- openldap-bugs - openldap.org

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

1 0

[Issue 7768] Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7768 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- slapo-chain already says "All URIs not listed in the configuration are chained anonymously", works as designed. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8950] segfault with TXN+accesslog
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8950 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Created attachment 797 --> https://bugs.openldap.org/attachment.cgi?id=797&action=edit Valgrind log This still happens, see attached valgrind.log -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9475] New: Add support for MAP_POPULATE
by openldap-its＠openldap.org 23 Feb '21

23 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9475 Issue ID: 9475 Summary: Add support for MAP_POPULATE Product: LMDB Version: unspecified Hardware: All OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: aa531811820(a)gmail.com Target Milestone: --- In some case (such as cloud computing platforms), the reading speed of large files is very fast while the small files is very slow, and we have enough memory, so we hope to prefetch the entire LMDB file into the memory during MMAP through the MAP_POPULATE flag . According to our test, this is faster than using readahead flag. Here are some test data: # mmap with no readahead read one sample: 0.2s total time: 4800s # mmap with readahead read one sample: 0.0001s~0.03s total time: 95.86s # mmap with MAP_POPULATE db init: 20s read one sample: 0.0001s total time: 78s -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 7343] slapo-dynlist does not include attributes of an entry containing objectClass of the dynlist attrset
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7343 --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- (In reply to openldap(a)stormcloud9.net from comment #3) > I think you might have missed the second half of the issue. > > ======== > > Now the documentation clearly states recursion is not allowed, so if cn=child > were to have a 'labeledURI', this labeledURI would not be expanded. But this > is > not what is being done here, cn=child has no labeledURI present. Irrelevant. > It also > behaves > perfectly fine if I pull the "objetClass: labeledURIObject" off cn=child. Yes, because it is the objectClass: labeledURIobject that is checked to determine whether a recursive query is occurring or not. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8820] ldap_get_attribute_ber() function needs to be documented
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8820 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|quanah(a)openldap.org |hyc(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8665] limits documentation update for glued databases
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8665 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Target Milestone|2.5.3 |2.5.2 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8665] limits documentation update for glued databases
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8665 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/249 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8464] Documentation for enabling monitoring via cn=config
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8464 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS Target Milestone|2.5.3 |2.5.2 Keywords|has_patch, OL_2_5_REQ | --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/248 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #13 from David Coutadeur <david.coutadeur(a)gmail.com> --- Hi Quanah, Ok, thanks for the update, I will do as requested. David -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8255 --- Comment #3 from Michael Ströder <michael(a)stroeder.com> --- Hmm, AFAICS Target Milestone: 2.6.0 is pretty close to WON'T FIX. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8847] New LDAP URL syntax to support binding to specific IP address at client side
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8847 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Hi David, Please open a merge request at https://git.openldap.org with your 2.5 based module so it can be considered for inclusion in OpenLDAP 2.5. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8825] slapo-memberof: memberof-memberof-ad doesn't work correctly
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8825 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8825] slapo-memberof: memberof-memberof-ad doesn't work correctly
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

1 0

[Issue 8751] deref aliases with back meta goes wrong in db_cache_find_ndn()
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8751 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8751] deref aliases with back meta goes wrong in db_cache_find_ndn()
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8751 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Resolution|--- |WONTFIX Status|UNCONFIRMED |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Appears to be bdb/hdb specific bug given the code block, which are no longer supported. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8740] libldap ignoring timeout value
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8740 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8740] libldap ignoring timeout value
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8740 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FEEDBACK Status|UNCONFIRMED |RESOLVED --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- More information necessary. is the remote server up? Sample code to reproduce? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8724] slapo-pcache truncates remote results
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8724 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |reviewed --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- May be documentation update as pcache requires the full result set to properly function which is why the paged results control is stripped -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8721] Quarantine in meta backend
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8721 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |reviewed -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8707] slapd: Add systemd service notification support
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8707 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8611] Option to block SSL renegotation after X attempts
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8611 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8552] Strange behaviour of attribute using password policy overlay
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8552 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |ondra(a)mistotebe.net Keywords| |reviewed -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8545] Undesired timeout when polling for results
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8545 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |hyc(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8524] cn=config + ditContentRule
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8524 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 Severity|normal |development --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- DIT content rule handling needs reworking for OpenLDAP 2.6 when cn=config is in use. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8482] Assertion failed with back-meta
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8482 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8482] Assertion failed with back-meta
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8482 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Do you see the same behavior with openldap 2.5? We believe this is fixed *** This issue has been marked as a duplicate of issue 8404 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8404] Fix for an assertion failure when olcDbRewrite is modified on a meta or asyncmeta database
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8404 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hydrazine(a)bergzand.net --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 8482 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8474] Securely Erase BerElement Buffer After Use
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8474 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8375] paged results control results in full db search?
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8375 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8255 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- followed with: AFAICT the else statement with the debug statement is hit because the "RESULT\n" line is not really consumed before the while loop (line 1671) and that results in this wrong output. s is still at the beginning of "RESULT\n" line when entering the while loop. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8255] slapd-sock: response parsing in str2result() is broken
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8255 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- list message: I'm trying to find out why slapd-socks always outputs all lines returned by the external sock listeners with comment "unknown" although everything seems to work correctly. ----------------------------- snip ----------------------------- 5603fc08 conn=1000 op=1 BIND dn="uid=äöüÄÖÜß,ou=realdb,dc=example,dc=org" method=128 5603fc08 str2result (msgid: 2 code: 49 matched: uid=äöüÄÖÜß,ou=realdb,dc=example,dc=org info: You loose! (wrong password) ) unknown 5603fc08 str2result ( ) unknown 5603fc08 conn=1000 op=1 RESULT tag=97 err=49 text= You loose! (wrong password) ----------------------------- snip ----------------------------- The (correct) Python string returned by the listener was: 'RESULT\nmsgid: 2\ncode: 49\nmatched: uid=\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x84\xc3\x96\xc3\x9c\xc3\x9f,ou=realdb,dc=example,dc=org\ninfo: You loose! (wrong password)\n\n' I tried to understand what's going on in str2result() (in file servers/slapd/result.c) but failed. AFAICS in slapd-sock(5) the external listener should always return a line with "code: <digit>" after the "RESULT" line. But to me it seems that the function would return with rc=0 if there's only a single "RESULT" line (due to break in line 1674). And I also can't see why the else clause in 1727 is reached. I wonder whether slapd-sock is confused by the two trailing line feeds. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8254] RFE: slapd-sock: more request and return parameters
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8254 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8229] ldapsearch: report failed search results to stderr even when ldif == 0
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8229 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Fix for 2.6 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8197] slapo-constraint and delold=0
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8197 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8197] slapo-constraint and delold=0
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8197 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- List message: When bulk-renaming entries in web2ldap I do *not* alter the RDN of the entry but also send delold: 0 in the MODRDN operation. IMO this is most minimal invasive approach. This works ok in most setups. But in a more strict setup (release 2.4.41) with slapo-constraint and constraints on the RDN's characteristic attribute those MODRDN requests trigger a constraint and fails with 'Constraint violation' although the RDN value is not changed. I can't tell whether this was different with older OpenLDAP releases. Even more strange: It works with delold: 1. So I could easily alter web2ldap's behaviour to send delold: 1. But I'm not sure whether that's the right general approach especially when thinking about all the other LDAP servers out there. So the question is: Is this an overzealous misbehaviour of slapo-constraint and should it be fixed therein? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8183] ldap_init() failed at sub thread but runs ok at main.
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8183 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8183] ldap_init() failed at sub thread but runs ok at main.
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8183 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FEEDBACK --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Can you reproduce this with the OpenLDAP 2.5 alpha? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8180] back-sock should not return sucess in case of error
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8180 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8178] back-sock: Timeout to avoid locking
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8178 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8171] slapd-sock(5): Details for CONTINUE response missing
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8171 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|backends |documentation Target Milestone|2.5.3 |2.6.0 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- man page needs updating -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8119] ldapsearch: put empty line after result not before next result
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8119 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Target Milestone|2.5.3 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8119] ldapsearch: put empty line after result not before next result
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8119 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |SUSPENDED Status|UNCONFIRMED |RESOLVED --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Feel free to provide a merge request -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8044] openldap 2.4.39-8.el6: issue causing server unavailability
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8044 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |--- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9400] New: Proxy bind retry fails after remote server disconnects
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=9400 Issue ID: 9400 Summary: Proxy bind retry fails after remote server disconnects Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: backends Assignee: bugs(a)openldap.org Reporter: tero.saarni(a)est.tech Target Milestone: --- Problem description ------------------- I'm using slapd-ldap to proxy for a remote LDAP server. LDAP backend is configured to: - allow user binds that are passed directly to the remote LDAP server - allow local user binds that are mapped to remote bind using idassert-bind The problem happens when remote LDAP server abruptly disconnects the (idle) LDAP connection. For example, next search operation will fail with error: Server is unavailable (52) Additional information: misconfigured URI? The operation will succeed when repeating it for second time. Reproducing the problem ----------------------- I created a test case that reproduces the problem - https://git.openldap.org/tsaarni/openldap/-/compare/master...ldap-back-retr… Preliminary troubleshooting --------------------------- While troubleshooting this I observed following: (A) The problem is related to retry after remote server abruptly dropped the LDAP connection. Call chain ldap_back_retry() -> ldap_back_dobind_int() -> ldap_back_is_proxy_authz() ends up in this branch: if ( !( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )) { if ( op->o_tag == LDAP_REQ_BIND ) { if ( !BER_BVISEMPTY( &ndn )) { dobind = 0; goto done; } where "dobind = 0" causes "binddn" and "bindcred" return variables NOT to be filled. Then in ldap_back_dobind_int() we fall into this branch: if ( LDAP_BACK_CONN_ISIDASSERT( lc ) ) { if ( BER_BVISEMPTY( &binddn ) && BER_BVISEMPTY( &bindcred ) ) { /* if we got here, it shouldn't return result */ rc = ldap_back_is_proxy_authz( op, rs, LDAP_BACK_DONTSEND, &binddn, &bindcred ); if ( rc != 1 ) { Debug( LDAP_DEBUG_ANY, "Error: ldap_back_is_proxy_authz " "returned %d, misconfigured URI?\n", rc ); rs->sr_err = LDAP_OTHER; rs->sr_text = "misconfigured URI?"; LDAP_BACK_CONN_ISBOUND_CLEAR( lc ); if ( sendok & LDAP_BACK_SENDERR ) { send_ldap_result( op, rs ); } goto done; } } (B) The problem does NOT occur if configuring separate instances of back-ldap: - one backend for users: BIND is done with users own credentials - no idassert - second backend for local admin: local admin BIND is overwritten with idassert-bind Possibly the same problem have been discussed also earlier, for example - https://www.openldap.org/lists/openldap-technical/201307/msg00070.html - https://www.openldap.com/lists/openldap-bugs/201511/msg00041.html - https://www.openldap.org/lists/openldap-bugs/201905/msg00001.html -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 8044] openldap 2.4.39-8.el6: issue causing server unavailability
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=8044 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- We believe this was fixed as a part of ITS#9400, can you confirm? *** This issue has been marked as a duplicate of issue 9400 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|DUPLICATE |--- Status|VERIFIED |UNCONFIRMED --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- sorry updated wrong bug. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7832] Proposing ppolicy extended module for OpenLDAP
by openldap-its＠openldap.org 22 Feb '21

22 Feb '21

https://bugs.openldap.org/show_bug.cgi?id=7832 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs