openldap-bugs

openldap-bugs@openldap.org

1 participants
20967 discussions

(ITS#8578) remove unused-variables in RE24 testing call (2.4.45)
by sca+openldap＠andreasschulze.de 01 Feb '17

01 Feb '17

Full_Name: A. Schulze Version: RE24 testing call (2.4.45) OS: URL: ftp://ftp.openldap.org/incoming/andreas-schulze-20170201.patch Submission from: (NULL) (2001:a60:f0b4:e502:758b:b0b2:3fc:f121) the patch remove variables that are declared but unused.

1 0

(ITS#8577) Accesslog overlay hangs slapd depending on module loading order
by mj＠netauth.com 01 Feb '17

01 Feb '17

Full_Name: Mike Jackson Version: 2.4.44 OS: Oracle Linux Server release 7.2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.157.185.162) Same issue as Stroeder mentioned here: http://www.openldap.org/lists/openldap-bugs/201111/msg00027.html If accesslog.la is loaded before syncprov.la, slapd will stop accepting connections immediately after accesslog overlay is added. olcModuleLoad: {0}ppolicy.la olcModuleLoad: {1}auditlog.la olcModuleLoad: {2}back_ldap.la olcModuleLoad: {3}unique.la olcModuleLoad: {4}accesslog.la olcModuleLoad: {5}syncprov.la ldapadd -f dn: oDatatabase={4}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {4}mdb olcDbDirectory: /var/lib/ldap/accesslog olcSuffix: cn=log olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart olcDbMaxSize: 1073741824 olcDbMode: 0600 olcAccess: {0}to * by dn.children="ou=global-admins,ou=admin-users,dc=foo,dc=net" read dn: olcOverlay=accesslog,olcDatabase={4}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAccessLogConfig olcOverlay: accesslog olccccessLogDB<ncn=log olcAccessLogOps: writes olcAccessLogSuccess: TRUE olcAccessLogPurge: 7+00:00 1+00:00

1 0

(ITS#8576) Broken LDAP_TAILQ_ macros
by hyc＠openldap.org 01 Feb '17

01 Feb '17

Full_Name: Howard Chu Version: HEAD etc OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (195.235.15.200) Submitted by: hyc In commit 8ee824832844c16d4199f3aacd8b1d613933a7d5 we have "LDAP_TAILQ fix" but no explanation of what was broken. In particular though, the LDAP_TAILQ_PREV macro is now broken. It checks for foo == LDAP_TAILQ_FIRST(head) which becomes foo == (head)->tqh_first but the initializer actually used foo = &(head).tqh_first so this comparison will always be false. I don't see any clear reason why these were changed from the originals. I'm inclined to revert the change. Reverting will affect a few uses of LDAP_TAILQ_LAST in back-ldap and back-meta but the other affected macros appear to be unused in our source tree. Tripped over this while attempting to use LDAP_TAILQ_PREV in new code.

1 0

(ITS#8575) Argon2 Password hashing contrib module
by simon＠slevermann.de 26 Jan '17

26 Jan '17

Full_Name: Simon Levermann Version: OS: URL: ftp://ftp.openldap.org/incoming/simon-levermann-170126.patch Submission from: (NULL) (2001:638:708:f002:deab:9ae4:7f07:d350) This patch adds a password hashing module for the argon2 function to the contrib/slapd-modules/passwd/ modules. Argon2 is a relatively new hash function which has won the Password Hashing Competition (https://password-hashing.net) The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Simon Levermann simon(a)slevermann.de. I have not assigned rights and/or interest in this work to any party. I, Simon Levermann, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#8574) bconfig support for DNs that need escaping
by okuznik＠symas.com 25 Jan '17

25 Jan '17

Full_Name: Ondrej Kuznik Version: master OS: URL: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170125-Deal-with-rDN-correc… Submission from: (NULL) (151.228.185.198) When an rdn under cn=config needs escaping, incorrect value gets passed to the attribute and, if the attribute is single-value, the entry is rejected by entry_naming_check(). Patch against master is attached.

1 0

(ITS#8573) ldap* tools should be able to function w/o a conf file
by quanah＠openldap.org 23 Jan '17

23 Jan '17

Full_Name: Quanah Gibson-Mount Version: 2.4.44 OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.26) Right now, it is impossible to configure the ldap* command line tools so that they function in major circumstances w/o also having a configuration file (I.e., ldap.conf, .ldaprc, etc). For example, the ability to use startTLS with LDAP requires such a file so that the CA file and/or cert path for the tool can be defined. The "-o" option should be expanded to cover additional configuration parameters from the conf file, as has already been done with the network timeout parameter.

1 0

Re: (ITS#8572) FOR INFO ONLY: SASL SCRAM-SHA-1 authz may fail incorrectly
by quanah＠symas.com 19 Jan '17

19 Jan '17

--On Thursday, January 19, 2017 8:55 AM +0000 william.b.clay(a)acm.org wrote: > Full_Name: Bill Clay > Version: 2.4.44 > OS: Debian/GNU Linux 7.8 (Wheezy) > URL: > Submission from: (NULL) (79.12.44.250) Hi Bill, I appreciate that you are attempting to be helpful. However, the ITS system is only for reporting bugs occuring in OpenLDAP as clearly noted on the ITS submission form. If you want to provide informational updates, they would probably best go to the openldap-technical mailing list. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

(ITS#8572) FOR INFO ONLY: SASL SCRAM-SHA-1 authz may fail incorrectly
by william.b.clay＠acm.org 19 Jan '17

19 Jan '17

Full_Name: Bill Clay Version: 2.4.44 OS: Debian/GNU Linux 7.8 (Wheezy) URL: Submission from: (NULL) (79.12.44.250) Cyrus SASL 2.1.26 plugins/scram.c decode_saslname() may return a corrupt authz name. SASL SCRAM-SHA-1 auth with a "dn:" style authzID can return an authzID string with trailing original (escaped) characters appended. slapd may then incorrectly deny the requested proxy authorization because the returned value may fail match criteria that a correctly-decoded SASL name would pass. (There may be other SASL SCRAM scenarios in which this flaw would produce incorrect results.) Cyrus SASL issue: https://github.com/cyrusimap/cyrus-sasl/issues/416

1 0

(ITS#8571) Added a test for pcache + ldap backen with proxyauthz
by elecharny＠symas.com 18 Jan '17

18 Jan '17

Full_Name: Emmanuel L.charny Version: 2.4.45 OS: N/A URL: ftp://ftp.openldap.org/incoming/elecharny-20170118.patch Submission from: (NULL) (86.246.56.212) This patch adds a unit test for a server configured with proxycache and ldap backend, redirecting all the requests to a remote master server, which does not accept anonymous bind). The proxycache server caches searches and binds. The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Symas. Symas has not assigned rights and/or interest in this work to any party. I, Emmanuel Lecharny, am authorized by Symas, my employer, to release this work under the following terms. Symas hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

Re: (ITS#8565) Clarification of the slapo-ppolicy manpage
by quanah＠symas.com 18 Jan '17

18 Jan '17

--On Wednesday, January 11, 2017 4:44 PM +0000 matthieu.cerda(a)nbs-system.com wrote: > Full_Name: Matthieu Cerda > Version: 2.4.40 > OS: Debian jessie > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.213.124.6) > > > Hello ! > > As per > http://www.openldap.org/lists/openldap-technical/201701/msg00017.html I > would like to submit a small improvement to the slapo-ppolicy manpage to > clarify rootdn presence / absence implications in a ppolicy enabled setup. > > Here is the patch (I thing it's short enough not to justify a separate > upload): Thanks! We went with something slightly different, but the rootdn requirement should be absolutely clear now. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs