[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--214647081-852979057-1529664529=:67666
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8BIT

Hi,

On Fri, 22 Jun 2018, OndÅ?ej Kuzník wrote:
> On Sun, Mar 23, 2014 at 09:32:22AM +0000, ck@cksoft.de wrote:
>> Hi,
>>
>> I can confirm that openldap-2.4.39 still has in issue with this.
>>
>> When connecting via TLS I tried to modify olcTLSVerifyClient from never
>> to try with following ldif:
>>
>>    dn: cn=config
>>    changetype: modify
>>    replace: olcTLSVerifyClient
>>    olcTLSVerifyClient: try
>>
>> this caused slapd to hang indefinetely.
>>
>> I was able to successfully modify above when connecting without TLS.
>>
>> I need to complete my current task but will set up a small proof of
>> concept later on in my lab.
>
> Hi Christian,
> have you been able to set up a test configuration that reproduces it
> with latest OpenLDAP? A cursory test here doesn't seem to do anything of
> the sort.

this is 4 years old and I had totally forgetten about it.

But I just happen to have a developement cluster running with both the affected 2.4.39 and new 2.4.46 nodes.

I will try to test over the weekend and will give you feedback.

Greetings
Christian

-- 
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
--214647081-852979057-1529664529=:67666--