Bug 1018688

Summary: Connectionless LDAP is broken for IPv6
Product: [Fedora] Fedora Reporter: Jan Synacek <jsynacek>
Component: openldapAssignee: Jan Synacek <jsynacek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: jsynacek, jv+fedora, phracek, rmeggins, stefw
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.36-4.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-08 04:37:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Synacek 2013-10-14 07:54:13 UTC 
Description of problem:
Connectionless LDAP (ie: cldap enabled with -DLDAP_CONNECTIONLESS) is broken for IPv6 for current versions of openldap. Tested with version 2.4.35

It's not clear if this ever worked properly.

Connections immediately fail with:

ldap_search_ext: Can't contact LDAP server (-1)

The reason for this is that the LDAP_CONNECTIONLESS buffers include a prefix containing an address in a "struct sockaddr". However, struct sockaddr, is not a concrete type. In particular struct sockaddr_in6 is longer than struct sockaddr.

Noted here: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/liblber/sockbuf.c;h=d997e92910954b943e5b3fe7139ff4caaeaf49bf;hb=HEAD#l886

So this leads to failures when using IPv6 as the code assumes that the address length is equal to sizeof (struct sockaddr). Seen here:

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/liblber/sockbuf.c;h=d997e92910954b943e5b3fe7139ff4caaeaf49bf;hb=HEAD#l940


Version-Release number of selected component (if applicable):
openldap-2.4.36-2.fc20.x86_64


Additional info:
See #1007421.
Comment 1 Jan Synacek 2013-10-14 08:07:33 UTC 
Oops, sorry, correct version of the package is openldap-2.4.36-1.fc20.x86_64.
Comment 2 Jan Synacek 2013-10-14 08:38:20 UTC 
Pushed:
http://pkgs.fedoraproject.org/cgit/openldap.git/commit/?h=f20&id=6de15ed19709833f6e3a6f1b68afbaa26d069e91
Comment 3 Fedora Update System 2013-10-14 08:59:11 UTC 
openldap-2.4.36-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openldap-2.4.36-2.fc20
Comment 4 Fedora Update System 2013-10-14 09:12:40 UTC 
openldap-2.4.36-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openldap-2.4.36-2.fc19
Comment 5 Fedora Update System 2013-10-14 19:21:55 UTC 
Package openldap-2.4.36-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openldap-2.4.36-2.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19086/openldap-2.4.36-2.fc20
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-10-15 14:06:32 UTC 
openldap-2.4.36-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openldap-2.4.36-3.fc20
Comment 7 Fedora Update System 2013-10-23 06:14:31 UTC 
openldap-2.4.36-4.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openldap-2.4.36-4.fc20
Comment 8 Fedora Update System 2013-10-23 06:46:29 UTC 
openldap-2.4.36-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openldap-2.4.36-4.fc19
Comment 9 Fedora Update System 2013-11-08 04:37:49 UTC 
openldap-2.4.36-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-11-10 06:13:29 UTC 
openldap-2.4.36-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.