[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP should not try to open a config file in the current directory (ITS#1131)



Full_Name: Henning Schmiedehausen
Version: 2.0.7
OS: RedHat Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.34.181.4)


The openldap libraries try to open a config file in the "current"
 directory. This is especially annoying if you use LDAP to supply user and /
 or autofs information which leads to (best case) annoying file system
 accesses in the current directory when doing "ls" or (worst case) possible
 security problems if someone puts an ldaprc file in the current directory
 which does point to a different server or ldap directory.

I use the nss_ldap name service switcher to get UID/GID from a LDAP server.
This
is a netscape server but the nss_ldap is compiled against OpenLDAP 2.0.7

Steps to Reproduce:
 1. use LDAP for e.g. User information
 2. do "ls -la"
 3. watch filesystem accesses (strace -etrace=open .... )

 [...]
 open("/etc/openldap/ldap.conf", O_RDONLY) = 3
 open("/root/ldaprc", O_RDONLY)          = -1 ENOENT (No such file or
 directory)
 open("/root/.ldaprc", O_RDONLY)         = -1 ENOENT (No such file or
 directory)
 open("ldaprc", O_RDONLY)                = -1 ENOENT (No such file or
 directory)
 [...]

I opened this as a bug with RedHat, too (# 38402)

Bug fix:

-- openldap-2.0.7/libraries/libldap/init.c~    Wed Sep 13 02:42:34 2000
 +++ openldap-2.0.7/libraries/libldap/init.c     Mon Apr 30 18:15:23 2001
 @@ -278,9 +278,6 @@
         if(path != NULL) {
                 LDAP_FREE(path);
         }
 -
 -       /* try file */
 -       openldap_ldap_init_w_conf(file, 1);
  }