Bug 144992

Summary: OpenLDAP 2.2.13 bug causes outlook "unavailable critical extension"
Product: [Fedora] Fedora Reporter: Troels Liebe Bentsen <tlb>
Component: openldapAssignee: Jay Fenlason <fenlason>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: jfeeney, joshkel, wcooley
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.openldap.org/software/release/changes.html
Whiteboard:
Fixed In Version: 2.2.29 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-05 14:29:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Troels Liebe Bentsen 2005-01-13 15:30:31 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041214 Firefox/1.0

Description of problem:
OpenLDAP should be upgraded to 2.2.20 or downgraded to a old 2.1
version, a number of things are broaken in 2.2.13, such as paged
access that allot of LDAP clients make use of, it has several memmory
leaks and locking bugs in the bdb backend, for upgrading it should
only be a matter of getting the new tar.gz, removing unneeded patches
and doing a recompile.

Version-Release number of selected component (if applicable):
2.2.13

How reproducible:
Always

Steps to Reproduce:
1. Using paged access from a ldap client.
2. A allot more: http://www.openldap.org/software/release/changes.html
3.
    

Additional info:
Comment 1 David Timms 2005-01-30 12:35:25 UTC 
see also openldap bug for this problem - pagedResults in back-ldap

http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=3283;selectid=3283

With openldap-2.2.13-2 rpm in place, openldap as the corporate
directory is useless with ms outlook 2002 and 2003 ldap clients. Every
time the user types into the To: box, outlook attempts to search the
ldap directory, but the response is error "unavailable critical
extension", and this is displayed to the user. The user never gets to
see responses from the search.

I'd be happy to test openldap version (eg 2.2.23) as an rpm if someone
is willing to build such.

I am guessing this is a pretty big market to be having problems with.

note: I suggest changing title:
OpenLDAP 2.2.13 not fit for normal use.
to:
OpenLDAP 2.2.13 bug causes outlook "unavailable critical extension"
so that the size of the problem (outlook 2002/2003 users) is
indicated, and so that it's easier to find in bugzilla based on the
outlook error message.
Comment 2 Jay Fenlason 2005-10-19 01:06:17 UTC 
I've put experimental 2.2.29 i386 rpms on http://people.redhat.com/fenlason/  
Make sure you back up everything LDAP related before you install them!  Can 
you try them out and report whether they solve this problem without 
introducing too many new ones?  The 2.2.13->2.2.29 upgrade introduces enough 
incompatability issues that I haven't decided whether to push it for FC3 or 
not.  I only have test ldap installations, so I can't tell how bad (if at all) 
the incompatabilities are in practice.
Comment 3 John Thacker 2006-05-05 14:29:58 UTC 
FC4 has 2.2.29, FC5 has 2.3.19.  FC3 is now Fedora Legacy and this does
not seem like a security bug.  Closing.