- openldap-bugs - openldap.org

[Issue 8773] slapo-deref: man page and test suite needed
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8773 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 91a51591 by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00 ITS#8773 - Add slapo-deref.5 man page • 641ecb41 by Quanah Gibson-Mount at 2021-03-15T16:31:55+00:00 ITS#8773 - Add test for slapo-deref overlay • f2e6efed by Ondřej Kuzník at 2021-03-15T16:31:55+00:00 ITS#5768 Avoid extraneous newlines in deref printing -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 --- Comment #3 from tero.saarni(a)est.tech --- Sure, no problem! MR is here https://git.openldap.org/openldap/openldap/-/merge_requests/291 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.3 Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Can you please file an MR for this? Thanks! -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ, reviewed | Target Milestone|2.5.3 |2.6.0 --- Comment #22 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Clément OUDOT from comment #21) > Hello Howard, > > sadly we don't know how to reproduce the bug, but we know it happens as we > had some stack traces. > > I understand that this doesn't help for the resolution, but I think the bug > should remain open/active. If someone else faces the same problem, he could > add some information. Thanks Clément, I'm going to move the target to 2.6.0 for now, unless someone is able to provide a reproduction case. --Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9501] ITS#9419 regression: slapd-ldap will silently fall back from starttls to cleartext
by openldap-its＠openldap.org 15 Mar '21

15 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9501 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review Group|OpenLDAP-devs | --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- beta releases are not production releases, no need for this to be private. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 14 Mar '21

14 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9098 --- Comment #21 from Clément OUDOT <clement.oudot(a)worteks.com> --- Hello Howard, sadly we don't know how to reproduce the bug, but we know it happens as we had some stack traces. I understand that this doesn't help for the resolution, but I think the bug should remain open/active. If someone else faces the same problem, he could add some information. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6830] slapo-ppolicy.5 has incorrect schema fragments
by openldap-its＠openldap.org 12 Mar '21

12 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6830 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 Keywords|OL_2_5_REQ, reviewed | Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8677] back-sock segfaults on CONTINUE (database sock)
by openldap-its＠openldap.org 12 Mar '21

12 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8677 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|reviewed | Target Milestone|2.4.53 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9101] man pages don't reflect some global options are actually global/database
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

1 0

[Issue 9101] man pages don't reflect some global options are actually global/database
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9101 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Actually the text in the man page covering these sections explicitly states they can be configured at the DB level as well. slapd.conf(5): Options described in this section apply to all backends, unless specifically overridden in a backend definition. slapd-config(5): Options in this section may be set in the special "frontend" database and inherited in all the other databases. These options may be altered by further settings in each specific database. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/287 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8742] slapd.conf/slapd-config divergence
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8742 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 2fcfeb83 by Quanah Gibson-Mount at 2021-03-11T19:24:25+00:00 ITS#8742 - Bring slapd.conf.5 and slapd-config.5 in sync -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- And to note, if compiled with the default options (--enable-debug=yes), the *loglevel* defaults to 256 (stats). -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8736] Add test script for cn=config replication using delta-sync
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8736 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/286 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9474] New: ldap_install_tls() should return meaningful error code
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9474 Issue ID: 9474 Summary: ldap_install_tls() should return meaningful error code Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: simon.pichugin(a)gmail.com Target Milestone: --- The description of my findings (take a note that these are OpenLDAP logs that happen under the application that uses libldap): [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_write: want=610, written=610 ... [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:SSLv3 flush data [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: tls_read: want=5 error=Interrupted system call [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS trace: SSL_connect:error in SSLv3 read finished A [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: TLS: can't connect: . [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection 1 1 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_send_unbind [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ber_flush2: 7 bytes to sd 23 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 00 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_write: want=7, written=7 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: 0000: 00 05 00 01 01 42 00 [sssd[be[LDAP]]] [sss_ldap_debug] (0x4000): libldap: ldap_free_connection: actually freed So, 'error=Interrupted system call' is caught by this: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/liblber/… It is only the debug message that comes from the caller itself so we can see what is passed to OpenSSL. And 'Interrupted system call' is just an EINTR string representation. What we should do is to catch the error that OpenSSL returns to us after it is interrupted. As we can see from the logs: "libldap: TLS: can't connect: ." This line returns nothing: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… So 'ld->ld_error' is set to empty value. If we go deeper into the 'tls_imp->ti_session_errmsg' call we can reach the point where ERR_peek_error() is called: https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… https://git.openldap.org/openldap/openldap/-/blob/master/libraries/libldap/… In the conclusion: ldap_install_tls() should return meaningful error code that would allow to figure out a reason for the failure, especially network IO fail due to EITR. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 11 Mar '21

11 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also|https://bugs.openldap.org/s | |how_bug.cgi?id=9495 | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9325] New: Expand SSL test suite for multiple EC support and SAN checks
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9325 Issue ID: 9325 Summary: Expand SSL test suite for multiple EC support and SAN checks Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Need to expand the TLS test suite with some additional certs and EC support to ensure proper testing of issue#9054 and issue#9318 -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- debug levels are what gets passed to slapd via the -d option. They share the same namespace as the loglevels, but some items are only valid as a debug option (such as packets). I'll work on clarifying the admin guide. --Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8707] slapd: Add systemd service notification support
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8707 --- Comment #28 from Quanah Gibson-Mount <quanah(a)openldap.org> --- With this patch, the test suite takes an extremely long amount of time. I suspect there are some significant issues with it, as it shouldn't increase the amount of time it takes slapd to execute. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #40 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to HoweverAT from comment #39) > Created attachment 807 [details] > Add SOCKET_BIND_ADDRESSES Option > > New patch against latest master > > Changed: > - Debug Improvements (Add client address in ldap_dump_connection, also print > binded address in DEBUG_TRACE if used) > - Bugfix I would suggest submitting a merge request via your existing account at https://git.openldap.org for review to ease the review process. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 10 Mar '21

10 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 HoweverAT <laeufer4321(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #804 is|0 |1 obsolete| | --- Comment #39 from HoweverAT <laeufer4321(a)gmx.at> --- Created attachment 807 --> https://bugs.openldap.org/attachment.cgi?id=807&action=edit Add SOCKET_BIND_ADDRESSES Option New patch against latest master Changed: - Debug Improvements (Add client address in ldap_dump_connection, also print binded address in DEBUG_TRACE if used) - Bugfix Thank you for your feedback in advance Lukas The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Lukas Wimmer laeufer4321(a)gmx.at. I have not assigned rights and/or interest in this work to any party. I, Lukas Wimmer, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 9d5267e1 by Quanah Gibson-Mount at 2021-03-09T19:12:49+00:00 ITS#9079 - Fix minor issues with slapo-unique man page -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7865] man slapo-refint extended with olc-example
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

1 0

[Issue 7865] man slapo-refint extended with olc-example
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7865 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch | Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED Depends on|7335 | --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** This issue has been marked as a duplicate of issue 7335 *** Referenced Issues: https://bugs.openldap.org/show_bug.cgi?id=7335 [Issue 7335] Create process for updating man pages to handle both cn=config and slapd.conf configurations -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7335] Create process for updating man pages to handle both cn=config and slapd.conf configurations
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=7335 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|7865 | CC| |wandel(a)b1-systems.de --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 7865 has been marked as a duplicate of this issue. *** Referenced Issues: https://bugs.openldap.org/show_bug.cgi?id=7865 [Issue 7865] man slapo-refint extended with olc-example -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #38 from Howard Chu <hyc(a)openldap.org> --- (In reply to HoweverAT from comment #37) > (In reply to Howard Chu from comment #36) > > Since I've just been tinkering with debug output, this came to mind. With > > this patch, it would be a good idea to add the locally bound IP:port to the > > debug output somewhere, e.g. in ldap_dump_connection. Should probably use > > the recently added lutil_sockaddrstr, and that function likely should be > > moved into ldap_pvt_ instead of lutil. > > Hello, > > thank you for your input. > > I tried to add to ldap_dump_connection( see the "from" part, which is always > printed out independet of ) > > e.g. Output: > ** ld 0x55974c710680 Connections: > * host: localhost port: 389 (default) > * from: IP=127.0.0.1:33676 > refcnt: 2 status: Connected > last used: Tue Mar 9 12:01:18 2021 > > > ** ld 0x55974c710680 Outstanding Requests: > * msgid 1, origid 1, status InProgress > outstanding referrals 0, parent count 0 > ld 0x55974c710680 request count 1 (abandoned 0) > ** ld 0x55974c710680 Response Queue: > Empty > ld 0x55974c710680 response count 0 > > I tried to add to ldap_dump_connection the "from" part which is always > output regardless of the new SOCKET_BIND_ADDRESSES option > > If this ok, i could provide a patch for it tomorrow :) Yes, this is what I had in mind, thanks. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8889] Clarify default loglevel and consistently use debug/logging as appropriate
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8889 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Assignee|ondra(a)mistotebe.net |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #37 from HoweverAT <laeufer4321(a)gmx.at> --- (In reply to Howard Chu from comment #36) > Since I've just been tinkering with debug output, this came to mind. With > this patch, it would be a good idea to add the locally bound IP:port to the > debug output somewhere, e.g. in ldap_dump_connection. Should probably use > the recently added lutil_sockaddrstr, and that function likely should be > moved into ldap_pvt_ instead of lutil. Hello, thank you for your input. I tried to add to ldap_dump_connection( see the "from" part, which is always printed out independet of ) e.g. Output: ** ld 0x55974c710680 Connections: * host: localhost port: 389 (default) * from: IP=127.0.0.1:33676 refcnt: 2 status: Connected last used: Tue Mar 9 12:01:18 2021 ** ld 0x55974c710680 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x55974c710680 request count 1 (abandoned 0) ** ld 0x55974c710680 Response Queue: Empty ld 0x55974c710680 response count 0 I tried to add to ldap_dump_connection the "from" part which is always output regardless of the new SOCKET_BIND_ADDRESSES option If this ok, i could provide a patch for it tomorrow :) -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6912] authz-regexp DN
by openldap-its＠openldap.org 09 Mar '21

09 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=6912 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9495 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 --- Comment #36 from Howard Chu <hyc(a)openldap.org> --- Since I've just been tinkering with debug output, this came to mind. With this patch, it would be a good idea to add the locally bound IP:port to the debug output somewhere, e.g. in ldap_dump_connection. Should probably use the recently added lutil_sockaddrstr, and that function likely should be moved into ldap_pvt_ instead of lutil. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

1 0

[Issue 8682] Malformatted man pages on AIX
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|quanah(a)openldap.org |bugs(a)openldap.org Keywords|needs_review | Target Milestone|2.5.3 |--- --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Patch welcome -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8682] Malformatted man pages on AIX
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Malformatted man pages on |Malformatted man pages on |AIX and Solaris |AIX -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #8 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- Sorry for not using the right forum. I will use a more appropriate mailing list in the future. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #7 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Mon, Mar 08, 2021 at 12:30:55PM +0000, openldap-its(a)openldap.org wrote: > --- Comment #6 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- > It seems cancel is not very useful if one cannot cancel itself and other thread > can not cancel over same connection until the thread which performs the > cancelled operation timeout either during the operation itself or during > ldap_result, or doing the polling while waiting for ldap_result. Once you have > timed out, there is no need to cancel, isn't it? This bug tracker is not for usage questions, these should be posted to the appropriate mailing list, usually openldap-technical. None of what you're asking for would have worked if the thread calling ldap_result were to release its locks anyway. You can still send a cancel exop and you will get a response to both, if you require that the other thread be notified immediately, you need to do that in your own application as libldap has never had such ambitions. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #6 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- It seems cancel is not very useful if one cannot cancel itself and other thread can not cancel over same connection until the thread which performs the cancelled operation timeout either during the operation itself or during ldap_result, or doing the polling while waiting for ldap_result. Once you have timed out, there is no need to cancel, isn't it? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8871] mutex issue with cancel operation
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8871 --- Comment #5 from hsuenju_ko(a)stratus.com <hsuenju_ko(a)stratus.com> --- Thanks for the explanation. What you are saying is that operations over same connection needs to be serialized among threads if not doing what you suggested. Is that correct? So if the application needs to do different operations over same connection among thread it needs to do the following: do async operation get fd do select/poll on the fd do ldap_result with 0 timeout And since every operation involves ldap_send_initial_request even the timeout value specified for the operation itself has to be reasonable short enough to prevent same lock situation. For most part we can use different connections to perform various operations among threads except cancel has to be done over same connection. Is that assumption correct? Thanks! -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 08 Mar '21

08 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8847 HoweverAT <laeufer4321(a)gmx.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #803 is|0 |1 obsolete| | --- Comment #35 from HoweverAT <laeufer4321(a)gmx.at> --- Created attachment 804 --> https://bugs.openldap.org/attachment.cgi?id=804&action=edit Client Address Binding Option A new try. I also updated the patch against latest. The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Lukas Wimmer laeufer4321(a)gmx.at. I have not assigned rights and/or interest in this work to any party. I, Lukas Wimmer, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 --- Comment #4 from gray(a)nxg.name <gray(a)nxg.name> --- > > * Each URI defines a set of object attributes > > * One can have multiple olcUniqueURI attributes, _each of which_ creates a > > 'domain' > > * This doesn't say what a 'domain' is > > > The concept of a "domain" is a key part of the mathematical concept of "sets". As this is clearly talking about sets, the definition of domain follows. We may be thinking of different set theories, but in the mathematical set theory I'm familiar with, there is no notion of 'domain'. Functions have domains, codomains and ranges which are each sets, but that is part of the theory of functions, not of sets. Not that it matters, because 'domain' has a variety of meanings in computing contexts, so it does no harm to be precise here. Since the text just above this in the manpage talks of 'scope', in a sense which appears to at least overlap with 'domain' here, I merely suggest that the text explain what it means by 'domain'. For concreteness, can I suggest: Each `unique_uri` option defines a 'uniqueness domain' consisting of the set of attributes which would be returned by the specified (RFC 4516) LDAP URI, or the union of the sets of attributes returned by the URIs, if there is more than one. The overlay ensures that no two attributes in this set have the same value. In a 'strict' uniqueness domain (when the keyword 'strict' is present), at most one attribute in the domain may have a null value; in a non-strict domain more than one attribute may have a null value. This uniqueness constraint is imposed independently for the attributes in each uniqueness domain. ...and delete the paragraph 'It is possible...' [If 'scope' is a different notion from 'domain', then the text might benefit from some clarification about what the difference is; if they are the same notion, then it might be useful to use the same term for both, or else the careful reader will worry that there is a distinction being made that they don't understand.] > > * It's not clear where the quotes go, when combining with 'strict' or > > 'ignore' > > (I guess "strict ldap://..."). > > * Can 'strict' or 'ignore' be combined with the second or subsequent URIs? > > > This is already explicitly answered in the man page: > > "Strictness applies to all URIs within a uniqueness domain" thus it must be combined with the full set of URIs in a given statement. True. As implied above, it might be useful to relocate the remark about what 'strict' means, but the answer to my question was indeed implicit in the text as it stands. To be clear, I reiterate that I'm not suggesting the text is inaccurate, simply that it is not as clear as it could be, and I wouldn't bother suggesting documentation edits if the OpenLDAP documentation were not already unusually high quality. Also, when I first read the manpage I largely got the point pretty quickly (it's not a complicated notion), and it's only when I re-read carefully that I started to have doubts. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8950 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #3) > Created attachment 797 [details] > Valgrind log > > This still happens, see attached valgrind.log Still not happening here. Attach a complete script to reproduce the issue. I just get an error message: 60439aa9 connection_get(15) 60439aa9 connection_get(15): got connid=1000 60439aa9 connection_read(15): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 29 02 01 03 66 0b 04 0)...f.. ldap_read: want=35, got=35 0000: 07 63 6e 3d 74 65 73 74 30 00 a0 17 30 15 04 0e .cn=test0...0... 0010: 31 2e 33 2e 36 2e 31 2e 31 2e 32 31 2e 32 01 01 1.3.6.1.1.21.2.. 0020: ff 04 00 ... ber_get_next: tag 0x30 len 41 contents: 60439aa9 op tag 0x66, time 1615043241 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 60439aa9 conn=1000 op=2 do_modify ber_scanf fmt ({m) ber: 60439aa9 conn=1000 op=2 do_modify: dn (cn=test) 60439aa9 => get_ctrls ber_scanf fmt ({m) ber: ber_scanf fmt (b) ber: ber_scanf fmt (m) ber: 60439aa9 => get_ctrls: oid="1.3.6.1.1.21.2" (critical) 60439aa9 <= get_ctrls: n=1 rc=0 err="" 60439aa9 >>> dnPrettyNormal: <cn=test> => ldap_bv2dn(cn=test,0) <= ldap_bv2dn(cn=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=test)=0 60439aa9 <<< dnPrettyNormal: <cn=test>, <cn=test> 60439aa9 conn=1000 op=2 modifications: 60439aa9 => mdb_entry_get: ndn: "cn=test" 60439aa9 => mdb_entry_get: oc: "(null)", at: "(null)" 60439aa9 mdb_dn2entry("cn=test") 60439aa9 => mdb_dn2id("cn=test") 60439aa9 <= mdb_dn2id: got id=0x1 60439aa9 => mdb_entry_decode: 60439aa9 <= mdb_entry_decode 60439aa9 mdb_entry_get: rc=0 60439aa9 mdb_modify: cn=test 60439aa9 send_ldap_result: conn=1000 op=2 p=3 60439aa9 send_ldap_result: err=0 matched="" text="" 60439aa9 ==> mdb_add: reqStart=20210306150721.000000Z,cn=log 60439aa9 oc_check_required entry (reqStart=20210306150721.000000Z,cn=log), objectClass "auditModify" 60439aa9 Entry (reqStart=20210306150721.000000Z,cn=log): object class 'auditModify' requires attribute 'reqMod' 60439aa9 mdb_add: entry failed schema check: object class 'auditModify' requires attribute 'reqMod' (65) 60439aa9 send_ldap_result: conn=1000 op=2 p=3 60439aa9 send_ldap_result: err=65 matched="" text="object class 'auditModify' requires attribute 'reqMod'" 60439aa9 send_ldap_response: msgid=3 tag=103 err=0 ber_flush2: 14 bytes to sd 15 ldap_write: want=14, written=14 0000: 30 0c 02 01 03 67 07 0a 01 00 04 00 04 00 0....g........ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8415] Documentation has hard coded date
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8415 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 59a21512 by Quanah Gibson-Mount at 2021-03-06T00:39:22+00:00 ITS#8415 - Fix copyright update for all known cases -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8682] Malformatted man pages on AIX and Solaris
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=8682 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |needs_review -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Keywords|OL_2_5_REQ | --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/277 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9079] documentation: slapo-unique syntax explanation unclear
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9079 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to gray(a)nxg.name from comment #0) > I understand from this text the following: > > * One can specify multiple URIs in the value of a olcUniqueURI attribute. > I > _guess_ these can be space-separated, even though that isn't shown in this > syntax. This is a typo, which will be fixed. > * Each URI defines a set of object attributes > * One can have multiple olcUniqueURI attributes, _each of which_ creates a > 'domain' > * This doesn't say what a 'domain' is The concept of a "domain" is a key part of the mathematical concept of "sets". As this is clearly talking about sets, the definition of domain follows. > * If multiple URIs are specified in a 'domain' Again, this goes back to the mathematical concept of sets. > * It's not clear where the quotes go, when combining with 'strict' or > 'ignore' > (I guess "strict ldap://..."). > * Can 'strict' or 'ignore' be combined with the second or subsequent URIs? This is already explicitly answered in the man page: "Strictness applies to all URIs within a uniqueness domain" thus it must be combined with the full set of URIs in a given statement. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- These 3 searches should all have been logged: 6042bb16 conn=1001 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1001 op=1 p=3 6042bb16 conn=1001 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000202 nentries=1 text= 6042bb16 conn=1003 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1003 op=1 p=3 6042bb16 conn=1003 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000183 nentries=1 text= 6042bb16 conn=1005 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 6042bb16 send_ldap_result: conn=1005 op=1 p=3 6042bb16 conn=1005 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000008 etime=0.000093 nentries=1 text= -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9051] slapo-accesslog fails to log compare, search
by openldap-its＠openldap.org 06 Mar '21

06 Mar '21

https://bugs.openldap.org/show_bug.cgi?id=9051 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- This regression test that was trivial to set up shows only bind ops in the resulting accesslog database: https://git.openldap.org/quanah/openldap/-/commit/d22d10ebd7cb216496fd8c3e6… -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs