1.187. openldap

Updated openldap packages that fix several bugs and add an enhancement are now available.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

Bug Fixes

BZ#548475
Move openldap libraries from /usr/lib to /lib.
BZ#613966
Init script is working wrong if database recovery is needed.
BZ#630637
Update list of modules in slapd.conf.bak.
BZ#644399
slapd init script gets stuck in an infinite loop.
BZ#685119
openldap-servers upgrade hangs or do not upgrade the database
Users are advised to upgrade to these packages, which resolve these issues.
Updated openldap packages that fix three bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
Bug Fixes
BZ#790913
Mozilla NSS initialization functions are not implemented in a thread-safe way. Therefore, if multiple TLS operations were performed simultaneously on an LDAP server, a race condition between the TLS threads could occur. Consequently, the LDAP server terminated unexpectedly with a segmentation fault. With this update, a mutual exclusion (mutex) for Mozilla NSS initialization functions calls has been added to the code, which prevents this situation from occurring. The LDAP server no longer crashes when initializing a TLS connection.
BZ#790914
Previously, OpenLDAP used incorrect data types for storing the length of the values used by the ODBC (Open Database Connectivity) interface in the SQL back end implementation. As a consequence, the LDAP server terminated unexpectedly with a segmentation fault after a few operations. This update modifies the code to use the correct data types so that the LDAP server no longer crashes when using the SQL back end.
BZ#790915
Previously, OpenLDAP did not properly handle wildcarded common names (for example CN=*.example.com) in LDAP certificates. Therefore, when a program used OpenLDAP for a secure SSL/TLS connection to an LDAP server using an LDAP certificate with a wildcarded common name, the connection failed. With this update, the code of OpenLDAP has been modified to properly test common names in LDAP certificates so that a connection to the LDAP server now succeeds if the wildcarded common name matches the server hostname.
All users of openldap are advised to upgrade to these updated packages, which fix these bugs.
Enhanced openldap packages are now available for Red Hat Enterprise Linux 6.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.
Enhancement
BZ#733659
In a distributed environment, a Root DN (distinguished name) can be specified instead of a hostname to connect to an OpenLDAP server. The Root DN is used to look up the corresponding hosts using the DNS SRV (Domain Name Server Service) records. Prior to this update, the priority and weight of individual SRV records were ignored and the connection was created to the host in the first SRV record returned by the DNS server. As a consequence, a server in a different geographic location may have been queried, leading to high response times. Servers are now queried according to their priority and weight, which conforms to the RFC 2782 standard.
Users of openldap are advised to upgrade to these updated packages, which add this enhancement.
Updated openldap packages that fix one bug are now available for Red Hat Enterprise Linux 6.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.
Bug Fix
BZ#723134
Prior to this update, client certificates were under certain circumstances not released when OpenLDAP validated the Transport Layer Security (TLS) peer and the client certificate was cached by Mozilla NSS library. Due to this problem, tools that used both OpenLDAP and Mozilla NSS libraries could fail when calling the NSS_Shutdown function. This update releases the certificate in the OpenLDAP library after finishing the validation. Now, all caches can be released and NSS_Shutdown succeeds.
All users of openldap are advised to upgrade to these updated packages, which fix this bug.