https://bugs.openldap.org/show_bug.cgi?id=9537
Issue ID: 9537
Summary: slap_timestamp() can give a duplicated timestamp
across restarts
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
On busy sites, when a slapd restart takes <1s, accesslog can fail to log
changes with LDAP_ALREADY_EXISTS. This is because slap_timestamp() only logs
timestamps with a 1s precision, disambiguating the rest with a counter that's
forgotten across restarts.
It is possible my analysis in ITS#9487 is partially invalidated because of
this.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9526
Issue ID: 9526
Summary: slapadd -w crashes
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: grapvar(a)gmail.com
Target Milestone: ---
Let slapd.conf is:
> database mdb
> suffix "o=Foo"
> sync_use_subentry
database is blank and we are adding this foo.ldif:
> dn: o=FOO
> objectClass:organization
Let's load:
> slapd -T add -v -l foo.ldif -w
then on Solaris:
> added: "o=FOO" (00000001)
> Segmentation Fault (core dumped)
... on Linux:
> added: "o=FOO" (00000001)
> => mdb_next_id: get failed: Invalid argument (22)
> => mdb_tool_next_id: next_id failed: Invalid argument (22)
> => mdb_tool_entry_put: txn_aborted! Invalid argument (22)
> slapadd: couldn't create context entry
> Closing DB...
This is because:
* mdb_tool_next_id() takes dead global [tools.c`static MDB_cursor *mcp] for
further operations
* cursor is dead because mdb_tool_entry_put() didn't initialized it
* mdb_tool_entry_put() didn't initialized cursor because it thinks it is
initialized, because there is an active global [tools.c`MDB_txn *mdb_tool_txn]
* transaction was initialized by mdb_tool_dn2id_get(), which doesn't care about
cursors.
Long story short: the global state in tools.c is not managed consistently and
needs rethinking.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6467
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9552
Issue ID: 9552
Summary: slapo-accesslog should record new DN after rename
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
To use accesslog as a sessionlog source, one needs to be able to resolve
whether a modrdn moved an entry in/out of the search scope. Syncprov would
either have to examine every modrdn request or, if accesslog were to log the
final DN, it could check for entries which crossed the scope.
A new attribute 'reqNewDN' should be tracked for modrdn ops.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9529
Issue ID: 9529
Summary: pcache locking issue
Product: OpenLDAP
Version: 2.4.58
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: hyc(a)openldap.org
Target Milestone: ---
Since ITS#6954 commit ea228495148 the consistency_check function was changed
to hold the template t_rwlock for the entire duration of a query expiration.
There doesn't appear to be any valid reason for this change, and it causes
the cache to be unresponsive to new searches while expiration is removing
cached entries.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9295
Issue ID: 9295
Summary: ppolicy and replication: pwdLockedTime replication
fails to replicate
Product: OpenLDAP
Version: 2.4.50
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
If you have the following setup, a replica will hit an error during
replication.
a) ppolicy is configured on provider(s) and replicas. Replica has
schemachecking=on in its syncrepl configuration
b) account gets locked on the replica, so pwdAccountLockedTime is set on the
replica but not on the provider(s)
c) admin does a MOD/ADD op against a provider for the user entry to add a value
to pwdAccountLockedTime
dn: ...
changetype: modify
add: pwdAccountLockedTime
pwdAccountLockedTime: ...
d) provider accepts this modification.
e) replica rejects this modification because the resulting change means that
there would be two pwdAccountLockedTime values on the account in question
Generally I believe that in this scenario, the MOD/ADD on the provider should
be treated as a replace OP instead of an ADD op
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9530
Issue ID: 9530
Summary: double-free in options.c
Product: OpenLDAP
Version: 2.4.58
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: bugs(a)openldap.org
Reporter: norm.green(a)gemtalksystems.com
Target Milestone: ---
I've been seeing double-free errors in valgrind when calling
ldap_set_option(lc, LDAP_OPT_DEFBASE)
I tracked it down to code in ldap_create() in open.c.
When we copy the global options to the new LDAP *, we create new versions of
some but not all malloced options. The ldo_defbase and ldo_defbinddn option
members are strings that are *not* reallocated (ldo_defbase may not be
important).
This diff appears to fix the problem:
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c
index 5882b6336..0828d334e 100644
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -139,6 +139,14 @@ ldap_create( LDAP **ldp )
ld->ld_options.ldo_defludp = NULL;
ld->ld_options.ldo_conn_cbs = NULL;
+ /* Norm Green, April 20, 2021 - fix pointers that get copied.
+ * must realloc these to prevent double-free errors */
+
+ ld->ld_options.ldo_defbase = gopts->ldo_defbase ?
+ LDAP_STRDUP(gopts->ldo_defbase) : NULL;
+ ld->ld_options.ldo_defbinddn = gopts->ldo_defbinddn ?
+ LDAP_STRDUP(gopts->ldo_defbinddn) : NULL;
+
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9521
Issue ID: 9521
Summary: libldap doesn't configure TLS1.3 ciphersuites for
OpenSSL
Product: OpenLDAP
Version: 2.4.58
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: libraries
Assignee: bugs(a)openldap.org
Reporter: hyc(a)openldap.org
Target Milestone: ---
OpenSSL 1.1 uses a separate API for configuring TLSv1.3 cipher suites.
The current code in libldap doesn't call this API so those suites are
always left at their compiled-in default.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9559
Issue ID: 9559
Summary: ldap_modify manpage LDAPMod incorrect
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
ldap_modify(3) suggests that struct ldapmod has a mod_next parameter, where
ldap.h defines no such thing, nor is it even mentioned in RFC1823 for what
that's worth.
So I think it is the manpage that needs updating.
--
You are receiving this mail because:
You are on the CC list for the issue.