openldap-bugs

openldap-bugs@openldap.org

1 participants
20977 discussions

[Bug 6166] Overlay/backend restructuring
by openldap-its＠openldap.org 15 Apr '20

15 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6166 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |OL_2_5_REQ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.0 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7878] OpenLDAP MinGW Build Problem
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7878 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST --- Comment #6 from Ryan Tandy <ryan(a)openldap.org> --- Commits: 38f9dd2f by Ryan Tandy at 2020-04-14T10:04:33-07:00 ITS#7878 Replace uint32_t with unsigned in back-mdb -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

1 0

[Bug 9043] Improve loglevel sync logging
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9043 --- Comment #1 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • f6d9fdc4 by Ondřej Kuzník at 2020-04-14T09:58:03+01:00 ITS#9043 Improve replication loggging -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9156] latest ppolicy draft support
by openldap-its＠openldap.org 14 Apr '20

14 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9156 --- Comment #10 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Thu, Apr 09, 2020 at 02:41:54PM +0000, openldap-its(a)openldap.org wrote: > The problem was that I was using old lastbind overlay, which in some way was in > conflict with current lastbind. > If I understand correctly, the current lastbind is now completely included into > OpenLDAP 2.5? No, features you might want to configure lastbind with do not (yet) have an equivalent in the core implementation, so I haven't removed it from 2.5 yet. > It is very important to me, because as a maintainer of OpenLDAP-LTB, we would > have to warn people that the configuration parameters have changed (overlay > lastbind -> lastbind on) and that the overlay won't be provided any more. > > >> - pwdStartTime, pwdEndTime: OK, but there is no special ppolicy code returned, >> and if I read correctly the draft >> (https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.1), >> an "accountLocked" extended error code should be triggered. > > I was simply missing the ppolicy_use_lockout parameter. > One remark though: the reason of locking is not very explicit. > I understand that many companies/organizations will consider it is a good thing > to hide this information for security reasons. For the others, maybe could we > have some sort of level? > Configuration example: > lockout_message_description [none|minimal|verbose] The message is output by the client, the only information provided is the ppolicy response control: https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-6.2 (or rather https://git.openldap.org/openldap/openldap/-/blob/master/doc/drafts/draft-b…) Providing any more information would need to be integrated into the draft as well. > In the specification the extended error code could simply stay as it is: > "(1)Account locked", but we could add a more precise description in case the > verbose mode is enabled: "(1)Account locked (account unused for a too long > time)" -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8731] Variadic Debug() macro
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8731 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- • bbe20cbf by Ryan Tandy at 2020-04-13T18:57:50+00:00 ITS#8731 cleanup unused logbuf -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6567] Delete and remove everything related to ldap_gssapi_bind_s
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6567 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #16 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • e50741e4 by Quanah Gibson-Mount at 2020-04-13T17:19:35+00:00 ITS#6567 - More cleanup -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8650] EAGAIN from gnutls_handshake not respected
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

1 0

[Bug 9210] New: [with patch] Infinite retry-loop (and thus 100% CPU-Usage) when lots of requests are issued
by openldap-its＠openldap.org 13 Apr '20

13 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9210 Bug ID: 9210 Summary: [with patch] Infinite retry-loop (and thus 100% CPU-Usage) when lots of requests are issued Product: OpenLDAP Version: 2.4.47 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: lukas.juhrich(a)agdsn.de Target Milestone: --- Created attachment 706 --> https://bugs.openldap.org/attachment.cgi?id=706&action=edit Patch adding errno resets *tl;dr* single-stepping revealed a missing `errno` reset in `ber_int_sb_write`s retry loop. An sssd-setup of ours, which we use for basic-auth on one of our services, issues ldap calls. When under load, i.e. when many `ldap_search_ext` calls had to be issued due to many requests, we observed that the corresponding process/thread went up to 100% CPU usage and stayed there. - This was the [flamegraph](https://helios.wh2.tu-dresden.de/~shreyder/sssd_be%20--domain%20dom-http-wiki.svg), where you can see that it was stuck below `ber_int_sb_write`. - Single-Stepping with GDB revealed that we are stuck in the `for(;;)`-Retry-loop. Indeed, we could observe that the `sbi_write` was successful, but the `errno` continued to be `EINTR` every time I hit that breakpoint. - Patching `sockbuf.c` as attached and rebuilding resolved the issue. I also noticed similar sections with such a loop in `sockbuf.c` and added `errno = 0;` at the beginning of each iteration. In principle, they should suffer from the same problem. The reasoning for why this happened under load is that with many requests being issued, the probability that the write happens when the process gets an _actual_ interrupt is much higher, and once that happens, we're stuck in the infinite loop. -- You are receiving this mail because: You are on the CC list for the bug.

1 18

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs