openldap-bugs December 2012

openldap-bugs@openldap.org

17 participants
50 discussions

(ITS#7461) slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server
by tioteath＠gmail.com 04 Dec '12

04 Dec '12

Full_Name: Tio Teath Version: 2.4.33 OS: Debian GNU Linux Wheezy URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (178.172.239.4) I'm trying to set up group ACL, which contains DN located on the remote LDAP server. I have working ldap-proxy (olcSuffix: dc=remote) with slapo-pcache up and running. I can do the following search request, and get proper result, stored in the pcache database: ldapsearch -bcn=test2,ou=group,dc=remote "(objectClass=groupOfNames)" objectClass member But whenever I trying to get access to the RDN, the ACL of which contains following group entry: 'to dn.base="ou=people,dc=local" by group.exact="cn=test2,ou=group,dc=remote" write' I can't see any activity in the log (using pcache loglevel). Looks like, for some unknown reason, pcache are totally ignored while ACLs are processed. This decreases performance dramatically, as search statements are produced for each ACL containing remote DN.

1 0

Re: (ITS#7458) No matching rules for attribute mailPreferenceOption
by jonas.d.lindstrom＠ericsson.com 04 Dec '12

04 Dec '12

Yes, you are right of course. And thanks for the tip about forcing a matching rule, it works fine. /JL On 2012-12-04 02:29, Quanah Gibson-Mount wrote: > --On Monday, December 03, 2012 9:06 AM +0000 > jonas.d.lindstrom(a)ericsson.com wrote: > >> Full_Name: Jonas Lindstr?m >> Version: 2.4.33 >> OS: Linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (194.237.142.6) >> >> >> The attribute mailPreferenceOption in the cosine schema is defined >> without any matching rules, so filters such as (mailPreferenceOption=0) >> fail. > > Core schema are defined by RFCs. If the RFC defines no matching rule, > then there isn't one in the schema. If you want to see this changed, > I advise filing an RFC to update the schema definition. For this > particular attribute, see <https://www.ietf.org/rfc/rfc1274.txt> > > You can, of course, force matching rules for your search. See the > slapcat manpage for examples of how to force matching rules. > > --Quanah > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#7458) No matching rules for attribute mailPreferenceOption
by quanah＠zimbra.com 03 Dec '12

03 Dec '12

--On Monday, December 03, 2012 9:06 AM +0000 jonas.d.lindstrom(a)ericsson.com wrote: > Full_Name: Jonas Lindstr?m > Version: 2.4.33 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.237.142.6) > > > The attribute mailPreferenceOption in the cosine schema is defined > without any matching rules, so filters such as (mailPreferenceOption=0) > fail. Core schema are defined by RFCs. If the RFC defines no matching rule, then there isn't one in the schema. If you want to see this changed, I advise filing an RFC to update the schema definition. For this particular attribute, see <https://www.ietf.org/rfc/rfc1274.txt> You can, of course, force matching rules for your search. See the slapcat manpage for examples of how to force matching rules. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#7456) slapo-smbk5pwd: Makefile with -L
by quanah＠zimbra.com 03 Dec '12

03 Dec '12

--On Monday, December 03, 2012 6:22 AM +0000 michael(a)stroeder.com wrote: > fumiyas(a)osstech.jp wrote: >> At Wed, 28 Nov 2012 20:04:41 GMT, >> michael(a)stroeder.com wrote: >>> I'd like to propose the following patch to Makefile of slapo-smbk5pwd >>> to ease building it without installed OpenLDAP client libs: >> >> This ITS is a dup of #7309. >> http://www.openldap.org/its/index.cgi?findid=7309 >> >> And see also: >> http://www.openldap.org/its/index.cgi?findid=7308 >> >> This problem is fixed in master, but not in 2.4 branch... > > Ah, thanks for the hint. The Makefile in master looks much better than my > suggestion. > > @Quanah: Could you please port this to RE24 branch? My recollection is we've been waiting on someone to go through and test the changes. Are you willing to do that? it sounds like you've started... --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#7460) command-line option to ldapsearch to ignore server SSL certificate
by hyc＠symas.com 03 Dec '12

03 Dec '12

hauser(a)acm.org wrote: > Full_Name: Ralf Hauser > Version: 2.4.23 > OS: debian stable > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (212.25.16.113) > > > to test, it would be great to have a ldapsearch command-line option to ignore > the server cert. > > a) is that already existing ? No. > b) how would this be done otherwise? Use ldaprc. Read the ldap.conf(5) manpage. Closing this ITS. > > Many thanks in advance! > > Ralf > > P.S.: Perhaps, this could be added to a FAQ > http://www.openldap.org/faq/data/cache/2.html > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#7459) It is impossible to modify attributes olcPcacheTemplate, olcPcacheAttrset
by hyc＠symas.com 03 Dec '12

03 Dec '12

tioteath(a)gmail.com wrote: > Full_Name: Tio Teath > Version: 2.4.33 > OS: Debian GNU Linux Wheezy > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (178.172.239.4) > > > It is impossible to modify attributes olcPcacheTemplate, olcPcacheAttrset: > modify/add: olcPcacheTemplate: no equality matching rule > > Fixed now in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7460) command-line option to ldapsearch to ignore server SSL certificate
by hauser＠acm.org 03 Dec '12

03 Dec '12

Full_Name: Ralf Hauser Version: 2.4.23 OS: debian stable URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.25.16.113) to test, it would be great to have a ldapsearch command-line option to ignore the server cert. a) is that already existing ? b) how would this be done otherwise? Many thanks in advance! Ralf P.S.: Perhaps, this could be added to a FAQ http://www.openldap.org/faq/data/cache/2.html

1 0

(ITS#7459) It is impossible to modify attributes olcPcacheTemplate, olcPcacheAttrset
by tioteath＠gmail.com 03 Dec '12

03 Dec '12

Full_Name: Tio Teath Version: 2.4.33 OS: Debian GNU Linux Wheezy URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (178.172.239.4) It is impossible to modify attributes olcPcacheTemplate, olcPcacheAttrset: modify/add: olcPcacheTemplate: no equality matching rule

1 0

(ITS#7458) No matching rules for attribute mailPreferenceOption
by jonas.d.lindstrom＠ericsson.com 03 Dec '12

03 Dec '12

Full_Name: Jonas Lindström Version: 2.4.33 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.237.142.6) The attribute mailPreferenceOption in the cosine schema is defined without any matching rules, so filters such as (mailPreferenceOption=0) fail.

1 0

Re: (ITS#7456) slapo-smbk5pwd: Makefile with -L
by michael＠stroeder.com 02 Dec '12

02 Dec '12

fumiyas(a)osstech.jp wrote: > At Wed, 28 Nov 2012 20:04:41 GMT, > michael(a)stroeder.com wrote: >> I'd like to propose the following patch to Makefile of slapo-smbk5pwd to ease >> building it without installed OpenLDAP client libs: > > This ITS is a dup of #7309. > http://www.openldap.org/its/index.cgi?findid=7309 > > And see also: > http://www.openldap.org/its/index.cgi?findid=7308 > > This problem is fixed in master, but not in 2.4 branch... Ah, thanks for the hint. The Makefile in master looks much better than my suggestion. @Quanah: Could you please port this to RE24 branch? Ciao, Michael.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2012