[Issue 9795] Remove memberof overlay

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9795

--- Comment #1 from b...@univention.de  ---
The slapo-memberof(5) man page currently says:
> 
> 
>  Note that this overlay is deprecated and support  will  be  dropped in
>  future  OpenLDAP releases. Installations should use the dynlist overlay
>  instead. Using this overlay in a replicated environment  is especially
>  discouraged.

We tried to test the dynlist overlay module as replacement but have huge
performance problems in domains with 200.000 users.

with dynlist module (and nested group evaluation):
> $ time ldapsearch … uid=testuser548 memberOf
> …
> real0m21,885s
> user0m0,176s
> sys 0m0,067s

with dynlist module (without nested group evaluation):
> $ time ldapsearch … uid=testuser548 memberOf
> …
> real0m12,797s
> user0m0,186s
> sys 0m0,032s

with memberOf module:
> $ time ldapsearch … uid=testuser548 memberOf
> …
> real0m0,248s
> user0m0,176s
> sys 0m0,033

our slapd configuration:
> overlay dynlist
> dynlist-attrset groupOfURLs memberURL uniqueMember+memberOf@posixGroup*
and without nested evaluation:
> dynlist-attrset groupOfURLs memberURL uniqueMember+memberOf@posixGroup

Can you elaborate why it should be removed? What are the real problems with
using it?
And if these performance problems are known and tracked to be fixed?

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10130] Several callers of getpassphrase() ignore NULL returns

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10130

--- Comment #1 from stacey.marsh...@gmail.com ---
Created attachment 988
  --> https://bugs.openldap.org/attachment.cgi?id=988&action=edit
Fixes 10130 Several callers of getpassphrase() ignore NULL  returns

The attached file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Oracle.  Oracle has not assigned rights
and/or interest in this work to any party. I, Stacey Marshall am
authorized by Oracle, my employer, to release this work under the
following terms.

Oracle hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy protocol v2"

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10065

Quanah Gibson-Mount  changed:

   What|Removed |Added

 Status|RESOLVED|VERIFIED

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy protocol v2"

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10065

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Target Milestone|2.7.0   |---
 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |INVALID

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9786] liblber: missing export of ber_pvt_wsa_err2string

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9786

Quanah Gibson-Mount  changed:

   What|Removed |Added

   See Also||https://bugs.openldap.org/s
   ||how_bug.cgi?id=9982

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9982] Linker error when building with LDAP_CONNECTIONLESS

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9982

Quanah Gibson-Mount  changed:

   What|Removed |Added

   See Also||https://bugs.openldap.org/s
   ||how_bug.cgi?id=9786

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9902] Make max index DBs for back-mdb configurable

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9902

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Severity|normal  |enhancement

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9881] Ability to track last authentication for database objects

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9881

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Severity|normal  |enhancement

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9829] set timeouts in remoteauth overlay

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9829

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Severity|normal  |enhancement

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9795] Remove memberof overlay

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9795

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Target Milestone|2.7.0   |---

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9786] liblber: missing export of ber_pvt_wsa_err2string

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9786

--- Comment #3 from Quanah Gibson-Mount  ---
for 2.7: make it possible to make the map file dynamic so necessary symbols how
up for windows and when various experimental features are enabled

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9717] The RADIUSOV overlay can be incorporated into OpenLDAP

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9717

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Assignee|b...@openldap.org   |mhar...@symas.com

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9677] Create "make install-strip” target

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9677

Quanah Gibson-Mount  changed:

   What|Removed |Added

 Status|RESOLVED|VERIFIED

--- Comment #2 from Quanah Gibson-Mount  ---
Note that you can use make install STRIP="" to not strip the binaries

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9677] Create "make install-strip” target

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=9677

Quanah Gibson-Mount  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|UNCONFIRMED |RESOLVED
   Target Milestone|2.7.0   |---

--- Comment #1 from Quanah Gibson-Mount  ---
The make process has been this way for 20+ years, to change it now would break
everyone who has built their processes on the current behavior.

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10130] Several callers of getpassphrase() ignore NULL returns

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10130

Quanah Gibson-Mount  changed:

   What|Removed |Added

   Keywords|needs_review|
   Target Milestone|--- |2.5.17

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10128] Unavailability of OpenSSL 3.X compatible openldap lib libldap_r.so for el8 platform

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10128

Quanah Gibson-Mount  changed:

   What|Removed |Added

 Status|RESOLVED|VERIFIED

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10128] Unavailability of OpenSSL 3.X compatible openldap lib libldap_r.so for el8 platform

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10128

Quanah Gibson-Mount  changed:

   What|Removed |Added

 Resolution|--- |INVALID
   Keywords|needs_review|
 Status|UNCONFIRMED |RESOLVED

--- Comment #1 from Quanah Gibson-Mount  ---
Hello,

The ITS system is for bug reports only.  Your question should be directed to
the openldap-techni...@openldap.org email list.  I will note that the OpenLDAP
project does not produce or distribute binary builds, only source.

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10130] New: Several callers of getpassphrase() ignore NULL returns

2023-11-14 Thread openldap-its 
https://bugs.openldap.org/show_bug.cgi?id=10130

  Issue ID: 10130
   Summary: Several callers of getpassphrase() ignore NULL returns
   Product: OpenLDAP
   Version: 2.6.6
  Hardware: All
OS: All
Status: UNCONFIRMED
  Keywords: needs_review
  Severity: normal
  Priority: ---
 Component: slapd
  Assignee: b...@openldap.org
  Reporter: stacey.marsh...@gmail.com
  Target Milestone: ---

getpassphrase(3c) and lutil_getpass() can return NULL to signify
EOF, and in the case of the former for an interrupt or an error.
Several callers fail to check for NULL before calling other functions
which may then cause other issues such as segmentation fault.

A patch in progress treats NULL as EOF and provides an early exit.

```
$ git status --short -uno  
 M clients/tools/common.c
 M clients/tools/ldappasswd.c
 M clients/tools/ldapvc.c
 M servers/slapd/slappasswd.c
 M tests/progs/slapd-tester.c
```

-- 
You are receiving this mail because:
You are on the CC list for the issue.