- openldap-bugs - openldap.org

[Issue 9313] New: TLS 1.3 Support on 2.4.44
by openldap-its＠openldap.org 11 Aug '20

11 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9313 Issue ID: 9313 Summary: TLS 1.3 Support on 2.4.44 Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: shaheena.kazi(a)gmail.com Target Milestone: --- Hello, I wanted to know if TLSv1.3 is supported on openldap 2.4.44 If no, then what about on openldap 2.4.47 ? Awaiting your response. Regards, Shaheena K -- You are receiving this mail because: You are on the CC list for the issue.

1 3

Nabard Grade A Syllabus
by Anuj jindal 11 Aug '20

11 Aug '20

NABARD Grade A officer post is one such post which is a dream of a lot of people. You get to make policies for the backbone of the country “agriculture”. You can look at the job profile of a NABARD Grade A Officer. It is really interesting. The salary of a NABARD Grade A officer is good and its syllabus is similar to that of RBI & SEBI. You can go through NABARD Grade A salary here. In this blog, I’m essentially going to talk about five things: <a href="https://www.anujjindal.in/nabard-grade-a-selection-criteria-syllabus-cut-of…">NABARD Grade A Selection Criteria </a>

1 0

[Issue 9171] slapd with ppolicy and pwdAccountLockedTime crashes
by openldap-its＠openldap.org 10 Aug '20

10 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9171 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9309 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9299] New: Memory leaks in ldap_simple_bind_s
by openldap-its＠openldap.org 06 Aug '20

06 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9299 Issue ID: 9299 Summary: Memory leaks in ldap_simple_bind_s Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: Ritu.Varkey(a)microfocus.com Target Milestone: --- Created attachment 747 --> https://bugs.openldap.org/attachment.cgi?id=747&action=edit Sample code with call to bind API The call to ldap_simple_bind_s API leaks memory. Even after calling ldap_unbind_s or ldap_unbind_ext memory is not getting freed. Our application uses this API every time we make a connection to the directory. The API is being used on Windows operating system. -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Issue 9085] Test suite is failing
by openldap-its＠openldap.org 04 Aug '20

04 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9085 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to kloczko.tomasz(a)gmail.com from comment #2) > Could you please say a little more about what kind of "enviroment problem" > it could be? "Hangup" indicates your OS killed the process. You'll need to examine your system logs to determine why. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9085] Test suite is failing
by openldap-its＠openldap.org 01 Aug '20

01 Aug '20

https://bugs.openldap.org/show_bug.cgi?id=9085 --- Comment #2 from kloczko.tomasz(a)gmail.com <kloczko.tomasz(a)gmail.com> --- Could you please say a little more about what kind of "enviroment problem" it could be? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9291] New: Detection of corrupted database files
by openldap-its＠openldap.org 30 Jul '20

30 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9291 Issue ID: 9291 Summary: Detection of corrupted database files Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: markus(a)objectbox.io Target Milestone: --- Let's assume we have to deal with a corrupted database for whatever reason (e.g. broken hardware or file system). Current behavior seems to be mostly undefined, which is understandable as it's not known what is broken (e.g. there are no checksums). For example, I'm seeing a SIGBUS in mdb_page_touch because the cursor's top page (mp) is pointing to invalid memory (0x7f99cf004000) during a commit: mdb_page_touch mdb.c:2772 mdb_page_search mdb.c:6595 mdb_freelist_save mdb.c:3575 mdb_txn_commit mdb.c:4060 Cursor data at that point: mc_snum = 1, mc_top = 0; myki[0] = 0 A SIGBUS is troublesome as it crashes the process, and I wonder if there are other ways to detect such inconsistencies. If that be possible there could be user-specific handling in place. E.g. a user might start a new database file. This issue was reported by our users, which also provided DB files: https://github.com/objectbox/objectbox-java/issues/859 I did not find a lot of consistency checks besides MDB_PAGE_NOTFOUND and MDB_CORRUPTED. Also, I think there's no current way to thoroughly check a DB file (e.g. like fsck for the DB file)? My first idea other than checksums was to walk through the branch pages from the root and check if the referenced pages are within reasonable bounds. Also check the page content (e.g. nodes, flags). Additionally (optionally?), it should be possible to check that the key values are actually sorted. So, it boils down to 3 points in summary: 1.) If there no way to check the DB file for consistency yet(?), which approach do you think would make sense? There might be two modes; one for a through check through all data, and a quick check that does not take long and could be e.g. done when opening the DB. Goal is to avoid process crashes and let users handle the situation. 2.) In general, is it possible to add more consistency checks in regular DB operations? 3.) Could the the particular situation (for which I provided the stack trace) detected (e.g. is myki[0] = 0 legal here?) I'd be happy to provide a patch if you provide some direction where you want to take that. -- You are receiving this mail because: You are on the CC list for the issue.

1 25

[Issue 8784] SIGBUS in mdb_page_touch
by openldap-its＠openldap.org 27 Jul '20

27 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8784 --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- (In reply to stefan.penner from comment #2) > I realize this issue is rather old, but I have some related questions; > hopefully that is alright: > > * The reporter mentions Android 7, do we know if the problem is limited to > Android 7, or do other Androids also suffer from this issue? > * Was someone able to come up with a consistent reproduction? If so, could > it be shared or described? I'm not aware of any consistent reproducer. Also, haven't run into this in quite a while, possibly it was already fixed in Android 9 or so -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8784] SIGBUS in mdb_page_touch
by openldap-its＠openldap.org 27 Jul '20

27 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8784 --- Comment #2 from stefan.penner(a)gmail.com --- I realize this issue is rather old, but I have some related questions; hopefully that is alright: * The reporter mentions Android 7, do we know if the problem is limited to Android 7, or do other Androids also suffer from this issue? * Was someone able to come up with a consistent reproduction? If so, could it be shared or described? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 24 Jul '20

24 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9266 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Also important to note that RFC6125 specifically states in section 1.4 that it does not apply to existing protocols, such as LDAP. It even calls this out in Appendix B, section B.3, that the LDAP protocol is *not* covered by this RFC. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9301] New: Building OpenLDAP on Silicon (ARM) Mac
by openldap-its＠openldap.org 24 Jul '20

24 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9301 Issue ID: 9301 Summary: Building OpenLDAP on Silicon (ARM) Mac Product: OpenLDAP Version: unspecified Hardware: Other OS: Mac OS Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: nicolas.brachfogel(a)4d.com Target Milestone: --- There's currently no target to build OpenLDAP on the new Apple Silicon (ARM) Macs. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 6467] syncrepl enhancements
by openldap-its＠openldap.org 23 Jul '20

23 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=6467 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST Keywords|OL_2_5_REQ | --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 66a743f1 by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Record minCSN in audit container • 43ebfa8f by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Make accesslog a possible sessionlog source • ee79cb38 by Ondřej Kuzník at 2020-07-22T22:25:10+01:00 ITS#6467 Add test script -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8645] syncrepl configuration error handling
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8645 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 4b62f3b8 by Ondřej Kuzník at 2020-07-22T20:22:50+00:00 ITS#8645 Check for all syncrepl errors -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.4.51 |2.4.52 --- Comment #19 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Going to move this to a target of 2.4.52. We will be trying to reproduce this internally with some new hardware we've acquired. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multiprovider", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Rename "mirrormode" to |Rename "mirrormode" to |"multimaster", deprecate |"multiprovider", deprecate |"mirrormode" parameter |"mirrormode" parameter -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|has_patch, IPR_OK, | |OL_2_5_REQ, | |openldap-scratch | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 3716245f by Quanah Gibson-Mount at 2020-07-22T19:32:49+00:00 Issue#8511 - Update documentation and configs to correctly use multiprovider -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9121] dynlist enhancements
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9121 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 9210ed16 by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 add dynamic memberOf support for static groups • 2c0499ae by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 support nested groups • c470af37 by Howard Chu at 2020-07-22T15:11:24+00:00 ITS#9121 add examples to manpage -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8619] Enhancement request: Nested group support using dynlist recursion
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8619 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8619] Enhancement request: Nested group support using dynlist recursion
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8619 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Keywords|OL_2_5_REQ | Status|UNCONFIRMED |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Nested group support implemented as a part of issue#9121 *** This issue has been marked as a duplicate of issue 9121 *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9121] dynlist enhancements
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9121 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |christ.klinge(a)web.de --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Issue 8619 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9298] New: Solaris compilation errors of OpenLDAP 2.4.50
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9298 Issue ID: 9298 Summary: Solaris compilation errors of OpenLDAP 2.4.50 Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: mnesam(a)juniper.net Target Milestone: --- Created attachment 746 --> https://bugs.openldap.org/attachment.cgi?id=746&action=edit OpenLDAP 2.4.50 solaris compilation error Hi OpenLDAP team, We compiled OpenLDAP 2.4.50 with OpenSSL 1.1.1 version. It compiled without errors and worked fine. However,, the same is giving compilation errors , when compiled with openSSL 1.0.2. Is the compilation requirement to Openssl 1.1.1 mandatory for OpenLDAP 2.4.50 ? Regards, Merrylin Please find the complete log in the attachement. I'm getting the below errors during the compilation of openLDAP 2.4.50 with OpenSSL 1.0.2 in Solaris 5.10: /usr/bin/gcc -m64 -m64 -o apitest apitest.o -L/export/local/mvel/workspace/openldap_1507/openssl-1.0.2q/ -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/ -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/gssapi/ -L/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs/ -L/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/plugins/.libs/ ./.libs/libldap.a /export/local/mvel/workspace/openldap_1507/openldap-2.4.50/libraries/liblber/.libs/liblber.a -L/export/local/mvel/workspace/openldap_1507/openssl-1.0.2q/lib -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib -L/export/local/mvel/workspace/openldap_1507/krb5-1.18.1/src/lib/gssapi/lib ../../libraries/liblber/.libs/liblber.a ../../libraries/liblutil/liblutil.a /export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs//libsasl2.so -ldl -lgss -lssl -lcrypto -lresolv -lgen -lnsl -lsocket -R/export/local/mvel/workspace/openldap_1507/cyrus-sasl-2.1.27/lib/.libs/ -R/usr/local/lib Undefined first referenced symbol in file SSL_CTX_set_options ./.libs/libldap.a(tls_o.o) OPENSSL_sk_num ./.libs/libldap.a(tls_o.o) BIO_meth_set_write ./.libs/libldap.a(tls_o.o) OPENSSL_sk_free ./.libs/libldap.a(tls_o.o) OPENSSL_sk_value ./.libs/libldap.a(tls_o.o) TLS_method ./.libs/libldap.a(tls_o.o) OPENSSL_init_ssl ./.libs/libldap.a(tls_o.o) BIO_meth_new ./.libs/libldap.a(tls_o.o) BIO_set_init ./.libs/libldap.a(tls_o.o) BIO_get_data ./.libs/libldap.a(tls_o.o) BIO_set_data ./.libs/libldap.a(tls_o.o) BIO_meth_set_create ./.libs/libldap.a(tls_o.o) ASN1_STRING_get0_data ./.libs/libldap.a(tls_o.o) OPENSSL_sk_new_null ./.libs/libldap.a(tls_o.o) X509_NAME_get0_der ./.libs/libldap.a(tls_o.o) BIO_meth_free ./.libs/libldap.a(tls_o.o) SSL_CTX_up_ref ./.libs/libldap.a(tls_o.o) BIO_meth_set_destroy ./.libs/libldap.a(tls_o.o) BIO_meth_set_gets ./.libs/libldap.a(tls_o.o) BIO_meth_set_ctrl ./.libs/libldap.a(tls_o.o) BIO_meth_set_puts ./.libs/libldap.a(tls_o.o) BIO_meth_set_read ./.libs/libldap.a(tls_o.o) ld: fatal: symbol referencing errors. No output written to apitest gmake[2]: *** [apitest] Error 1 -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9300] New: OpenLDAP 2.4.50 Dependency Details
by openldap-its＠openldap.org 22 Jul '20

22 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9300 Issue ID: 9300 Summary: OpenLDAP 2.4.50 Dependency Details Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: muthaiyan1991(a)gmail.com Target Milestone: --- I have selected product OpenLDAP 2.4.50.. can you please answer the query? We compiled OpenLDAP 2.4.50 with OpenSSL 1.1.1 version. It compiled without errors and worked fine. However,, the same is giving compilation errors , when compiled with openSSL 1.0.2. Is the compilation requirement to Openssl 1.1.1 mandatory for OpenLDAP 2.4.50 ? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9297] New: memory leak in mdb_dn2entry()
by openldap-its＠openldap.org 21 Jul '20

21 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9297 Issue ID: 9297 Summary: memory leak in mdb_dn2entry() Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Callers of mdb_dn2entry() expect that mdb_dn2entry( ..., Entry **e [out], match = 1 ) provides newborn Entry if and only if [mdb_dn2entry return value in {0, MDB_NOTFOUND}]. They are right with this, because any other error code makes asking for "matching entry" irrelevant. However, mdb_dn2entry does not anyhow restrict error code when generates a "matching" Entry: | int | mdb_dn2entry( | ... | struct berval *dn, | Entry **e, | ... | int matched ) | { | ... | int rc = mdb_dn2id( ..., dn, &id, ... ); | if ( rc ) { | if ( matched ) { | int rc2 = mdb_cursor_open( ..., "id2entry", &mc ); | if ( rc2 == MDB_SUCCESS ) { | mdb_id2entry( op, mc, id, e ); | mdb_cursor_close( mc ); | } | } | } else ... | ... | return rc; | } So, when [mdb_dn2id return value is NOT in {0, MDB_NOTFOUND}], the Entry will be allocated by mdb_id2entry and then leaked by a caller. Not exactly so. Will be leaked only by mdb_search() and by mdb_add(). It looks like that other callers of mdb_dn2entry() are, by chance, not affected by this issue. -- You are receiving this mail because: You are on the CC list for the issue.

1 8

[Issue 8701] account usability control for password less logins
by openldap-its＠openldap.org 21 Jul '20

21 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8701 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • c7b008ee by Ondřej Kuzník at 2020-07-21T10:48:47+01:00 ITS#8701 Fix documentation -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9296] New: OpenLDAP mishandles rpath and runpath tokens
by openldap-its＠openldap.org 21 Jul '20

21 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9296 Issue ID: 9296 Summary: OpenLDAP mishandles rpath and runpath tokens Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: noloader(a)gmail.com Target Milestone: --- Hi Everyone, I'm building OpenLDAP 2.4.50 release tarball on multiple operating systems. I've noticed there's a couple of issues with rpaths and runpaths. I configure OpenLDAP it includes the following LDFLAGS: LDFLAGS: -Wl,-R,'$ORIGIN/../lib' -Wl,-R,/export/home/jwalton/tmp/ok2delete/lib When I audit the result programs and shared objects, I see two issues. First, the rpaths and runpaths have been reordered. Second, rpath and runpath tokens were not preserved. The tokens include $ORIGIN, $LIB and $PLATFORM (see the ld.so(8) man page). In fact, the rpath and runpath seem to have been expanded to nothing. This is from Solaris. /export/home/jwalton/tmp/ok2delete/lib/libldap-2.4.so.2.10.13: RUNPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib RPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib And: /export/home/jwalton/tmp/ok2delete/lib/libldap_r-2.4.so.2.10.13: RUNPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib RPATH /export/home/jwalton/tmp/ok2delete/lib:/../lib Expanding '$ORIGIN/../lib' to '/../lib' is especially problematic. '/../lib' is just '/lib', so OpenLDAP is runtime linking to the wrong libraries, like like zLib 1.2.8 and Bzip 1.0.6. Libraries like zLib 1.2.8 and Bzip 1.0.6 have active CVEs against them. It is better to runtime link against the new libraries I provide. -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 9266] Replace custom hostname and IP address verification with OpenSSL API
by openldap-its＠openldap.org 17 Jul '20

17 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9266 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 15 Jul '20

15 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8376 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9287 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9099] LMDB: range delete
by openldap-its＠openldap.org 15 Jul '20

15 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9099 --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- (In reply to Markus from comment #2) > > Right, rebalancing would become quite a pain. > > Regarding re-balancing, maybe a pragmatic solution could be two phase > range-delete: > > 1) First, delete only those pages in the given range that will not trigger > re-balancing. > 2) Second, delete the remaining nodes in the range as is (causing > re-balancing). > > Another simplification might be to limit the page deletions to leaf pages. > I'd guess the speed-up would already be quite significant. > > > If you are interested, I could give it a shot. Just let me know. Without > more efficient range-deletes, we may have to look into workarounds. Thus, > I'd be happy to invest some time to solve that at the "core". You're welcome to try whatever approach. As long as it doesn't increase the code size too much, and you can document a significant speedup, it'll be considered. Going back to your original post, instead of using hierarchical keys you should be using separate named databases for each group. Then just use mdb_drop to delete a group. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9099] LMDB: range delete
by openldap-its＠openldap.org 15 Jul '20

15 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9099 --- Comment #2 from Markus <markus(a)objectbox.io> --- > Right, rebalancing would become quite a pain. Regarding re-balancing, maybe a pragmatic solution could be two phase range-delete: 1) First, delete only those pages in the given range that will not trigger re-balancing. 2) Second, delete the remaining nodes in the range as is (causing re-balancing). Another simplification might be to limit the page deletions to leaf pages. I'd guess the speed-up would already be quite significant. If you are interested, I could give it a shot. Just let me know. Without more efficient range-deletes, we may have to look into workarounds. Thus, I'd be happy to invest some time to solve that at the "core". -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9290] New: Trying to add new config to Ldap
by openldap-its＠openldap.org 14 Jul '20

14 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9290 Issue ID: 9290 Summary: Trying to add new config to Ldap Product: OpenLDAP Version: 2.4.49 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: koshlendra.singh(a)punchh.com Target Milestone: --- WHile i am trying to add new user config to the LDAP server getting following error: ldap_add: Invalid syntax (21) additional info: uidNumber: value #0 invalid per syntax Please share your ideas to getting resolve on this -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9265] New: modifying a schema beneath an overlay hits assert
by openldap-its＠openldap.org 10 Jul '20

10 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9265 Issue ID: 9265 Summary: modifying a schema beneath an overlay hits assert Product: OpenLDAP Version: 2.4.50 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: ratness(a)gmail.com Target Milestone: --- I'm doing to demo this on debian-unstable so it's on 2.4.50, but I've also been able to achieve the following failure with CentOS7's package (openldap-servers-2.4.44-21.el7_6.x86_64), so I don't think it's packager-related. I apologize that I don't have a gdb run with this report, but I've been having poor luck compiling it or getting a non-stripped binary. Steps to reproduce: * grab a vm/droplet/whatever of debian, convert source to unstable, apt update / apt full-upgrade * apt-get install slapd ldap-utils * reboot * Add the ppolicy schema: ** /usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif * Add the ppolicy module: ** ``` cat >/tmp/moduleadd <<EOF dn: cn=module{0},cn=config add: olcModuleLoad olcModuleLoad: ppolicy EOF ``` ** /usr/bin/ldapmodify -cQY EXTERNAL -H ldapi:/// -f /tmp/moduleadd * Add a super boring ppolicy overlay: ``` cat >/tmp/overlayadd <<EOF dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE EOF ``` ** /usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/overlayadd * Halt slapd, and then start it up in debug mode: ** service slapd stop ** /usr/sbin/slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d -d any * now, the weird one. Run an attempted 'replace' ldif against the ppolicy schema that would result in no net change to it. ``` cat >/tmp/trauma <<EOF dn: cn={4}ppolicy,cn=schema,cn=config changetype: modify replace: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - replace: olcObjectClasses olcObjectClasses: ( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST ( pwdAttribute ) MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ pwdMaxRecordedFailure ) ) - EOF ``` ** /usr/bin/ldapadd -cQY EXTERNAL -H ldapi:/// -f /tmp/trauma The client comes back with: modifying entry "cn={4}ppolicy,cn=schema,cn=config" ldap_result: Can't contact LDAP server (-1) The server, however, has failed on an assertion. The tail of the debug stream is: 5ec71e94 => access_allowed: add access granted by manage(=mwrscxd) 5ec71e94 slap_queue_csn: queueing 0x7facb8105700 20200522003636.287264Z#000000#000#000000 5ec71e94 oc_check_required entry (cn={4}ppolicy,cn=schema,cn=config), objectClass "olcSchemaConfig" 5ec71e94 oc_check_allowed type "objectClass" 5ec71e94 oc_check_allowed type "cn" 5ec71e94 oc_check_allowed type "structuralObjectClass" 5ec71e94 oc_check_allowed type "entryUUID" 5ec71e94 oc_check_allowed type "creatorsName" 5ec71e94 oc_check_allowed type "createTimestamp" 5ec71e94 oc_check_allowed type "olcAttributeTypes" 5ec71e94 oc_check_allowed type "olcObjectClasses" 5ec71e94 oc_check_allowed type "entryCSN" 5ec71e94 oc_check_allowed type "modifiersName" 5ec71e94 oc_check_allowed type "modifyTimestamp" slapd: ../../../../servers/slapd/at.c:277: at_clean: Assertion `a->sat_syntax != NULL' failed. Aborted "Why do you have an overlay there?" Beats me. It was like that when I got here, and since it's enforcing password policies, I don't think I can change it. "Why would you ever run such a silly modify!?" I wouldn't. This stems from a Puppet module where any time it spots the timestamp of /etc/path/to/ldap/schema/foo.schema is newer than the 'modifyTimestamp' of schema 'foo' in slapd, it kicks off a modify so slapd will be timestamp-newer than what's on disk. It just happens that if you ever do something as simple as `touch /etc/ldap/slapd.d/ppolicy.schema`, it triggers this update process and crashes the server on the next Puppet run. And I bet most people don't have an overlay and so this is probably a not-often-seen edge case. But unfortunately I'm not a good C person so I don't see the issue well enough to offer a PR. Thanks for reading. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=9043 --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 31423439 by Ondřej Kuzník at 2020-07-08T12:54:08+01:00 ITS#9043 Make sure uuidstr is initialised on use -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7748] rare failure of test058
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7748 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=5973, | |https://bugs.openldap.org/s | |how_bug.cgi?id=6531, | |https://bugs.openldap.org/s | |how_bug.cgi?id=9282, | |https://bugs.openldap.org/s | |how_bug.cgi?id=5470 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5973] Syncrepl can update more than one csn value
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=5973 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7748 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6531] Modify updateref to generate referrals on the backend
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=6531 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7748 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5470] Sporadic failures with RE24
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=5470 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7748 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7748] rare failure of test058
by openldap-its＠openldap.org 08 Jul '20

08 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7748 --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- There's a few issues that test058 triggers (not an exhaustive list): - ITS#9282/5740 - which would have the server attempt to remove the sm1ou2 entry - how subordinate databases seem to interact with syncprov - at the very least this prevents sm1ou2 above from being removed, masking that bug - cookies seem to be leaking across the syncrepl connections in a strange way and I suspect it's preventing some updates from being transmitted properly -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8701] account usability control for password less logins
by openldap-its＠openldap.org 07 Jul '20

07 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8701 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Status|CONFIRMED |RESOLVED Resolution|--- |TEST --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 1129df53 by Ondřej Kuzník at 2020-07-07T16:43:35+01:00 ITS#8701 Expose account usability in libldap • 63440f03 by Ondřej Kuzník at 2020-07-07T16:43:37+01:00 ITS#8701 Add account usability to ldapsearch • bdc9dbc5 by Ondřej Kuzník at 2020-07-07T16:43:37+01:00 ITS#8701 Implement account usability in ppolicy -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8762] Unlocking an account doesn't remove pwdFailureTime
by openldap-its＠openldap.org 06 Jul '20

06 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=8762 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Keywords|OL_2_5_REQ | Resolution|--- |TEST --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 49504c16 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 Fix whitespace in ppolicy.c • 3e0447f4 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7089 Skip lockout checks/modifications if password attribute missing • 3ec005a0 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Report if there is a policy that applies • 0b6ac3fd by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Skip lockout processing if no policy applies • a030aacc by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Allow pwdFailureTime tracking be disabled in policy • 376d5d65 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084 ACL of 'manage' gives pasword administrator access Password administrators can bypass safeModify, password quality checks and trigger reset if policy instructs the server to. • e05c09b9 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#8762 Clear pwdFailureTime on unlock • 5bf16496 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7084] Password Modify Extended Operation to set pwdReset: TRUE
by openldap-its＠openldap.org 06 Jul '20

06 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7084 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 49504c16 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 Fix whitespace in ppolicy.c • 3e0447f4 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7089 Skip lockout checks/modifications if password attribute missing • 3ec005a0 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Report if there is a policy that applies • 0b6ac3fd by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Skip lockout processing if no policy applies • a030aacc by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Allow pwdFailureTime tracking be disabled in policy • 376d5d65 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084 ACL of 'manage' gives pasword administrator access Password administrators can bypass safeModify, password quality checks and trigger reset if policy instructs the server to. • e05c09b9 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#8762 Clear pwdFailureTime on unlock • 5bf16496 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7788] pwdFailureTime and pwdChangedTime registered in user entry even if no ppolicy associated with the entry
by openldap-its＠openldap.org 06 Jul '20

06 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7788 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 49504c16 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 Fix whitespace in ppolicy.c • 3e0447f4 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7089 Skip lockout checks/modifications if password attribute missing • 3ec005a0 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Report if there is a policy that applies • 0b6ac3fd by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Skip lockout processing if no policy applies • a030aacc by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Allow pwdFailureTime tracking be disabled in policy • 376d5d65 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084 ACL of 'manage' gives pasword administrator access Password administrators can bypass safeModify, password quality checks and trigger reset if policy instructs the server to. • e05c09b9 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#8762 Clear pwdFailureTime on unlock • 5bf16496 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7089] ppolicy adds PWDFAILURETIME to organizationalUnit
by openldap-its＠openldap.org 06 Jul '20

06 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7089 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • 49504c16 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 Fix whitespace in ppolicy.c • 3e0447f4 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7089 Skip lockout checks/modifications if password attribute missing • 3ec005a0 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Report if there is a policy that applies • 0b6ac3fd by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Skip lockout processing if no policy applies • a030aacc by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7788 Allow pwdFailureTime tracking be disabled in policy • 376d5d65 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084 ACL of 'manage' gives pasword administrator access Password administrators can bypass safeModify, password quality checks and trigger reset if policy instructs the server to. • e05c09b9 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#8762 Clear pwdFailureTime on unlock • 5bf16496 by Ondřej Kuzník at 2020-07-03T20:42:14+00:00 ITS#7084, ITS#7089, ITS#7788 Update test to account for new functionality -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7326] [PATCH] use AI_ADDRCONFIG if defined in the environment
by openldap-its＠openldap.org 01 Jul '20

01 Jul '20

https://bugs.openldap.org/show_bug.cgi?id=7326 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |INVALID -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7400] Memberof and Syncrepl incompatibility
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7400 --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- The fix in issue#9227 should partially help. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7400] Memberof and Syncrepl incompatibility
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7400 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9227 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7024] OpenLDAP does not save the attribute "jpegPhoto" in the sql database
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=7024 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5876] back-sql: Build fix: ODBC
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=5876 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5198] wrong SQL-Statements in Back-SQL
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=5198 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 4604] backs-sql: backsql_process_filter(): invalid filter for UTF-8 querys
by openldap-its＠openldap.org 26 Jun '20

26 Jun '20

https://bugs.openldap.org/show_bug.cgi?id=4604 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs