On Wed, Mar 11, 2020 at 07:18:22PM +, Howard Chu wrote:
>Fixed in git master
Confirmed fixed, thanks!
==24838== Thread 3:
==24838== Invalid read of size 8
==24838==at 0x13FCD3: backend_stopdown_one (backend.c:425)
==24838==by 0x1DF97A: pcache_db_destroy (pcache.c:4899)
==24838==by 0x19AD46: overlay_destroy_one (backover.c:1150)
==24838==by 0x124A10: config_add_internal.isra.16
Full_Name: Ryan Tandy
Version: RE24
OS: Debian
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
Reported in IRC #openldap by user Dragnell, reproduced by me on current RE24.
Configure slapd like so:
--
include servers/slapd/schema/core.schema
include servers/slapd/schema
Tested smbk5pwd with Samba 4.9.5 (both openssl and gnutls). Works for
me, so pushed to master now. Further testing would be appreciated.
I put up my WIP branch on github:
https://github.com/openldap/openldap/compare/master...rtandy:its8639
Still need to finish testing smbk5pwd before I can push it.
Full_Name: Ryan Tandy
Version: master
OS:
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
autoconf 2.69 upgrade was only partially completed.
So far we have autoconf (6b81910fc) and autoheader (c2f75cd10). However running
autoreconf 2.69 still generates more diffs.
At least
Hello,
On Thu, Feb 20, 2020 at 03:50:38PM +, fumi...@osstech.co.jp wrote:
>I've created a path for smbk5pwd to disable the insecure sambaLMPassword
>support by default.
Thanks for this patch. Are you aware of any scenarios where
sambaLMPassword is actually required today? Personally I'm
Full_Name: Ryan Tandy
Version: master
OS: Debian
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
ldap.google.com requires clients to support SNI and sends back an intentionally
invalid certificate if it is not used. Affects libldap with both OpenSSL and
GnuTLS. (Might want
Quanah already told you, in your previous ticket, where to ask for help.
Please don't open more tickets as help requests. Thank you.
Full_Name: Ryan Tandy
Version: 2.5
OS:
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
openldap/doc/guide/admin$ make
sdf -2html guide.sdf
./slapdconfig.sdf warning, para. on 531: {{ phrase not terminated
make: *** [Makefile:81: guide.html] Error 8
Full_Name: Ryan Tandy
Version: RE24
OS:
URL:
https://github.com/openldap/openldap/compare/OPENLDAP_REL_ENG_2_4...rtandy:guide-whsp.patch
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
This patch fixes indentation of two 'maxsize' lines in the 'Syncrepl Proxy'
example. For RE24 only
Patch available:
https://github.com/openldap/openldap/compare/master...rtandy:its9144.patch
On Fri, Oct 25, 2019 at 09:15:33PM +, qua...@symas.com wrote:
>Correction, slapd-config(5) handles this via discussion of the frontend
>database.
Sort of - at least it has that distinction, but the three attrs you
mentioned are still documented only in the GLOBAL CONFIGURATION OPTIONS
irectory Access Protocol library (reentrant version)". Only
an opinion, there's nothing wrong with what you wrote.
I'd like to see this included, however a more senior team member should
approve it first. Good luck!
cheers,
Ryan
Full_Name: Ryan Tandy
Version: master
OS: Debian 10/buster
URL:
https://github.com/openldap/openldap/compare/master...rtandy:gnutls-logging.patch
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
This patch adds debug logging for common GnuTLS configuration errors. It should
help
I've run into this myself while trying to test ITS#9069 on Windows.
In my MinGW environment, does not define socklen_t, so
portable.h:1116 does '#define socklen_t int'. However,
includes which does typedef socklen_t.
base64.c includes "portable.h" first and then later. This
second include
On Wed, Aug 28, 2019 at 01:34:31PM +0100, Howard Chu wrote:
>This is not a safe assumption on Windows, unfortunately. While libldap uses
>native
>Windows mutexes on Windows, a lot of code built using gcc/g++ uses a
>posixthreads
>emulation library for thread and mutex support, and the
Full_Name: Ryan Tandy
Version: master
OS: Debian
URL:
https://github.com/rtandy/openldap/compare/openldap:master...rtandy:remove-gnutls_global_set_mutex.patch
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
The GnuTLS documentation
<https://gnutls.org/manual/html_node/Core-
The gnutls_digest_get_id function was added in GnuTLS 3.2.2:
https://gitlab.com/gnutls/gnutls/blob/gnutls_3_2_2/NEWS
That was released in 2013, so I think it's OK to depend on it by now.
Please consider applying this patch to update the configure.in check:
Hello Suresh,
The ITS is for reporting bugs, not for usage questions.
For support, please write to the openldap-techni...@openldap.org mailing list.
See https://www.openldap.org/support/ for more details.
This ITS will be closed.
Thank you,
Ryan.
tained from e.g.
'dpkg-query -W slapd').
I will close this ITS for now. It can be reopened if the issue actually
turns out to be a problem with OpenLDAP software.
Thanks
Ryan
Possible duplicate of ITS#8472?
Full_Name: Ryan Tandy
Version: 2.4, master
OS: Debian
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
Initial configuration, no existing value for olcPlugin:
ldapmodify -H ldap://:9000 -x -D cn=config -w secret << eof
dn: olcDatabase={1}mdb,cn=config
add: olcPlugin
olc
Hello Adrian,
I think someone is already working on this feature, please see:
ITS#8847 https://openldap.org/its?findid=8847
ITS#8654 https://openldap.org/its?findid=8654
http://www.openldap.org/lists/openldap-devel/201810/msg8.html
On Tue, Sep 18, 2018 at 10:55:50PM -0700, Ryan Tandy wrote:
>There is some EAGAIN handling conditional on LDAP_USE_NON_BLOCKING_TLS
>which itself is behind LDAP_DEVEL. However this code is meant for
>non-blocking sockets, and in my case it ends up stuck in poll()
>waiting for a
Made some good progress on this one this evening.
The original issue this ITS is about is that gnutls_handshake() can, in
some versions of GnuTLS, return GNUTLS_E_AGAIN even when the socket is
blocking. Specifically, this happens in the case I described with a
large CA list sent by the server.
read, but would be nice to confirm).
thanks
Ryan
Hi Kartik,
On Fri, Aug 03, 2018 at 11:19:06AM -0400, Kartik Subbarao wrote:
>I'm running into a problem with slapd 2.4.46 hanging on Ubuntu 18.04,
>which seems to be a side effect of the ITS#8650 patch:
>
>https://github.com/openldap/openldap/commit/7b5181da8cdd47a13041f9ee36fa9590a0fa6e48
>
On Mon, Jul 30, 2018 at 01:44:31AM +, m...@netbsd.org wrote:
>--- a/configure.in
>+++ b/configure.in
>@@ -1312,6 +1312,14 @@ if test $ol_enable_lmpasswd != no; then
> AC_DEFINE(SLAPD_LMHASH, 1, [define to support LAN Manager passwords])
> fi
>
>+dnl
Hello,
On Wed, Jul 11, 2018 at 02:16:16AM +, sakshi...@gmail.com wrote:
>Issue while setting up openLDAP 2.4.44 with mdb. Getting following error when
>trying to setup up mdb database instead of hdb using ansible -
>fatal: [tokyo-ldap1]: FAILED! => {"changed": true, "cmd": ["ldapmodify",
Hello,
The ITS is for reporting bugs in the software. For user support please
contact the openldap-techni...@openldap.org mailing list.
This ITS will be closed.
On Sun, May 27, 2018 at 02:33:05PM +, bahaa.mos...@barqsystems.com wrote:
>Full_Name: bahaa mosaad ali
>Version: 2.4.39-3.el7
Never mind. This works for me on a local VM. The build server has a
bunch of outdated packages so I'm going to blame that build environment
unless proven otherwise. Closing the ITS; sorry for the noise.
Full_Name: Ryan Tandy
Version: 2.4.46
OS: Debian
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
On Debian GNU/kFreeBSD (Debian with GNU userland and FreeBSD kernel), liblmdb
and back-mdb compile but slapd apparently fails to start.
Build log:
https://buildd.debian.org/status
bisect identifies c365ac359e9c9b483b934c2a1f0bc552645c32fa as the commit
that introduced this behaviour.
003dfbda574f37bbf1a2240f530ff9fa35ab0801 on RE24 (2.4.20)
commit c365ac359e9c9b483b934c2a1f0bc552645c32fa
Author: Howard Chu
Date: Sun Nov 22 04:42:00 2009 +
Full_Name: Ryan Tandy
Version: 2.4.46
OS: Debian
URL:
ftp://ftp.openldap.org/incoming/20180511_rtandy_syncrepl-memory-consumer.tgz
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
When running object-based syncrepl, and making changes to groups, the provider
slapd uses more and more
SES. I would
think that's probably a better approach. Maybe you could pick up where
the author of that one left off? He disappeared after posting his patch
for review...
thanks
Ryan
Full_Name: Ryan Tandy
Version: RE24
OS: Debian
URL:
Submission from: (NULL) (70.66.128.207)
Submitted by: ryan
>From https://bugs.debian.org/895091 -
> This package is using the c_rehash command which is part of the
> openssl package. The c_rehash script is considered by
On Mon, Jan 15, 2018 at 07:33:52PM +, lu...@selfnet.de wrote:
>During initialization, libldap sets custom gnutls mutex functions:
>https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_g.c;h=adcb6be04076a91d3a0bf94cf8357f4e51f5b9da;hb=HEAD#l113
>
>PAM uses
Hello,
The ITS is for bug reports, not user support.
For support, please contact the openldap-techni...@openldap.org mailing
list, or join the #openldap IRC channel.
This ITS will be closed.
Hi Claude,
Please use the openldap-techni...@openldap.org mailing list for usage or
configuration questions. If you post your slapd.conf to the list I'm
sure someone will be able to point out the reason for the warning.
This ITS will be closed.
On Thu, Sep 28, 2017 at 07:11:35AM +, ramku...@mgtechsoft.com wrote:
>Request you to inform whether can we join windows 2012 server to Open Ldap as
>client?
>
>and if it is possible please share the procedure with us.
The ITS system is for reporting software bugs, not for support
questions.
On Tue, Sep 12, 2017 at 08:24:15PM +, h...@symas.com wrote:
>I don't have documentation for sd_notify() on my machine
https://www.freedesktop.org/software/systemd/man/sd_notify.html
>- what does it return if systemd isn't running at the moment? What does
>it return if the current program
On Tue, Sep 12, 2017 at 07:04:48PM +, h...@symas.com wrote:
>My experience so far with Arch/Debian/Ubuntu/Centos mirrors this -
>they're all different in FS layouts (/var/run vs /run, etc etc etc) and
>the situation is no better than it was in SysV init
In the case of the unit file
On Tue, Sep 12, 2017 at 05:17:11PM +, qua...@symas.com wrote:
>b) The OpenLDAP project has never provided init scripts of their
>equivalents. I'm not sure it would be correct to include the systemd unit
>file as a part of the project.
An explicit design goal of systemd is that unit files
On Fri, Jul 28, 2017 at 07:35:47PM +, mich...@orlitzky.com wrote:
>The slapd daemon should create its PID file before dropping privileges. This
>represents a minor security issue; additional factors are needed to make it
>exploitable.
If I understood you correctly, "Additional factors are
On Fri, Aug 11, 2017 at 08:10:09PM +0900, SATOH Fumiyasu wrote:
>I've added slapd.service file. Please check.
Looks good to me. Thanks again for working on this! :)
Just minor comments:
>- $(srcdir)/slapd.conf > slapd.conf.tmp ; \
>+ $(srcdir)/slapd.conf >
On Wed, Aug 09, 2017 at 05:13:44PM +0900, SATOH Fumiyasu wrote:
>I've revised the patch for master to check if the listener initialization
>suceeds or not. With this patch, `slapd -d0` can return non-zero exit code
>if the listener initialization fails, thus systemd can detect slapd.service
On Tue, Aug 08, 2017 at 03:10:35PM +0900, SATOH Fumiyasu wrote:
>My slapd.service file:
>
>[Unit]
>Description=OpenLDAP Server
>After=syslog.target network-online.target
>Documentation=man:slapd
>Documentation=man:slapd.conf
>Documentation=man:slapd-config
>Documentation=man:slapd-bdb
On Mon, Aug 07, 2017 at 01:12:02PM -0700, Ryan Tandy wrote:
>Side note: the version message from slapd appears in the journal
>twice, once with the timestamp and once without... not sure exactly
>why!
Sorry, meant to delete this paragraph before sending. The difference
betwee
On Mon, Aug 07, 2017 at 12:23:27PM -0700, Ryan Tandy wrote:
>I guess MAINPID= is actually needed, unless we run slapd with -d, regardless of
>whether we set Type=forking or Type=notify. Not exactly "needed", but better to
>have it than not.
I experimented a bit with a ser
oint? I seem to recall that in the
past there was opposition to moving the parent's exit later, but I can't
remember why. (and I still wish we could do that, and dispense with the
ldapsearch-loop hacks...)
cheers,
Ryan
Full_Name: Ryan Tandy
Version: 2.4.45
OS: Debian
URL:
Submission from: (NULL) (24.68.41.160)
Submitted by: ryan
This is rather similar to ITS#8429 (the deadlock is at the same location), but
not enough for me to be sure it's the same.
cat > slapd.conf << EOF
include /path/to/co
On Fri, Jul 07, 2017 at 06:20:55AM +, r...@nardis.ca wrote:
>Unpacking the computation, it looks like the multiplication is the part
>that sometimes returns the wrong result.
Not the multiplication, but rather the cast of nvalues to double.
I'm going to take further followups to the Debian
Hi Breno,
Thanks a lot for taking the time to look at this.
I reproduced the crash on a minicloud VM (thanks!) with gcc -O2 (but not
-O1 or -O0) and also with clang -O2 and -O1 (but not -O0).
On Fri, Jul 07, 2017 at 12:57:47AM +, lei...@debian.org wrote:
>So, that is what I suppose is
On Thu, Jun 08, 2017 at 01:06:21PM +, remy.der...@umontpellier.fr wrote:
>I am able to reproduce the bug quite easily.
I'm afraid I have not been able to. I followed the steps you posted
(with s/hdb/mdb/) with both servers running slapd 2.4.40+dfsg-1+deb8u3
and syncrepl seems to work fine.
Hello Oleg,
The Ubuntu package uses GnuTLS and therefore your olcTLSCipherSuite
setting needs to contain a valid GnuTLS priority string.
https://gnutls.org/manual/html_node/Priority-Strings.html
The slapd crash you are seeing is an Ubuntu-specific bug and has been
fixed in later versions.
An Ubuntu user confirmed that this change solved their issue with slapd
and multiple syncrepl clients using GSSAPI.
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1688575/comments/6
Committed the fix, and pinged the submitter to test it.
Full_Name: Ryan Tandy
Version: RE24
OS: Debian
URL:
Submission from: (NULL) (24.68.41.160)
Submitted by: ryan
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861838
That bug's submitter seems to have unintentionally configured their slapd with
the entire list of system CAs. They're fixing
On Fri, Apr 28, 2017 at 02:52:44PM +, r...@nardis.ca wrote:
>I tried cyrus-sasl-2.1.25 and the issue doesn't seem to happen. I'll see
>if I can isolate the related change.
SASL version was a red herring. I accidentally linked with Debian's
libldap (2.4.31) when I tested that. Mea culpa.
The
Full_Name: Ryan Tandy
Version: 2.4.44
OS: Debian
URL:
Submission from: (NULL) (24.68.41.160)
Submitted by: ryan
test064-constraint can occasionally fail if ldapadd runs while slapd is still
starting up. https://bugs.debian.org/770890 has links to examples.
>>>>> Starting tes
FWIW, tls_g already has the behaviour that (I think) this ticket asks
for: if you set TLSCertificateFile to a file containing concatenated
server and intermediate certs, it sends the chain of both.
I found that useful in a setup very similar to what Andreas and Michael
describe: slapd with a
Full_Name: Ryan Tandy
Version: 2.4.44
OS: Debian GNU/kFreeBSD
URL:
Submission from: (NULL) (24.68.41.160)
Forwarded from https://bugs.debian.org/845394:
lmdb fails to build on Debian GNU/kFreeBSD.
https://buildd.debian.org/status/fetch.php?pkg=openldap=kfreebsd-amd64=2.4.44%2Bdfsg-1
On Tue, Oct 25, 2016 at 09:37:22AM +0200, Ralf Mattes wrote:
>> Can you please try with commit 2e60bf5e applied?
>
>There seem to be quite some changes in op.c, no way to just
>apply that change. I'd have to swítch from debian to upstream
>which I try to avoid.
Are we looking at the same change?
This is probably a specific case of ITS#8435. There is a fix in git
master already, commit id 23c5d6bb. Would you please test with that
patch applied?
On Mon, Oct 24, 2016 at 04:48:18PM +, r...@mh-freiburg.de wrote:
>#0 0x7f60dd7e0aa0 in ?? ()
>#1 0x7f61650bca41 in slap=5Fwritewait=5Fplay (op=3D0x7f60c8002550)=
> at ../../../../servers/slapd/result.c:294
>#2 send=5Fldap=5Fber (op=3D0x7f60c8002550, ber=3D0x7f60dd64f250) at ..=
Just noting that one way to reproduce this assert reliably is to bind to
an existing entry, through the relay, with an incorrect password.
The important part of the config is:
database mdb
suffix dc=example,dc=com
[...]
overlay ppolicy
database relay
suffix o=example
overlay rwm
On Thu, Sep 29, 2016 at 06:03:38PM +, elecha...@apache.org wrote:
>$ grep -ri "olcSpNoPresent" slapd.d
>$ ...
>
>You can stop and restart the server, the attribute is still not present.
It's system schema and not user schema, so I kind of expect this. The
behaviour is the same when cn=config
Hi,
On Mon, Oct 03, 2016 at 08:00:55AM +, p...@quake.fr wrote:
>I have an openldap with a master-master replication
>* Config directory is a HDB database
>* Main directory (people/group/policy) is a MDB database
>
>When using
># ldapwhoami -x -H ldap://localhost -D
On Fri, Jul 15, 2016 at 12:06:22AM +, d...@pandora.com wrote:
>I've attached a patch whichrovivides some minimal instructions to enable
>monitoring via cn=config
Thanks for the patch!
I commented on these points in IRC, duplicating here for the record:
Module loading is a generic task, IMO
Hello,
On Mon, Jul 11, 2016 at 11:58:04AM +, lokesh.gowd...@hubzu.com wrote:
>I am new to this, i need to upgrade the openldap 2.4 tp 2.4.44 can you please
>send me the steps to do the same.
The ITS is for reporting bugs only. For support, please write to the
openldap-technical mailing
Thanks for that. Fixed in git master.
On Wed, Jun 08, 2016 at 04:45:38PM +, zvika.fere...@gmail.com wrote:
>Version: 2.4.31 (deb7u2)
>OS: Debian Wheezy
This version is no longer supported (except for critical security
updates via Debian-LTS). Would you please try a more recent version?
openldap 2.4.40 is available in jessie and
Full_Name: Ryan Tandy
Version: master, 2.4
OS: Debian
URL:
Submission from: (NULL) (24.68.37.4)
updating the copied nss-pam-ldapd files:
ftp://ftp.openldap.org/incoming/20150405_rtandy_nssov-update-nss-pam-ldapd-files-to-0.9.4.patch
updating nssov for those changes, see commit msg for details
Full_Name: Ryan Tandy
Version: master, 2.4
OS: Debian
URL:
Submission from: (NULL) (24.68.37.4)
Based on a Debian bug report: https://bugs.debian.org/781162
./configure --enable-spasswd
cat slapd.conf EOF
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap
On Wed, Mar 18, 2015 at 05:06:33AM +, r...@nardis.ca wrote:
I get the following crash on master and RE24. not every time, but most times.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe6ffe700 (LWP 25923)]
0x00511d45 in syncprov_op_mod
Full_Name: Ryan Tandy
Version: master (05ea787), RE24 (082e192)
OS: Debian unstable
URL: ftp://ftp.openldap.org/incoming/20150317_rtandy_syncprovsegv.tgz
Submission from: (NULL) (24.68.37.4)
hi,
./configure CFLAGS=-g -O0 --disable-bdb --disable-hdb --enable-syncprov
reproducer: ftp
Full_Name: Ryan Tandy
Version: 2.4
OS: Debian
URL:
Submission from: (NULL) (24.68.37.4)
If I write to the socket, un-base64ed:
AQAAACVOAAAGcnRhbmR5HHVpZD1ydGFuZHksZGM9ZXhhbXBsZSxkYz1jb20GcGFzc3dkAAQAAABhc2Rm
(pwmod action, uid 'rtandy', dn 'uid=rtandy,dc=example,dc=com
Full_Name: Ryan Tandy
Version: RE24
OS: Debian
URL:
Submission from: (NULL) (24.68.37.4)
The usergroup check in pam_authz always fails, because the compare result is
overwritten before it's returned. Quanah already fixed this for hostservice in
b3712e4f, this patch does the same for usergroup
Full_Name: Ryan Tandy
Version: master (7df548d), RE24 (2b14bbc)
OS: Debian unstable
URL:
Submission from: (NULL) (142.32.208.227)
If you use the deref control but leave the list of requested attributes empty,
slapd crashes.
ldapsearch [...] -E deref=member:
#0 0x00516ef0
On 08/09/14 01:30 PM, qua...@zimbra.com wrote:
Schema filenames should only be alphanumeric. Noted to update the
documentation with this restriction.
OK, noted. Even so, please consider a change along the lines of
http://paste.debian.net/119969/, just to avoid crashing on an
inappropriate
I would consider this a duplicate of ITS#6251. More confusion about the
gnutls cipher suite parsing changes. Setting
olcTLSCipherSuite: +RSA:+3DES-CBC:+SHA1
works for me, with the Debian 2.4.23 package this was reported against.
thanks,
Ryan
,cn=config
objectClass: olcAutomaticGroups
olcAGattrSet: groupOfURLs memberURL member
On Wed, Jun 4, 2014 at 12:24 PM, Ryan Tandy r...@nardis.ca wrote:
Adding a new entry that triggers an autogroup member to be added: I
don't get a crash or deadlock, but the new entry doesn't have a
memberOf
Back in June, Gerry replied to me privately. Copying his thoughts
here, with his permission:
On Sat, Jun 14, 2014 at 8:13 AM, Gerry Calderhead
ge...@everythingsucks.co.uk wrote:
Hi,
It's been a while since I looked at this - in fact since I originally
reported it.
In the end I concluded it
Thanks for following up.
On Thu, Jul 17, 2014 at 2:00 PM, Howard Chu h...@symas.com wrote:
my($password) = 'seekrit';
my($salt) = 'pepperoni';
my($apache_crypted) = apache_md5_crypt($password, $salt);
$apr1$pepperon$VBD3GaYfoFXuIcZrTw/Y//
can be converted to OpenLDAP
Shortcut key fail, sorry.
On Thu, Jul 17, 2014 at 3:18 PM, Ryan Tandy r...@nardis.ca wrote:
dn: uid=test,dc=example,dc=com
objectClass: account
objectClass: simpleSecurityObject
userPassword: {APR1}FK7q3pAf80k0Wh9BYZJ0FHBlcHBlcm9u
What I meant to say was: I can't bind to that entry
Full_Name: Ryan Tandy
Version: master
OS: Debian unstable
URL:
Submission from: (NULL) (142.32.208.235)
Debian bug report: https://bugs.debian.org/613663
In 2.4 syncrepl was changed to take its TLS defaults from the slapd
configuration (commit 1cc1f9b) and the man page was updated to document
Full_Name: Ryan Tandy
Version: master/3102cbb
OS: Debian unstable
URL:
Submission from: (NULL) (24.68.121.206)
Since commit 5ee5251 (ITS#7212 slapmodify support for back-ldif), slapcat -b
cn=config triggers an assertion after finishing its output. slapcat of a
regular database is OK.
slapcat
Hi Ondrej,
With current git master, slapcat -b cn=config triggers an assertion
after it finishes its output. git-bisect blames slapmodify patch for
introducing that. Would you mind taking a look? See ITS#7894.
thanks,
Ryan
On Mon, Jun 30, 2014 at 5:05 AM, Howard Chu h...@symas.com wrote:
The only reason GnuTLS support exists in OpenLDAP is because of Debian.
Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
crap out.
Sounds good to me. So a patch that removes gcrypt entirely looks like:
Full_Name: Ryan Tandy
Version: master
OS: Debian unstable
URL:
Submission from: (NULL) (24.68.121.206)
Similar to #7858, another easy patch.
From 3047469eb717018e5b292352626cd084477faf12 Mon Sep 17 00:00:00 2001
From: Ryan Tandy r...@nardis.ca
Date: Fri, 27 Jun 2014 11:15:26 -0700
Subject
This is a multi-part message in MIME format.
--070104060109070008020807
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
I checked the new pw-pbkdf2 module. It doesn't appear to be affected by
this problem.
On 11/05/14 07:56 PM, Ryan Tandy wrote
--047d7bdc8ac419e30c04fc856540
Content-Type: text/plain; charset=UTF-8
And here are the changes for smbk5pwd. Tried to use gnutls' own api
since it abstracts gcrypt/nettle, but sadly it doesn't provide md4, so
nettle it is.
Note this patch assumes the HAVE_GNUTLS_GCRYPT define from the
configure
On Fri, Jun 20, 2014 at 5:23 PM, Ryan Tandy r...@nardis.ca wrote:
This might be a better patch, if the build system change is acceptable.
As usual, I can't get anything right on the first try. That one was
missing a line (but apparently not one that stopped it from building
or working
Full_Name: Ryan Tandy
Version: HEAD
OS: Debian unstable
URL:
Submission from: (NULL) (142.32.208.235)
Debian bug report: https://bugs.debian.org/745231
Quoting Andreas Metzler:
given that gmp has been dual-licensed LGPLv3+/GPLv2+ it should be possible to
switch openldap over to the newer
: text/x-patch;
name=0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=0001-ITS-7877-detect-whether-gnutls-uses-gcrypt.patch
From e904900beb419576abc098e96deda04e53119603 Mon Sep 17 00:00:00 2001
From: Ryan Tandy r
Full_Name: Ryan Tandy
Version: master/33e12f4 RE24/b000d95
OS: Debian unstable
URL:
Submission from: (NULL) (24.68.121.206)
Hi,
The apr1 passwd plugin calls do_phk_hash with the arguments in the wrong order,
so the digest updates are done in a different order than md5crypt does. The
following
Full_Name: Ryan Tandy
Version: master/b22a614, RE24/d961650
OS: Debian unstable
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=38;bug=465024
Submission from: (NULL) (24.68.121.206)
Hi,
In Debian bug #465024, Philipp Hahn has provided the following patch,
supplementing the change from
Full_Name: Ryan Tandy
Version: master, commit 141f1680
OS: Ubuntu 14.04
URL: ftp://ftp.openldap.org/incoming/rtandy_20140511_fix-passwd-b64-buffer.patch
Submission from: (NULL) (24.68.121.206)
The password checkers call lutil_b64_pton like this:
rc = lutil_b64_pton(passwd-bv_val, orig_pass
Sorry, I missed a line from the patch.
Corrected one:
ftp://ftp.openldap.org/incoming/rtandy_20140511_fix-passwd-b64-buffer_v2.patch
1 - 100 of 104 matches
Mail list logo