openldap-bugs

openldap-bugs@openldap.org

1 participants
21046 discussions

(ITS#6827) SSL Unbind Hangs
by jason.colonno＠blackskycomputing.com 08 Feb '11

08 Feb '11

Full_Name: Jason Colonno Version: 2.4.23-0ubuntu3.4 OS: Ubuntu 10.10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.1.229.99) When binding with a AD server using SSL, ldap functions work properly however when the unbind function is called it hangs indefinitely. The point of the function is to reset a user's passwords. AD Server is Windows Server 2008 R2. Ldp.exe testing of connecting with the server does not have this problem since it does not use python-ldap. Sample Code: bind_str = "ldaps://" + domain_controller + ":636/" l = ldap.initialize(bind_str) l.set_option( ldap.OPT_X_TLS_DEMAND, True ) l.set_option( ldap.OPT_DEBUG_LEVEL, 255 ) bind_str = "cn=" + binding_username + ",cn=Users,dc=" + domain_dc + ",dc=" + domain_ext l.simple_bind_s(bind_str, binding_password) new_gen_passwd = generate_temp_pw() unicode1 = unicode("\"" + new_gen_passwd + "\"", "iso-8859-1") unicode2 = unicode1.encode("utf-16-le") new_password = unicode2 mod_attrs = [(ldap.MOD_REPLACE, 'unicodePwd', new_password)] l.modify_s(username, mod_attrs) l.unbind_s() Also a simple SSL bind and unbind without any modifications to the AD yields the same hanging problem.

1 0

(ITS#6810) testing a fix.
by bruno.haleblian＠gmail.com 08 Feb '11

08 Feb '11

Hi, all just testing with that fix for now... --- openldap-2.4.23.orig/servers/slapd/overlays/syncprov.c 2010-06-10 20:50:48.000000000 +0200 +++ openldap-2.4.23.p1/servers/slapd/overlays/syncprov.c 2011-02-08 19:33:10.000000000 +0100 @@ -1292,7 +1292,8 @@ } } - if ( fc.fscope ) { + /* (ITS#6810) make sure ors_filter != NULL here */ + if ( fc.fscope && ss->s_op->ors_filter ) { op2 = *ss->s_op; oh = *op->o_hdr; oh.oh_conn = ss->s_op->o_conn; Regards, Bruno.

1 0

Re: (ITS#6625) draft-zeilenga-ldap-c-api-concurrency support
by h.b.furuseth＠usit.uio.no 08 Feb '11

08 Feb '11

I see. Thanks. That saves some copyright head-scratching. -- Hallvard

1 0

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
by jonathan＠phillipoux.net 07 Feb '11

07 Feb '11

Le 05/02/2011 00:37, hyc(a)symas.com a écrit : > michael(a)stroeder.com wrote: >> Could we have this overlay in contrib/ shipped with 2.4.24? >> That would be really nice. >> >> I've tested it with 2.4.23 and it still seems to work. > > Committed with changes in HEAD. Howard, Thanks for taking the time to clean this up and commit it. Jonathan -- -------------------------------------------------------------- Jonathan Clarke - jonathan(a)phillipoux.net -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------

1 0

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
by hyc＠symas.com 07 Feb '11

07 Feb '11

Michael Ströder wrote: > hyc(a)symas.com wrote: >> michael(a)stroeder.com wrote: >>> Could we have this overlay in contrib/ shipped with 2.4.24? >>> That would be really nice. >>> >>> I've tested it with 2.4.23 and it still seems to work. >> >> Committed with changes in HEAD. > > Also in RE24. Thanks a lot! > > Any objections adding a slightly more complete Makefile (see attachment)? Yes, several objections. Post diffs that can be applied by the "patch" command, not the complete file. If you're going to add more rules, make them conform to the standard Makefiles. E.g. the correct macro is "prefix" not "PREFIX". Post diffs that actually work, your "OPT" macro is never referenced anywhere else in the Makefile so it's useless. The default prefix is always /usr/local. You can use whatever prefix you like in your personal copy, but stick with the defaults on anything you submit to us. > Ciao, Michael. > > > Makefile.lastbind > > > # Copyright 2009 Jonathan Clarke<jonathan(a)phillipoux.net>. > # All rights reserved. > # > # Redistribution and use in source and binary forms, with or without > # modification, are permitted only as authorized by the OpenLDAP > # Public License. > # > # A copy of this license is available in the file LICENSE in the > # top-level directory of the distribution or, alternatively, at > #<http://www.OpenLDAP.org/license.html>. > > PREFIX=/opt/openldap-RE24 > > CPPFLAGS+=-I../../../include -I../../../servers/slapd > CPPFLAGS+=-DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC > #LIBTOOL=libtool > LIBTOOL=../../../libtool > OPT=-g -O2 > CC=gcc > > > all: lastbind.la > > lastbind.lo: lastbind.c > $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $? > > lastbind.la: lastbind.lo > $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \ > -rpath $(PREFIX)/lib -module -o $@ $? > > clean: > rm -rf lastbind.lo lastbind.la lastbind.o .libs/ > > install: lastbind.la > mkdir -p $(PREFIX)/libexec/openldap > $(LIBTOOL) --mode=install cp lastbind.la $(PREFIX)/libexec/openldap > $(LIBTOOL) --finish $(PREFIX)/libexec/openldap -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6625) draft-zeilenga-ldap-c-api-concurrency support
by doug.leavitt＠oracle.com 07 Feb '11

07 Feb '11

For the record. slapd-mtread.c started as a copy of slapd-read.c from the same source directory, and then minor modifications were incorporated into slapd-mtread.c to allow the code to perform specific MT operations. This was done to preserve the integrity of the existing test suite and all the existing test cases that already use slapd-read.c. Technically the original author is also the original author of slapd-read.c Doug Leavitt Oracle Corporation

1 0

Re: (ITS#6826) Apache htpasswd MD5 support [patch]
by hyc＠symas.com 07 Feb '11

07 Feb '11

djpohly(a)gmail.com wrote: > Alright, I have created a file contrib/slapd-modules/passwd/apr1.c which > implements this hash: > > http://openldap.pastebin.com/r2GzfveB > > I have tested it and confirmed that it works on several passwords > converted from an htpasswd file using the atol.pl script above. Thanks, added to HEAD with additional changes. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6826) Apache htpasswd MD5 support [patch]
by djpohly＠gmail.com 06 Feb '11

06 Feb '11

Alright, I have created a file contrib/slapd-modules/passwd/apr1.c which implements this hash: http://openldap.pastebin.com/r2GzfveB I have tested it and confirmed that it works on several passwords converted from an htpasswd file using the atol.pl script above.

1 0

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
by michael＠stroeder.com 05 Feb '11

05 Feb '11

This is a multi-part message in MIME format. --------------010407040507050306070700 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit hyc(a)symas.com wrote: > michael(a)stroeder.com wrote: >> Could we have this overlay in contrib/ shipped with 2.4.24? >> That would be really nice. >> >> I've tested it with 2.4.23 and it still seems to work. > > Committed with changes in HEAD. Also in RE24. Thanks a lot! Any objections adding a slightly more complete Makefile (see attachment)? Ciao, Michael. --------------010407040507050306070700 Content-Type: text/plain; name="Makefile.lastbind" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Makefile.lastbind" # Copyright 2009 Jonathan Clarke <jonathan(a)phillipoux.net>. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted only as authorized by the OpenLDAP # Public License. # # A copy of this license is available in the file LICENSE in the # top-level directory of the distribution or, alternatively, at # <http://www.OpenLDAP.org/license.html>. PREFIX=/opt/openldap-RE24 CPPFLAGS+=-I../../../include -I../../../servers/slapd CPPFLAGS+=-DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC #LIBTOOL=libtool LIBTOOL=../../../libtool OPT=-g -O2 CC=gcc all: lastbind.la lastbind.lo: lastbind.c $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $? lastbind.la: lastbind.lo $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \ -rpath $(PREFIX)/lib -module -o $@ $? clean: rm -rf lastbind.lo lastbind.la lastbind.o .libs/ install: lastbind.la mkdir -p $(PREFIX)/libexec/openldap $(LIBTOOL) --mode=install cp lastbind.la $(PREFIX)/libexec/openldap $(LIBTOOL) --finish $(PREFIX)/libexec/openldap --------------010407040507050306070700--

1 0

ITS#6826 Apache htpasswd MD5 support
by hyc＠symas.com 04 Feb '11

04 Feb '11

New password hash mechanisms should simply be implemented as standalone modules for inclusion under contrib/slapd-modules. See contrib/slapd-modules/passwd for existing examples. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs