openldap-bugs October 2008

openldap-bugs@openldap.org

36 participants
187 discussions

Re: (ITS#5705) [enhancement] slapo-constraint could honor "relax" by not checking for constraints
by ando＠sys-net.it 13 Oct '08

13 Oct '08

michael(a)stroeder.com wrote: > What's the use-case for this? I'm concerned about overloading the > semantics of Relax Rules control far beyond what's written in > draft-zeilenga-ldap-relax. Well, a user with "manage" privileges on related data could bypass constraints enforced by slapo-constraint(5) by using the "relax" control. The rationale is that a user with manage privileges could be able to repair an entry that needs to violate a constraint for good reasons. Note that the user: - must have enough privileges to do it (manage) - must inform the DSA that intends to violate the constraint (by using the control) I decided to overload "relax" rather than defining a specific control because I believe this fits into the spirit of "relax". In fact, the resulting entry would violate a constraint, but would not violate the protocol. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

Re: (ITS#5705) [enhancement] slapo-constraint could honor "relax" by not checking for constraints
by michael＠stroeder.com 13 Oct '08

13 Oct '08

What's the use-case for this? I'm concerned about overloading the semantics of Relax Rules control far beyond what's written in draft-zeilenga-ldap-relax. Ciao, Michael.

1 0

Re: (ITS#5735) global overlays not handled correctly in back-config
by ando＠sys-net.it 13 Oct '08

13 Oct '08

ando(a)sys-net.it wrote: > When global overlays instantiate private databases, they are not correctly > handled by back-config. A fix is coming. The problem is essentially related to slapo-chain used as global overlay: after the configuration database is generated, slapd does not start correctly. To reproduce: - add "overlay chain" before any database in slapd.conf - run slapd -f slapd.conf -F slapd.d/ - stop slapd - run slapd -F slapd.d/ This should now be fixed in HEAD. Please test. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

(ITS#5738) back-monitor: registering a new backend (via moduleload) should add the corresponding entry in cn=monitor
by ando＠sys-net.it 13 Oct '08

13 Oct '08

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando p.

1 0

(ITS#5737) back-monitor: adding a database should add its entry in cn=monitor
by ando＠sys-net.it 13 Oct '08

13 Oct '08

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando p.

1 0

(ITS#5736) slapo-chain & slapo-translucent need work to interoperate with back-config
by ando＠sys-net.it 12 Oct '08

12 Oct '08

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (151.30.65.135) the *ldadd function of both overlays associated to private database instantiation does not intercept the olcDatabase attributeType. slapo-chain might also have an issue related to defferring *db_open(). A fix is coming. p.

1 0

(ITS#5735) global overlays not handled correctly in back-config
by ando＠sys-net.it 12 Oct '08

12 Oct '08

Full_Name: Pierangelo Masarati Version: HEAD OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (151.30.65.135) When global overlays instantiate private databases, they are not correctly handled by back-config. A fix is coming.

1 0

Re: ITS#5707
by hyc＠symas.com 11 Oct '08

11 Oct '08

ando(a)sys-net.it wrote: > Just to clarify: is the patch available from Oracle's web site > <http://www.oracle.com/technology/products/berkeley-db/db/update/4.7.25/patc…> > related? Is it alternative or complementary to<build/db.4.7.25.patch>? I suspect the contents of that URL will change over time. At the moment, that page has only one patch, and it only affects BerkeleyDB replication, which is a feature that we have never used. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

ITS#5707
by ando＠sys-net.it 11 Oct '08

11 Oct '08

Just to clarify: is the patch available from Oracle's web site <http://www.oracle.com/technology/products/berkeley-db/db/update/4.7.25/patc…> related? Is it alternative or complementary to <build/db.4.7.25.patch>? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

(ITS#5734) Serch limits by baseDN
by h.b.furuseth＠usit.uio.no 10 Oct '08

10 Oct '08

Full_Name: Hallvard B Furuseth Version: HEAD OS: URL: http://folk.uio.no/hbf/OpenLDAP/limits.txt Submission from: (NULL) (129.240.6.233) Submitted by: hallvard I want to give part of a database different limits than the rest. Here a suggested patch, currently a quick hack for inspection. It gives ".this" and ".self" modifiers to "dn" in the "limits" keyword: limits dn[.this | .self][.exact | .base | ...] ... "Self" is default and matches the specified DN against the bound DN. "This" matches against the base DN of the search. (Keywords chosen from "this"/"self" in set ACLs, since names like "base" are taken.) This needs an API change: Currently slapd/limits.c:limits_gets() takes the bound DN as an argument. The change needs a function which fetches the bound or examined DN from the Operation structure. Is it OK to just remove the DN argument and make the function static, so any existing binaries that call it won't silently get the changed API? Slapd doesn't call this function anywhere.

1 0

← Newer
1
...
12
13
14
15
16
17
18
19
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2008