October 2008 - openldap-bugs

(ITS#5771) autogroup overlay prevent slapd to works correctly

by Guillaume.Rousse＠inria.fr

Full_Name: Guillaume Rousse Version: 2.4.12 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.224.237.5) Enabling the autogroup overlay make slapd unwilling to work: [guillaume@oberkampf ~]$ ldapsearch -LLL -x Server is unwilling to perform (53) Additional information: operation not supported within namingContext No need for dynamic entry in the DIT to trigger the error, just configuring the overlay as documented in its README file is enough: overlay autogroup autogroup-attrset groupOfURLs memberURL member

15 years, 1 month

1
0
0 / 0

(ITS#5770) Unaligned BerElements

by h.b.furuseth＠usit.uio.no

Full_Name: Hallvard B Furuseth Version: HEAD, RE24 OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard This code fails to align the BerElement: char berbuf[LBER_ELEMENT_SIZEOF]; BerElement *ber = (BerElement *)berbuf; in clients/tools/common.c, servers/slapd/overlays/ppolicy.c. Fixing.

15 years, 1 month

1
0
0 / 0

Re: (ITS#5768) [enhancement] add support for Dereference Control

by h.b.furuseth＠usit.uio.no

Howard Chu writes: >> BTW, possibly "deref(erence)" is a confusing name for the control, >> since it is apparently not related to aliases. > > Oh please. Nor is it related to referrals or search references, and yet > these are all references, and "dereference" applies to them equally. Actually the docs do use different names for that - "follow"/"chase" referrals, or "chain" on the server side, vs. "deref"erence aliases. So if this is a new operation, I figured it wouldn't hurt to look for another word for whatever it is doing. But sure, it's no big thing. And in that regard it can already be a bit confusing that it's aliases and not referrals & search references which are "deref"erenced. -- Hallvard

15 years, 1 month

1
0
0 / 0

Re: (ITS#5768) [enhancement] add support for Dereference Control

by ando＠sys-net.it

h.b.furuseth(a)usit.uio.no wrote: > ando(a)sys-net.it writes: >> The current specification is formalized in a comment in >> overlays/deref.c; I intend to improve it and post it at >> <http://www.openldap.org/faq/data/cache/1469.html>. > > You've specified the syntax, but not the semantics. I don't see > any mention there of what this control does, though I suppose the > examples help if one knows what a GUID and a SID are. I will, in a more detailed document. > BTW, possibly "deref(erence)" is a confusing name for the control, > since it is apparently not related to aliases. "Dereference" means take DN-valued attributes, lookup the requested attributes from their entry and present the whole thing (name + attrs) as the control value. So ldapsearch -E deref=member:cn,sn will return a control value consisting in sequences of member values contained in the search, plus the corresponding values of cn and sn. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

15 years, 1 month

1
0
0 / 0

Re: (ITS#5768) [enhancement] add support for Dereference Control

by hyc＠symas.com

h.b.furuseth(a)usit.uio.no wrote: > ando(a)sys-net.it writes: >> The current specification is formalized in a comment in >> overlays/deref.c; I intend to improve it and post it at >> <http://www.openldap.org/faq/data/cache/1469.html>. > > You've specified the syntax, but not the semantics. I don't see > any mention there of what this control does, though I suppose the > examples help if one knows what a GUID and a SID are. It doesn't matter what a GUID or SID, aside from being attributes of an entry that was referenced by a search response entry. > BTW, possibly "deref(erence)" is a confusing name for the control, > since it is apparently not related to aliases. Oh please. Nor is it related to referrals or search references, and yet these are all references, and "dereference" applies to them equally. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

15 years, 1 month

1
0
0 / 0

Re: (ITS#5768) [enhancement] add support for Dereference Control

by h.b.furuseth＠usit.uio.no

ando(a)sys-net.it writes: > The current specification is formalized in a comment in > overlays/deref.c; I intend to improve it and post it at > <http://www.openldap.org/faq/data/cache/1469.html>. You've specified the syntax, but not the semantics. I don't see any mention there of what this control does, though I suppose the examples help if one knows what a GUID and a SID are. BTW, possibly "deref(erence)" is a confusing name for the control, since it is apparently not related to aliases. -- Hallvard

15 years, 1 month

1
0
0 / 0

ITS#5768 - design considerations

by ando＠sys-net.it

ando(a)OpenLDAP.org wrote: > Log Message: > forgot access control... Probably the current implementation is far from optimal, since it makes use of over_entry_get_rw() and thus: - requires to apply ACLs within the overlay - prevents other overlays from interoperating - prevents the overlay from being instantiated as global Probably, an internal search with scope "base" would be better. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

15 years, 1 month

1
0
0 / 0

Re: (ITS#5769) Behaviour of ldap_sort_entries on a multivalued attribute

by ando＠sys-net.it

emmanuel.duru(a)atosorigin.com wrote: > Currently, ldap_sort_entries when used with a multivalued attribute assumes that > the attribute values are in the same order for all the entries. It would be > better if this was not the case. > For example, I would like to use ldap_sort_entries to sort entries according to > objectclass attribute, so as to group entries by kind of objects. > Let be 3 entries: > ==>cn=n1, objectclass: person, organizationalperson > ==>ou=ou1, objectclass: organizationalunit > ==>cn=n2, objectclass: organizationalperson, person > result of ldap_sort_entries on objectclass: n2, ou1, n1, whereas I expected n1, > n2, ou1. ldap_sort_entries() is deprecated. As a consequence, I would not expect any activity on it. It is the client's duty to sort the way it likes. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

15 years, 1 month

1
0
0 / 0

(ITS#5769) Behaviour of ldap_sort_entries on a multivalued attribute

by emmanuel.duru＠atosorigin.com

Full_Name: Emmanuel Duru Version: 2.4.11 OS: Windows URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.78.0.137) Currently, ldap_sort_entries when used with a multivalued attribute assumes that the attribute values are in the same order for all the entries. It would be better if this was not the case. For example, I would like to use ldap_sort_entries to sort entries according to objectclass attribute, so as to group entries by kind of objects. Let be 3 entries: ==>cn=n1, objectclass: person, organizationalperson ==>ou=ou1, objectclass: organizationalunit ==>cn=n2, objectclass: organizationalperson, person result of ldap_sort_entries on objectclass: n2, ou1, n1, whereas I expected n1, n2, ou1.

15 years, 1 month

1
0
0 / 0

Re: (ITS#5768) [enhancement] add support for Dereference Control

by ando＠sys-net.it

A tentative implementation is in HEAD, please test. You need to: - configure as --enable-deref - enable the "deref" overlay in slapd, with "overlay deref" (doesn't work as global overlay yet, sorry). - run searches like $ ldapsearch -x -b dc=example,dc=com -E 'deref=member:entryUUID' you'll see results like # Alumni Assoc Staff, Groups, example.com dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com control: 1.3.6.1.4.1.4203.666.5.16 false MIIDgjBdBAZtZW1iZXIEHGNuPU1hbmFnZXIsZ GM9ZXhhbXBsZSxkYz1jb22gNTAzBAllbnRyeVVVSUQxJgQkMjlkNTNiZjQtMzRhYi0xMDJkLThhNz MtYWI0MTM2OTEyOTExMIGFBAZtZW1iZXIERGNuPURvcm90aHkgU3RldmVucyxvdT1BbHVtbmkgQXN zb2NpYXRpb24sb3U9UGVvcGxlLGRjPWV4YW1wbGUsZGM9Y29toDUwMwQJZW50cnlVVUlEMSYEJDI5 ZDNhNzQ0LTM0YWItMTAyZC04YTZjLWFiNDEzNjkxMjkxMTCBhQQGbWVtYmVyBERjbj1KYW1lcyBBI EpvbmVzIDEsb3U9QWx1bW5pIEFzc29jaWF0aW9uLG91PVBlb3BsZSxkYz1leGFtcGxlLGRjPWNvba A1MDMECWVudHJ5VVVJRDEmBCQyOWQ0MTM5Ni0zNGFiLTEwMmQtOGE2ZS1hYjQxMzY5MTI5MTEwfgQ GbWVtYmVyBD1jbj1KYW5lIERvZSxvdT1BbHVtbmkgQXNzb2NpYXRpb24sb3U9UGVvcGxlLGRjPWV4 YW1wbGUsZGM9Y29toDUwMwQJZW50cnlVVUlEMSYEJDI5ZDQ4ZTQ4LTM0YWItMTAyZC04YTcwLWFiN DEzNjkxMjkxMTCBhAQGbWVtYmVyBENjbj1KZW5uaWZlciBTbWl0aCxvdT1BbHVtbmkgQXNzb2NpYX Rpb24sb3U9UGVvcGxlLGRjPWV4YW1wbGUsZGM9Y29toDUwMwQJZW50cnlVVUlEMSYEJDI5ZDRhNjR lLTM0YWItMTAyZC04YTcxLWFiNDEzNjkxMjkxMTCBgQQGbWVtYmVyBEBjbj1NYXJrIEVsbGlvdCxv dT1BbHVtbmkgQXNzb2NpYXRpb24sb3U9UGVvcGxlLGRjPWV4YW1wbGUsZGM9Y29toDUwMwQJZW50c nlVVUlEMSYEJDI5ZDU1NGY0LTM0YWItMTAyZC04YTc0LWFiNDEzNjkxMjkxMTCBhQQGbWVtYmVyBE Rjbj1VcnN1bGEgSGFtcHN0ZXIsb3U9QWx1bW5pIEFzc29jaWF0aW9uLG91PVBlb3BsZSxkYz1leGF tcGxlLGRjPWNvbaA1MDMECWVudHJ5VVVJRDEmBCQyOWQ1OGVkOC0zNGFiLTEwMmQtOGE3NS1hYjQx MzY5MTI5MTE= # member: <entryUUID=29d53bf4-34ab-102d-8a73-ab4136912911>;cn=Manager,dc=exam ple,dc=com # member: <entryUUID=29d3a744-34ab-102d-8a6c-ab4136912911>;cn=Dorothy Stevens ,ou=Alumni Association,ou=People,dc=example,dc=com # member: <entryUUID=29d41396-34ab-102d-8a6e-ab4136912911>;cn=James A Jones 1 ,ou=Alumni Association,ou=People,dc=example,dc=com # member: <entryUUID=29d48e48-34ab-102d-8a70-ab4136912911>;cn=Jane Doe,ou=Alu mni Association,ou=People,dc=example,dc=com # member: <entryUUID=29d4a64e-34ab-102d-8a71-ab4136912911>;cn=Jennifer Smith, ou=Alumni Association,ou=People,dc=example,dc=com # member: <entryUUID=29d554f4-34ab-102d-8a74-ab4136912911>;cn=Mark Elliot,ou= Alumni Association,ou=People,dc=example,dc=com # member: <entryUUID=29d58ed8-34ab-102d-8a75-ab4136912911>;cn=Ursula Hampster ,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Manager,dc=example,dc=com member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com owner: cn=Manager,dc=example,dc=com description: All Alumni Assoc Staff cn: Alumni Assoc Staff objectClass: groupOfNames The related C API is in libraries/libldap/deref.c; as a guideline, you can look at clients/ttols/ldapsearch.c, which creates the control and parses the response in order to print it in extended DN style. The current specification is formalized in a comment in overlays/deref.c; I intend to improve it and post it at <http://www.openldap.org/faq/data/cache/1469.html>. Please report through the ITS. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

15 years, 1 month

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2008