start_tls while chasing referrals
by Bin Lu
Hi,
I noticed the following bug fix in referral chasing
http://bugzilla.padl.com/show_bug.cgi?id=210
This seems only to take care of the usage with pam ldap lib. What if
the ldap connection is not from the pam lib? In that case, when an
ldap operation reaches a referral point, would the new connection be
consistent if the original connection is using TLS(and the referral
url is not using ldaps)? Our test shows it is not. Please advice, if
that is also a security hole?
Regards,
Wenwu
16 years, 2 months
(ITS#5033) make depend breaks if configure doesn't know how
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: RE23, HEAD
OS: HP-UX
URL:
Submission from: (NULL) (129.240.202.105)
Submitted by: hallvard
If configure does not know how to make dependencies, it still asks
us to run make depend. On HP-UX, that miscompile OpenLDAP.
In addition to fixing the "please run make depend" message, I suggest:
In build/openldap.m4, set OL_MKDEP= either ":" or "false".
- ":" allows autobuild scripts that run "make depend" to work.
- "false" warns people who do use "make depend" that build -
modify source - rebuild may not work.
I've got no strong preference. Will use ":" if nobody disagrees.
16 years, 3 months
Re: (ITS#5032) cannot build on x86_64, needs newer libtool
by h.b.furuseth@usit.uio.no
Howard Chu writes:
> Strange. It all builds perfectly fine on my SuSE 9.2 x86_64 system. At
> this point it's getting rather monotonous pointing out how much RedHat
> gets wrong...
For a chance, this doesn't look like a RedHat problem. It's not their
fault that libtool mistranslates perfectly good -l<lib> command line
options.
OTOH, they did install db-4.3, so it's not as I'll be using it anyway.
But I imagine I may run into the same problem with other /lib64/
libraries.
--
Regards,
Hallvard
16 years, 3 months
Re: (ITS#5032) cannot build on x86_64, needs newer libtool
by hyc@symas.com
h.b.furuseth(a)usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: RE23, HEAD
> OS: RedHat Linux/x86_64
> URL:
> Submission from: (NULL) (129.240.202.105)
> Submitted by: hallvard
>
>
> libtool translates -ldb-4.3 to /usr/lib/libdb-4.3.so, which breaks.
> "cc -ldb-4.3" uses /lib64/libdb-4.3.so.
>
> Looks like the fix is to upgrade to libtool-1.5.24. Its NEWS says
> * Search paths with GCC on multilib systems like x86_64 have been fixed.
>
> I haven't checked how to upgrade, though. Tried to install a private
> libtool and run libtoolize, but it just said "You should update
> your `aclocal.m4' by running aclocal" even after I ran aclocal.
Strange. It all builds perfectly fine on my SuSE 9.2 x86_64 system. At this
point it's getting rather monotonous pointing out how much RedHat gets wrong...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
16 years, 3 months
(ITS#5032) cannot build on x86_64, needs newer libtool
by h.b.furuseth@usit.uio.no
Full_Name: Hallvard B Furuseth
Version: RE23, HEAD
OS: RedHat Linux/x86_64
URL:
Submission from: (NULL) (129.240.202.105)
Submitted by: hallvard
libtool translates -ldb-4.3 to /usr/lib/libdb-4.3.so, which breaks.
"cc -ldb-4.3" uses /lib64/libdb-4.3.so.
Looks like the fix is to upgrade to libtool-1.5.24. Its NEWS says
* Search paths with GCC on multilib systems like x86_64 have been fixed.
I haven't checked how to upgrade, though. Tried to install a private
libtool and run libtoolize, but it just said "You should update
your `aclocal.m4' by running aclocal" even after I ran aclocal.
16 years, 3 months
Re: (ITS#5031) Question about transaction in OpenLDAP
by ghenry@suretecsystems.com
<quote who="lixin922(a)huawei.com">
> Full_Name: lixin
> Version: OpenLDAP2.4.4alpha
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (210.21.230.126)
>
>
> Hello,
>
> I have known that the OpenLDAP2.4 will support transaction from
> roadmap.Now I am
> testing OpenLDAP2.4.4alpha,But I am not sure whether this version suports
> transation.If it supports how to use it.If not,about which version will
> support
> it,and when this version will appear.
>
> Thank you very much.
Hi,
Our ITS system is for reporting and tracking OpenLDAP bugs. Since you are
asking a question that should be asked on openldap-software(a)openldap.org,
this ITS will be closed.
Kindly re-send your question to the correct list.
Gavin.
16 years, 3 months
(ITS#5031) Question about transaction in OpenLDAP
by lixin922@huawei.com
Full_Name: lixin
Version: OpenLDAP2.4.4alpha
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (210.21.230.126)
Hello,
I have known that the OpenLDAP2.4 will support transaction from roadmap.Now I am
testing OpenLDAP2.4.4alpha,But I am not sure whether this version suports
transation.If it supports how to use it.If not,about which version will support
it,and when this version will appear.
Thank you very much.
16 years, 3 months
(ITS#5030) Setting/knowing max query size
by bruno_haleblian@carrefour.com
Full_Name: Bruno
Version: 2.3.21
OS: redhat AS 3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (217.77.224.130)
Hi,
I am looking for a way to limit ldap query size - there may be one in slapd.conf
but I could not find it yet(still reading).
Sometimes slapd process crashes because of malformed - too lenghty requests.
While this is due to a buggy EAI updater which will be fixed -
I still think it should be safer to limit this size from server side.
thanks
16 years, 3 months
Re: (ITS#5028) incomplete slapcat docs
by ghenry@suretecsystems.com
<quote who="h.b.furuseth(a)usit.uio.no">
> hyc(a)symas.com writes:
>> steve(a)stevenwills.com wrote:
>>> The slapcat man page says in the Limitations section:
>>>
>>> In general, your slapd(8) should not be running (at least, not
>>> in
>>> read-write mode) when you do this to ensure consistency of the
>>> database.
>>> (...)
>> Given that back-ldbm has been deleted for 2.4, I guess we can just
>> delete this sentence.
>
> It could produce garbage data with back-ldif, and with some foreign
> database module. I think it should say it's safe with bdb (and null).
> Could copy it to the slapd-bdb(5) too. (I don't suggest to make
> slapcat(8) refer the user to that, since there is only one example
> anyway.)
Obviously hdb too. Would it produce garbage on 2.4?
>
> --
> Regards,
> Hallvard
>
>
>
16 years, 3 months
Re: (ITS#5028) incomplete slapcat docs
by ghenry@suretecsystems.com
<quote who="hyc(a)symas.com">
> steve(a)stevenwills.com wrote:
>> Full_Name: Steve Wills
>> Version: 2.3.19
>> OS: Fedora
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (65.15.231.202)
>>
>>
>> The slapcat man page says in the Limitations section:
>>
>> In general, your slapd(8) should not be running (at least, not in
>> read-write mode) when you do this to ensure consistency of the database.
>>
>> However, I've been told several times that this only applies to ldbm and
>> not
>> bdb. Not sure about other types, but it would be good to clarify this
>> section.
>>
> Given that back-ldbm has been deleted for 2.4, I guess we can just delete
> this
> sentence.
I would agree.
> --
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
>
>
16 years, 3 months