Ubuntu has issued an advisory on July 30: https://usn.ubuntu.com/4078-1/ The issues are fixed upstream in 2.4.48. Mageia 6 is also affected.
Blocks: (none) => 24076Whiteboard: (none) => MGA6TOO
Patches required added in (currently building): openldap-2.4.45-2.1.mga6 openldap-2.4.47-3.1.mga7
CC: (none) => bgmilneAssignee: bgmilne => qa-bugs
What about Bug 24076?
MGA-6-64 Plasma on Lenovo B50 Hunting for the packages to install, I found these lib64ldap2.4_2-2.4.45-2.1.mga6.x86_64 - openldap-back_bdb-2.4.45-2.1.mga6.x86_64 - openldap-back_mdb-2.4.45-2.1.mga6.x86_64 - openldap-back_sql-2.4.45-2.1.mga6.x86_64 - openldap-clients-2.4.45-2.1.mga6.x86_64 - openldap-doc-2.4.45-2.1.mga6.x86_64 - openldap-extra-schemas-1.3-18.mga6.noarch - openldap-servers-2.4.45-2.1.mga6.x86_64 - openldap-testprogs-2.4.45-2.1.mga6.x86_64 - openldap-tests-2.4.45-2.1.mga6.x86_64 No problems installing # systemctl start slapd # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: enabled) Active: active (running) since do 2019-09-05 11:34:25 CEST; 4s ago Process: 2273 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCALUSER} -s ${SLAPDSYSLOGLEVEL} (code=exite Process: 2191 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS) Main PID: 2275 (slapd) CGroup: /system.slice/slapd.service └─2275 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0 sep 05 11:34:24 mach5.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon... sep 05 11:34:24 mach5.hviaene.thuis su[2210]: (to ldap) root on none sep 05 11:34:25 mach5.hviaene.thuis ldap-config[2191]: Checking config file /etc/openldap/slapd.conf: [ OK ] sep 05 11:34:25 mach5.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon. Looking for some more tests.
CC: (none) => herman.viaene
Found loads of info at https://wiki.cdot.senecacollege.ca/wiki/OpenLDAP_Installation_and_Test too much for my liking, so just skipped all the configuration stuff and went straight to the testing commands : $ ldapsearch -x -b ** -s base supportedFeatures # extended LDIF # # LDAPv3 # base <Afbeeldingen> with scope baseObject # filter: (objectclass=*) # requesting: Bureaublad Documenten Downloads Muziek pgadmin.log project Sjablonen svn tmp Video's supportedFeatures # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 $ ldapsearch -x -b ** -s base supportedControl # extended LDIF # # LDAPv3 # base <Afbeeldingen> with scope baseObject # filter: (objectclass=*) # requesting: Bureaublad Documenten Downloads Muziek pgadmin.log project Sjablonen svn tmp Video's supportedControl # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 $ ldapsearch -x -b ** -s base supportedExtension # extended LDIF # # LDAPv3 # base <Afbeeldingen> with scope baseObject # filter: (objectclass=*) # requesting: Bureaublad Documenten Downloads Muziek pgadmin.log project Sjablonen svn tmp Video's supportedExtension # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 $ ldapsearch -x -W -D 'cn=Manager,dc=ops535,dc=com' -b // -s base Enter LDAP Password: ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed Output seems sensible. OK'ing unless someone else finds this is not enough.
Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK
> ldapsearch -x -b ** -s base supportedFeatures The ** should be '' ldapsearch -x -b '' -s base supportedFeatures Your shell expanded the * to files in the directory you ran the command from. Any further testing would require a bit more configuration, and population of some data (I think beyond the scope of this bug, but we should consider better "integration tests" for future). However, the openldap-tests package contains the upstream test-suite, in a format that can be used to run them as non-root, e.g.: sudo rurpmi openldap-tests make -C /usr/share/openldap/tests test (more options exist to limit the backends tested etc., by default it runs all default tests for all supported backends) (we used to run this at build time, but they take too long on the build system especially on arm, and sometimes fail the more complex tests due to load on the build system) Replying to David: > What about Bug 24076? I propose dropping the nops overlay. I'll do that now in cauldron.
MGA7-64 Plasma on Lenovo B50 No installation issues. # systemctl start slapd # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2019-09-14 11:35:49 CEST; 14s ago Process: 10270 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS) Process: 10310 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCALUSER} -s ${SL> Main PID: 10311 (slapd) Memory: 4.8M CGroup: /system.slice/slapd.service └─10311 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0 sep 14 11:35:49 mach5.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon... sep 14 11:35:49 mach5.hviaene.thuis su[10278]: (to ldap) root on none sep 14 11:35:49 mach5.hviaene.thuis su[10278]: pam_unix(su:session): session opened for user ldap by (uid=0) sep 14 11:35:49 mach5.hviaene.thuis su[10278]: pam_unix(su:session): session closed for user ldap sep 14 11:35:49 mach5.hviaene.thuis ldap-config[10270]: Checking config file /etc/openldap/slapd.conf: [ OK ] sep 14 11:35:49 mach5.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon. Then $ ldapsearch -x -b '' -s base supportedFeatures # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedFeatures # # dn: supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 and $ make -C /usr/share/openldap/tests test make: Map '/usr/share/openldap/tests' wordt binnengegaan make[1]: Map '/usr/share/openldap/tests' wordt binnengegaan Initiating LDAP tests for BDB... Cleaning up test run directory leftover from previous run. Running ./scripts/all for bdb... >>>>> Executing all LDAP tests for bdb >>>>> Starting test000-rootdse for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to retrieve the root DSE... Using ldapsearch to retrieve the cn=Subschema... Using ldapsearch to retrieve the cn=Monitor... dn: objectClass: top objectClass: OpenLDAProotDSE structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: o=OpenLDAP Project,l=Internet monitorContext: cn=Monitor and loads more .... I could not see any error popping up, so OK forme.
Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA6-64-OK MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0280.html
Status: NEW => RESOLVEDResolution: (none) => FIXED