openldap-bugs April 2010

openldap-bugs@openldap.org

45 participants
233 discussions

Re: (ITS#6483) [PATCH] Properly use #elif
by hyc＠symas.com 11 Apr '10

11 Apr '10

delphij(a)FreeBSD.org wrote: > Full_Name: Xin LI > Version: -HEAD > OS: FreeBSD/amd64 > URL: http://people.freebsd.org/~delphij/misc/openldap-elif.diff > Submission from: (NULL) (206.40.55.65) > > > OpenLDAP uses several #elif to test if a macro is being defined, which should be > spelled as #elif defined. > > Here is a patch against CVS -HEAD. > > Index: include/ac/regex.h > =================================================================== > RCS file: /repo/OpenLDAP/pkg/ldap/include/ac/regex.h,v > retrieving revision 1.20 > diff -u -p -u -p -r1.20 regex.h > --- include/ac/regex.h 21 Jan 2009 23:40:18 -0000 1.20 > +++ include/ac/regex.h 1 Mar 2010 20:12:52 -0000 > @@ -28,7 +28,7 @@ > */ > #error "No POSIX REGEX available." > > -#elif HAVE_GNUREGEX_H > +#elif defined(HAVE_GNUREGEX_H) > /* system has GNU gnuregex.h */ > # include<gnuregex.h> > #else That patch is incorrect. Autoconf HAVE_xx macros must be defined to 1 to actually be used, some scripts may also define them to 0. The current test is correct. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6488) Nssov updates for new versions of nss-pam-ldapd
by hyc＠symas.com 11 Apr '10

11 Apr '10

crispy(a)cluenet.org wrote: > Hi, any word on if this can be incorporated? Committed in HEAD, thanks for the patch. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6194) Patch - Enhancement - provide LDIF support as libldif
by masarati＠aero.polimi.it 11 Apr '10

11 Apr '10

>> >>> Sorry about that. You can find it here: >>> http://rmeggins.fedorapeople.org/ldifutil.c >> >> Gotit, thanks. I have one first comment: the public API does not >> generally expose the memory context. I'm renaming >> ldap_parse_ldif_record() as ldap_parse_ldif_record_x(), and eliminating >> the void *ctx arg from ldap_parse_ldif_record(), if you don't mind. > > tested and applied to HEAD; please test. Thanks, p. More comments: 1) perhaps it may be worth providing a function that converts a LDIFRecord structure into a string, and one that sends it to a stream 2) I note you put LDAPMod **lr_mods; /* list of mods for LDAP_REQ_MODIFY, LDAP_REQ_ADD */ struct berval lr_newrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */ struct berval lr_newsuperior; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */ int lr_deleteoldrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */ /* the following are for future support */ struct berval lr_extop_oid; /* LDAP_REQ_EXTENDED */ struct berval lr_extop_data; /* LDAP_REQ_EXTENDED */ struct berval lr_cmp_attr; /* LDAP_REQ_COMPARE */ struct berval lr_cmp_bvalue; /* LDAP_REQ_COMPARE */ in the structure; the last four are not used right now. I think it would make sense to group struct members by op in substructures, and then put them in a union, to stress the fact that they're mutually exclusive. Much like Howard did for the corresponding substructures in the Operation struct in slapd. p.

1 0

Re: (ITS#6432) PATCH: MozNSS crypto (tls_m.c) - support InitContext, improved PEM support
by hyc＠symas.com 11 Apr '10

11 Apr '10

rmeggins(a)redhat.com wrote: > Any update on this? Sorry I must've missed your last reply, I thought we were still waiting on you. Why is pem_mod_name needed as an independent variable? Since it's const I presume it will not be changing in the future? (Not asking for a change here, just want to understand its purpose.) Actually, since it and pem_library are only used once each, I would probably just #define it instead. But again, just want to know first how constant it really is. I've committed the patch as-is. If any other tweaks are needed let us know. Thanks for working on this. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#6194) Patch - Enhancement - provide LDIF support as libldif
by masarati＠aero.polimi.it 11 Apr '10

11 Apr '10

> >> Sorry about that. You can find it here: >> http://rmeggins.fedorapeople.org/ldifutil.c > > Gotit, thanks. I have one first comment: the public API does not > generally expose the memory context. I'm renaming > ldap_parse_ldif_record() as ldap_parse_ldif_record_x(), and eliminating > the void *ctx arg from ldap_parse_ldif_record(), if you don't mind. tested and applied to HEAD; please test. Thanks, p.

1 0

Re: (ITS#6194) Patch - Enhancement - provide LDIF support as libldif
by masarati＠aero.polimi.it 11 Apr '10

11 Apr '10

> Sorry about that. You can find it here: > http://rmeggins.fedorapeople.org/ldifutil.c Gotit, thanks. I have one first comment: the public API does not generally expose the memory context. I'm renaming ldap_parse_ldif_record() as ldap_parse_ldif_record_x(), and eliminating the void *ctx arg from ldap_parse_ldif_record(), if you don't mind. p.

1 0

Re: (ITS#6194) Patch - Enhancement - provide LDIF support as libldif
by richm＠stanfordalumni.org 11 Apr '10

11 Apr '10

On Sun, Apr 11, 2010 at 10:07 AM, <masarati(a)aero.polimi.it> wrote: >> Full_Name: Rich Megginson >> Version: CVS HEAD (2.4.21+) >> OS: Fedora >> URL: >> ftp://ftp.openldap.org/incoming/openldap-2.4.21-libldif-and-new-ldif-api= -20100409.patch > > Rich, > > ldifutil.c seems to be missing in that file. =A0Can you provide it? =A0Ei= ther > a separate file, or a new version of the patch is fine. Sorry about that. You can find it here: http://rmeggins.fedorapeople.org/ldifutil.c > > Thanks, p. > > >> This patch allows liblutil to provide the LDIF reading and writing >> functions as >> public APIs in a libldif, and exposes ldif.h to the public API. =A0This >> patch also creates >> a new LDAP API for parsing raw LDIF records into higher level LDAP >> structures >> such as LDAPMod and LDAPControl - ldap_parse_ldif_record() - and changes >> ldapmodify.c to use the new API. >> >> =A0 =A0 This patch file is derived from OpenLDAP Software. All of the >> modifications to OpenLDAP Software represented in the following >> patch(es) were developed by Red Hat, Inc.. Red Hat, Inc. has not >> assigned rights and/or interest in this work to any party. I, Richard >> Megginson am authorized by Red Hat, Inc., my employer, to release this >> work under the following terms. >> >> =A0 =A0 Red Hat, Inc. hereby place the following modifications to OpenLD= AP >> Software (and only these modifications) into the public domain. Hence, >> these modifications may be freely used and/or redistributed for any >> purpose with or without attribution and/or other notice. >> >> >> >> >> > > > > > > >

1 0

Re: (ITS#6513) dynacl/aci fails on searches with attributes
by masarati＠aero.polimi.it 11 Apr '10

11 Apr '10

> Full_Name: Peter Marschall > Version: 2.4.21 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/Peter-Marschall-100411.patch > Submission from: (NULL) (94.217.135.20) > > > Hi, > > Playing around with dynacl/aci a bit I cam across the following issue: > > Searches that do not contain the attribute OpenLDAPaci in the list of > attribues > queried, omit objects. dynacl/aci (as the original aci code it's based on) relies on the fact that the entry is complete. This is the case when the entry is stored locally, e.g. in back-bdb/hdb. Otherwise, no mechanism is in place to retrieve operational attributes. Please note that in the latter case, even ACL rules based on, say, createTimestamp or so would operate incorrectly. My guess is that you're trying to use ACIs with a non-local storage. In that case your analysis is correct. Can you provide your (sanitized) configuration? The "right" solution is much more general, not only related to dynacl. Slapd needs to know in advance what (operational) attributes are required for policy enforcing, and they need to be added to requested attrs when entries are collected from remote storage. Your patch seems to fix your specific need, but it is clearly inefficient. p.

1 0

(ITS#6513) dynacl/aci fails on searches with attributes
by peter＠adpm.de 11 Apr '10

11 Apr '10

Full_Name: Peter Marschall Version: 2.4.21 OS: Linux URL: ftp://ftp.openldap.org/incoming/Peter-Marschall-100411.patch Submission from: (NULL) (94.217.135.20) Hi, Playing around with dynacl/aci a bit I cam across the following issue: Searches that do not contain the attribute OpenLDAPaci in the list of attribues queried, omit objects. E.g. doing a base search for 1.1 on an object that has the following OpenDLAPaci value OpenLDAPaci: 0#entry#grant;r,c,s,d,x;[entry]#public# OpenLDAPaci: 0#entry#grant;r,c,s,d,x;[all]#public# (no superior object has a subtree OpenLDAPaci) does not return the DN of the object, while doing the search without arguments returns the DN. According to my experiments, it looks like the Entry *e passed as argument to dynacl_aci_mask() does not have OpenLDAPaci in its e->e_attrs. I wrote the patch ftp://ftp.openldap.org/incoming/Peter-Marschall-100411.patch to verify my suspicions, and it seems to help, although at the cost of abysmally bad performance. I guess there are better ways to fix the issue (e.g. "auto-adding" OpenLDAPaci to the attributes queried from the backend and stripping it before giving it back to the client), but my knowledge of the internal workings of OpenLDAP is too limited.

1 0

Re: (ITS#6194) Patch - Enhancement - provide LDIF support as libldif
by masarati＠aero.polimi.it 11 Apr '10

11 Apr '10

> Full_Name: Rich Megginson > Version: CVS HEAD (2.4.21+) > OS: Fedora > URL: > ftp://ftp.openldap.org/incoming/openldap-2.4.21-libldif-and-new-ldif-api-20… Rich, ldifutil.c seems to be missing in that file. Can you provide it? Either a separate file, or a new version of the patch is fine. Thanks, p. > This patch allows liblutil to provide the LDIF reading and writing > functions as > public APIs in a libldif, and exposes ldif.h to the public API. This > patch also creates > a new LDAP API for parsing raw LDIF records into higher level LDAP > structures > such as LDAPMod and LDAPControl - ldap_parse_ldif_record() - and changes > ldapmodify.c to use the new API. > > This patch file is derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by Red Hat, Inc.. Red Hat, Inc. has not > assigned rights and/or interest in this work to any party. I, Richard > Megginson am authorized by Red Hat, Inc., my employer, to release this > work under the following terms. > > Red Hat, Inc. hereby place the following modifications to OpenLDAP > Software (and only these modifications) into the public domain. Hence, > these modifications may be freely used and/or redistributed for any > purpose with or without attribution and/or other notice. > > > > >

1 0

← Newer
1
...
14
15
16
17
18
19
20
...
24
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs April 2010