-install its own server cert, you'll have to explicitly provide it later. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8577] Accesslog overlay hangs slapd depending on module loading order
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8577 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8726] slapd -d pcache not available when pcache is a module
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8726 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8545] Undesired timeout when polling for results
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8545 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #2 from Howard Chu <hyc(a)openldap.org> --- (In reply to shalopo(a)gmail.com from comment #0) > Full_Name: Shahar Lupu > Version: 2.4.44 > OS: Ubuntu > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (81.218.29.26) > > > When calling ldap_result with a timeout={0,0} (polling), it returns > LDAP_TIMEOUT > even though there are available messages in the socket. > This occurs when calling ldap_results with all=true and a multi-message > response > has arrived. In this case, if the client has already received on the socket > every message for the response, it is desirable that all the messages are > collected within this ldap_result call. Instead of only polling for the > specified timeout, ldap_result applies the timeout (zero when polling) on the > wait4msg loop. Consequently, ldap_result returns LDAP_TIMEOUT after the first > message if the response is composed of more than one message. > While it may be a good idea to apply a timeout for the wai4msg loop (rather > than > only the polling on the socket), it is undesirable in some cases and should > at > least be configurable. Or perhaps timeout=polling should never be applied on > the > wait4msg loop. None of this will make any difference. In try_read1msg, there is a check to see if the socket is still readable at the end, in which case it will loop back and read the next message. As such, when it returns to wait4msg, all readable messages have already been processed. So even if it returns LDAP_TIMEOUT, it returns all available messages. If it only returns one message, that means no others were available. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8458] syncrepl ppolicy with LDIF backend fails
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8458 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- The bug report makes no sense. (In reply to mozo(a)mozo.jp from comment #0) > As LDIF backend tries to store the values for the attributes in "prettified" > form and the value is transferred verbatim in wire, replication of > pwdAttribute > (1.3.6.1.4.1.42.2.27.8.1.1) ends up with the following error: > > > syncrepl_message_to_entry: rid=001 mo cheheck (pwdAttribute: value #0 invalid > per syntax) > > The validation causing the error itself is done in the following part in > servers/slapd/modify.c: > > /* > * check that each value is valid per syntax > * and pretty if appropriate > */ > for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); > nvals++ ) > { > struct berval pval; > > if ( pretty ) { > rc = ordered_value_pretty( ad, > &ml->sml_values[nvals], &pval, ctx ); > } else { > rc = ordered_value_validate( ad, > &ml->sml_values[nvals], ml->sml_op ); > } > > if( rc != 0 ) { > snprintf( textbuf, textlen, > "%s: value #%ld invalid per syntax", > ml->sml_type.bv_val, (long) nvals ); > *text = textbuf; > return LDAP_INVALID_SYNTAX; > } > > if( pretty ) { > ber_memfree_x( ml->sml_values[nvals].bv_val, ctx ); > ml->sml_values[nvals] = pval; > } > } > > where pwdAttribute has the corresponding prettifier assigned to its schema > (servers/slapd/overlays/ppolicy.c), which eventually is fed with the value in > prettified form that will effectively make slap_bv2ad() in attrPretty() fail. attrPretty will only fail if the item it's passed has not been defined in the schema. > > { > Syntax *syn; > MatchingRule *mr; > > syn = ch_malloc( sizeof( Syntax )); > *syn = *ad_pwdAttribute->ad_type->sat_syntax; > syn->ssyn_pretty = attrPretty; > ad_pwdAttribute->ad_type->sat_syntax = syn; > > mr = ch_malloc( sizeof( MatchingRule )); > *mr = *ad_pwdAttribute->ad_type->sat_equality; > mr->smr_normalize = attrNormalize; > ad_pwdAttribute->ad_type->sat_equality = mr; > } > > The replication works fine for other such attributes that have the same > syntax > (OID, 1.3.6.1.4.1.1466.115.121.1.38) like objectClass because those > attributes > are accompanied by the validators as well as prettifiers which validate the > value both in prettified and OID form. For instance, objectClass has the > corresponding validator oialalidate() besides the prettifier > objectClassPretty(). The code you quoted from slapd/modify.c clearly shows that if a prettifier is defined, then the validator is ignored, therefore it is irrelevant. So again, this only fails if the schema element in question is not defined, which means you have a configuration error. Closing this ITS. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7295] Problem with TLS: threads and OpenSSL
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7295 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- Fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8246] defining multiple frontend DBs should probably not be allowed
by openldap-its＠openldap.org 21 Mar '21

21 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8246 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #1 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9016] cn=config should fail on EMIT if target directory not empty
by openldap-its＠openldap.org 18 Mar '21

18 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9016 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ, reviewed | --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3c12993f by Ondřej Kuzník at 2021-03-18T21:07:43+00:00 ITS#9016 Check confdir is empty before generating from scratch • 1d5e16fa by Ondřej Kuzník at 2021-03-18T21:07:43+00:00 ITS#9438 Do not regenerate config on startup -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6830] slapo-ppolicy.5 has incorrect schema fragments
by openldap-its＠openldap.org 18 Mar '21

18 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6830 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.4 |2.5.3 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6830] slapo-ppolicy.5 has incorrect schema fragments
by openldap-its＠openldap.org 18 Mar '21

18 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6830 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • eafcc405 by Ondřej Kuzník at 2021-03-18T17:32:30+00:00 ITS#6830 Enable NO-USER-MODIFICATION on ppolicy attributes -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 18 Mar '21

18 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 6809a942 by Quanah Gibson-Mount at 2021-03-18T16:36:56+00:00 ITS#9051 Regression test • 152c12d4 by Ondřej Kuzník at 2021-03-18T16:36:56+00:00 ITS#9051 Do not remove callback on intermediate responses • 4d6b0180 by Ondřej Kuzník at 2021-03-18T16:36:56+00:00 ITS#9051 Check for more success result codes -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9505] New: Should be admin guide section on logging detail
by openldap-its＠openldap.org 17 Mar '21

17 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9505 Issue ID: 9505 Summary: Should be admin guide section on logging detail Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Currently we do not document information about the log levels, particularly stats. For example, we don't document anywhere outside the slap.h header what time units etime and qtime use (microseconds). This would be helpful, since other directory servers use (and DOCUMENT) milliseconds. Overall it would likely be helpful to end users so they understand more about what the information stats logging is providing. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9449] New: When the "lockdetect" is setted in slapd.conf, the db deadlock detected policy is setted incorrected
by openldap-its＠openldap.org 16 Mar '21

16 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9449 Issue ID: 9449 Summary: When the "lockdetect" is setted in slapd.conf, the db deadlock detected policy is setted incorrected Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: li(a)lihaitao.cn Target Milestone: --- I have the "lockdetect random" setted in slapd.conf,the expected deadlock detected policy is "DB_LOCK_RANDOM" but I got the valude "DB_LOCK_EXPIRE". After many search of the source file, the lockdetect parse source is found on openldap-2.4.57\servers\slapd\back-bdb\config.c :Line 894-903 --------------------- case BDB_LOCKD: rc = verb_to_mask( c->argv[1], bdb_lockd ); if ( BER_BVISNULL(&bdb_lockd[rc].word) ) { fprintf( stderr, "%s: " "bad policy (%s) in \"lockDetect <policy>\" line\n", c->log, c->argv[1] ); return 1; } bdb->bi_lock_detect = (u_int32_t)rc; break; --------------------- After analyse the verb_to_mask's return value, the "rc" is the index of the bdb_lockd's setting items. So it can't be passwd to bi_lock_detect. The right value is The "bdb_lockd[rc].mask". I think it is a bug, my recommendation fix is like the next. bdb->bi_lock_detect = (u_int32_t)rc; -> bdb->bi_lock_detect = bdb_lockd[rc].mask; -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 8996] Please supply a pkg-config file for libldap
by openldap-its＠openldap.org 16 Mar '21

16 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8996 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3eea13bd by Hugh McMaster at 2021-03-15T21:39:55+00:00 ITS#8996 - Generate and install a pkg-config file for the liblber library • baee6c47 by Hugh McMaster at 2021-03-15T21:39:55+00:00 ITS#8996 - Generate and install a pkg-config file for the libldap library -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 4e0f0a31 by Quanah Gibson-Mount at 2021-03-15T20:30:07+00:00 ITS#8889 - Clarify loglevel and debug level portions of admin guide. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 5f935298 by Tero Saarni at 2021-03-15T19:03:59+00:00 ITS#9419 fix comparison -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9419] New: Add support for HAProxy proxy protocol v2
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9419 Issue ID: 9419 Summary: Add support for HAProxy proxy protocol v2 Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: henson(a)acm.org Target Milestone: --- Add support for the HAProxy proxy protocol v2: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt This will allow slapd to receive and act upon client addresses when operating behind a NAT'ing load balancer or proxy server which would otherwise obscure the true client address. Patch will be submitted as a pull request on gitlab. The submitted pull request is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the pull request were developed by Paul B. Henson <henson(a)acm.org> based on specifications and example code provided by HAProxy at the above listed URL. I have not assigned rights and/or interest in this work to any party. The modifications to OpenLDAP Software are subject to the following notice: Copyright 2020 Paul B. Henson Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9499] New: Clean up seqmod configure bits
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9499 Issue ID: 9499 Summary: Clean up seqmod configure bits Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- seqmod is an example overlay and is not meant to be used. configure needs to be adjusted for this fact. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9503] New: Openldap client is not populating GID name instead of it just getting GID with empty Group name
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9503 Issue ID: 9503 Summary: Openldap client is not populating GID name instead of it just getting GID with empty Group name Product: OpenLDAP Version: 2.4.54 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ramsy21(a)gmail.com Target Milestone: --- Created attachment 809 --> https://bugs.openldap.org/attachment.cgi?id=809&action=edit Openldap client is not populating GID name instead of it just getting GID with empty Group name Hi Team, we are using OpenLDAP 2.4.54 version on RHEL7.8 systems and these OpenLDAP servers are using backend Microsoft AD URI to load the User POSIX info. Clients are using SSSD software. On the client's side, we are seeing odd behavior of Group name. it's failing to fetch Group name while logging in to the LDAP clients. uid=1946***(balna**) gid=1478 groups=1478 we have to similar setup on two sites, One site is working fine and the second site is not working sure where is the exact problem both the sites' OpenLDAP configuration is intact and SSL certs are offloaded properly. the only difference I see no of clients connections the working one having fewer client around 25-30 in that site whereas non-working site OpenLDAP servers takes around 3K clients connections, I am not sure if any there is additional tuning required based on no of clients. i also checked limits 4K values set for nproc/nofile and i did not see any issue with limits. we have a similar working two sites setup of 2.4.36 on RHEL6 servers for the same no of clients and we are trying to migrate to RHEL7 with 2.4.54 version where we are seeing the issue. Can you please check and help us to see if similar kind of issue reported by any clients or any tuning in required ? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs