https://bugs.openldap.org/show_bug.cgi?id=8255
--- Comment #9 from OndÅ™ej KuznÃk <ondra(a)mistotebe.net> ---
(In reply to OndÅ™ej KuznÃk from comment #8)
> and probably need to stop referencing the slapd-shell manpage too.
Ah, we already did that, forgot I was reading the installed, not the local
manpage.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8255
OndÅ™ej KuznÃk <ondra(a)mistotebe.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|backends |documentation
--- Comment #8 from OndÅ™ej KuznÃk <ondra(a)mistotebe.net> ---
(In reply to Howard Chu from comment #7)
> (In reply to OndÅ™ej KuznÃk from comment #6)
>> str2result() doesn't expect "msgid:" to be passed in the response, even
>> though that's part of the protocol as documented.
>
> Incorrect. The docs clearly show msgid: is not part of the response message.
True, I misread the manpage because there is little structure in there to
support quick reference.
I think we should put the "sockresp result" string in the relevant paragraph
and probably need to stop referencing the slapd-shell manpage too.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8255
--- Comment #7 from Howard Chu <hyc(a)openldap.org> ---
(In reply to OndÅ™ej KuznÃk from comment #6)
> str2result() doesn't expect "msgid:" to be passed in the response, even
> though that's part of the protocol as documented.
Incorrect. The docs clearly show msgid: is not part of the response message.
>>>>
The commands - except unbind - should output:
RESULT
code: <integer>
matched: <matched DN>
info: <text>
where only RESULT is mandatory, and then close the socket.
<<<<
The msgid: is only included in messages from back-sock to the external program.
There is no bug in back-sock or in its documentation.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8255
--- Comment #6 from OndÅ™ej KuznÃk <ondra(a)mistotebe.net> ---
str2result() doesn't expect "msgid:" to be passed in the response, even though
that's part of the protocol as documented. Now that back-sock is its only user,
it should just be added.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9793
Issue ID: 9793
Summary: Question regarding password dictionary rules for when
a user changes their password.
Product: OpenLDAP
Version: 2.6.1
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: alan_andrea(a)yahoo.com
Target Milestone: ---
I have a question regarding password rules that are enforced when a user
changes their password. We have a need to implement a dictionary rule whereby
words and phrases in a dictionary are not allowed in a users password. I am
not able to see currently where such functionality exists in OpenLDAP and am
wondering if there are any extensions to OPenLDAP that were developed to
support this or if it would be required to write code to support this feature.
If you can please give me some guidelines here, that would be really great !
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9742
Issue ID: 9742
Summary: syncprov-nopresent is harmful
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
If setting up a new delta-MPR environment such that:
- server A has been slapadd-ed the seed data
- accesslog is set to "logops all"
There is a sequence of events where servers are started and replicate from each
other before they get a chance to talk to A, they will each generate a CSN and
replicate it. Once they start talking to A, it will see that it has a CSN (its
own) that none of them have sent and "syncprov-nopresent" makes it just go
ahead where the only sane outcome is to send SYNC_REFRESH_REQUIRED.
Am I missing a usecase for this or should it just have been this way all along?
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9750
Issue ID: 9750
Summary: global vs. frontend config in slapd.conf - misleading
warning message
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: michael(a)stroeder.com
Target Milestone: ---
Since the fix for ITS#9575 there is this misleading message even when invoking
slapcat:
/opt/openldap-ms/etc/openldap/slapd.conf: line 126: setting password scheme in
the global entry is deprecated. The server may refuse to start if it is
provided by a loadable module, please move it to the frontend database instead
There is currently no way to rearrange something in slapd.conf to make this
confusing message go away.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9738
Issue ID: 9738
Summary: entry_schema_check: Assertion `a->a_vals[0].bv_val !=
NULL' failed.
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: michael(a)stroeder.com
Target Milestone: ---
slapd 2.6.0 exits when an LDAP client sends an add operation with invalid data:
2021-11-04T22:07:36.790594+01:00 itn-dir-1 slapd[32415]: 61844b98.2ef8df5c
0x7fe42d9a6700 Entry (mail=michael(a)stroeder.com,ou=ext,ou=metadir,o=itn):
object class 'itnmetaPerson' requires attribute 'displayName'
2021-11-04T22:07:36.790694+01:00 itn-dir-1 slapd[32415]: slapd:
schema_check.c:89: entry_schema_check: Assertion `a->a_vals[0].bv_val != NULL'
failed.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9730
Issue ID: 9730
Summary: logfile-rotate directive fails in 2.6.0
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: david.coutadeur(a)gmail.com
Target Milestone: ---
Hello,
When setting the logfile-rotate, I get:
617bc9ae.1b73de17 0x7f44f87c9740 /usr/local/openldap/etc/openldap/slapd.conf:
line 12 (logfile-rotate 10 100 24)
617bc9ae.1b759154 0x7f44f87c9740 /usr/local/openldap/etc/openldap/slapd.conf:
line 12: <logfile-rotate> handler exited with 16384!
My configuration file is below. I am using the 2.6.0 release.
The strange part is that the same configuration converted into cn=config seems
to work well.
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap/etc/openldap/schema/dyngroup.schema
logfile-rotate 10 100 24
logfile /var/log/slapd-ltb/slapd.log
logLevel 256
sasl-host ldap.my-domain.com
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules:
# moduleload back_ldap.la
modulepath /usr/local/openldap/libexec/openldap
moduleload argon2.la
moduleload back_mdb.la
moduleload dynlist.la
moduleload memberof.la
moduleload ppolicy.la
moduleload syncprov.la
moduleload unique.la
access to dn.base="" by * read
access to dn.base="cn=subschema" by * read
#######################################################################
# config database definitions
#######################################################################
database config
rootdn cn=config
rootpw secret
access to attrs="userPassword"
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth =wdx
by * auth
access to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
#######################################################################
# MDB database definitions
#######################################################################
database mdb
maxsize 4294967296
suffix dc=my-domain,dc=com
rootdn cn=Manager,dc=my-domain,dc=com
rootpw secret
directory /usr/local/openldap/var/openldap-data
index objectClass eq
index cn eq,sub
index uid pres,eq
index givenName pres,eq,sub
index l pres,eq
index employeeType pres,eq
index mail pres,eq,sub
index sn pres,eq,sub
limits group="cn=admin,ou=groups,dc=my-domain,dc=com" size=unlimited
time=unlimited
access to attrs="userPassword"
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth =wdx
by group.exact="cn=admin,ou=groups,dc=my-domain,dc=com" =wdx
by self =wdx
by * auth
access to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by group.exact="cn=admin,ou=groups,dc=my-domain,dc=com" write
by users read
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9725
Issue ID: 9725
Summary: attribute olcLastBindPrecision redefined in
slapo-lastbind
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: michael(a)stroeder.com
Target Milestone: ---
An attribute type description for 'olcLastBindPrecision' is present in
servers/slapd/bconfig.c and contrib/slapd-modules/lastbind/lastbind.c.
Thus the migration of deployments using slapo-lastbind is not as smooth as it
should be. With release 2.6.0 one is forced to disable slapo-lastbind.
Removing the attribute type description for 'olcLastBindPrecision' from
contrib/slapd-modules/lastbind/lastbind.c should work.
--
You are receiving this mail because:
You are on the CC list for the issue.