openldap-bugs

openldap-bugs@openldap.org

1 participants
20966 discussions

Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
by rmeggins＠redhat.com 11 Sep '08

11 Sep '08

This is a cryptographically signed message in MIME format. --------------ms030000020803000108060801 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Howard Chu wrote: > rmeggins(a)redhat.com wrote: >> Full_Name: Rich Megginson >> Version: 2.4.11 and current HEAD >> OS: Fedora >> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch >> Submission from: (NULL) (76.113.59.19) >> >> >> This patch allows OpenLDAP to use Mozilla NSS for crypto. The >> approach uses the >> nss_compat_ossl library. This library allows the code to use the >> current >> OpenSSL API so that the changes to the actual OpenLDAP code are >> minimized. This >> is the same approach that has been used to port several other >> packages to use >> NSS instead of OpenSSL as part of the Fedora Crypto Consolidation >> project. >> >> The nss_compat_ossl library is here - >> http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ >> - it is >> also included with Fedora > > Thanks for the patch. Some notes - for future reference, don't include > diffs to generated files (e.g. configure), just include the diffs to > the source (e.g. configure.in). Ok. Sorry about that. I've just been applying this patch for testing, but yeah, you will just regenerate configure. > Since "NSS" already has a well-established meaning in POSIX > environments (Name Service Switch), I've been referring to this as > MozNSS (Mozilla NSS) to avoid confusion. Ok. Yeah, it's very confusing. The nss developers haven't run into this problem that much yet - but nss is used quite heavily in the ldap space (nss_ldap etc.) > > Also, there's already a working implementation of Mozilla NSS support > in HEAD, but your patch covers a lot of areas I didn't look at yet > (SHA1 hashing, etc) so we'll probably cherrypick pieces of your patch > to merge. Ok. Sounds good. --------------ms030000020803000108060801 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJCzCC AuAwggJJoAMCAQICEFcdcRwRB8xs7lDIZBO/bfowDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MTIwNDE2MzM1OVoX DTA4MTIwMzE2MzM1OVowRTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEiMCAG CSqGSIb3DQEJARYTcm1lZ2dpbnNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBANpEUJJ++jpsDRmNt7cla8gygzXXoOHCPCubSxG0juJoxS/4F1UiyVSy0Gzb C5lVZemRenB+G389Ai11jLKp97S1abeQII26poIkjvYJCjyO92SJNFvb8mz6bkBW9NcH2zBt odjoeCvdlKuwxg1IX/kYsmz4lirjIVPFPSyqx7jgYhuNpjfR3oUuNRLx5Y6i9Ep+1AmTkoWx NNwMNFwRUOh78z/Gvh9exCB8Xldd58egHfYluBraFi5IgkGQneI4+VyFrNwwX1XtjI2EmDrO HnMTZGnkYBH5L6b54bMkIKxMmZrmdzcyQ0JLbz2GZqKo5BUaN4M1M2kTCy0HbKOlhZECAwEA AaMwMC4wHgYDVR0RBBcwFYETcm1lZ2dpbnNAcmVkaGF0LmNvbTAMBgNVHRMBAf8EAjAAMA0G CSqGSIb3DQEBBQUAA4GBAELh1VaZchhZmlX93Wmbu8loeXNOP5/RRJVHCgom1N7g4YZBcBwM 1bmoo5b9gK3IPrPxZu2zYuyxwveNM0KdmaYtLzWiStJyifMDb8FtMNvVc5oewQK5tnDUw3dG MH/TxiE/hEZiRjAVylPiwzq47PjVPIM87Rek8hROvCkaEO6hMIIC4DCCAkmgAwIBAgIQVx1x HBEHzGzuUMhkE79t+jANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDcxMjA0MTYzMzU5WhcNMDgxMjAzMTYzMzU5WjBF MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSIwIAYJKoZIhvcNAQkBFhNybWVn Z2luc0ByZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kRQkn76 OmwNGY23tyVryDKDNdeg4cI8K5tLEbSO4mjFL/gXVSLJVLLQbNsLmVVl6ZF6cH4bfz0CLXWM sqn3tLVpt5AgjbqmgiSO9gkKPI73ZIk0W9vybPpuQFb01wfbMG2h2Oh4K92Uq7DGDUhf+Riy bPiWKuMhU8U9LKrHuOBiG42mN9HehS41EvHljqL0Sn7UCZOShbE03Aw0XBFQ6HvzP8a+H17E IHxeV13nx6Ad9iW4GtoWLkiCQZCd4jj5XIWs3DBfVe2MjYSYOs4ecxNkaeRgEfkvpvnhsyQg rEyZmuZ3NzJDQktvPYZmoqjkFRo3gzUzaRMLLQdso6WFkQIDAQABozAwLjAeBgNVHREEFzAV gRNybWVnZ2luc0ByZWRoYXQuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEA QuHVVplyGFmaVf3daZu7yWh5c04/n9FElUcKCibU3uDhhkFwHAzVuaijlv2Arcg+s/Fm7bNi 7LHC940zQp2Zpi0vNaJK0nKJ8wNvwW0w29Vzmh7BArm2cNTDd0Ywf9PGIT+ERmJGMBXKU+LD Orjs+NU8gzztF6TyFE68KRoQ7qEwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHR MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRv d24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u IFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg Q0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMw NzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZy ZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftO ucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Va qj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e2 0TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6 MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENB LmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJl bDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0wh uPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmO jCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDcTCCA20C AQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEFcd cRwRB8xs7lDIZBO/bfowCQYFKw4DAhoFAKCCAdAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH ATAcBgkqhkiG9w0BCQUxDxcNMDgwOTExMjEwMjU3WjAjBgkqhkiG9w0BCQQxFgQUgrlU70hz emgL9UroY5tdya2gFvQwXwYJKoZIhvcNAQkPMVIwUDALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGFBgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h aWwgSXNzdWluZyBDQQIQVx1xHBEHzGzuUMhkE79t+jCBhwYLKoZIhvcNAQkQAgsxeKB2MGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSww KgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQVx1xHBEHzGzu UMhkE79t+jANBgkqhkiG9w0BAQEFAASCAQAd2tnYv6GJIgrUuiqErc/NxB904FghsimijiCx jd4WqQ6hK4rJMvq39V8ZYThQoSHhp+w6SjztTwjv6PIMibDl9ZyIIp2d8GexMsxemIRWMMp4 K955F5ZcyB9skETGGOV77adbPebwdLHAk8//oNx75bSw786gr8vxaxu9iYR79fuZNsgzQewS 4u/+9vOxAROy6VMQ+2ZW0hcca/gZLGkIjKL16GRVVAdkHmhHSu3zIOQsmrtX9uzuDyPl+Nrj nKySb2vCjn+G/VDeKmtWOHfV0aBbBOUBzdLBG8qvNS2HvNZrAJPxIwv+RTn5sHREGjDe8KWO EOPq+KbmlM06Ccy4AAAAAAAA --------------ms030000020803000108060801--

1 0

(ITS#5697) Typo on contributing guidelines
by hyc＠OpenLDAP.org 11 Sep '08

11 Sep '08

Full_Name: Howard Chu Version: OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.91.220.157) Submitted by: hyc On http://www.openldap.org/devel/contributing.html Index: contributing.wml =================================================================== RCS file: /repo/OpenLDAP/www/pages/devel/contributing.wml,v retrieving revision 1.30 diff -u -r1.30 contributing.wml --- contributing.wml 3 Apr 2008 21:59:54 -0000 1.30 +++ contributing.wml 11 Sep 2008 21:02:23 -0000 @@ -195,7 +195,7 @@ If you have assigned rights and/or interest in this work to another party, such as your employer (possibly through your employment agreement), you must state which rights you have assigned and to -whom. For instance, "By virtual of my employment agreement with +whom. For instance, "By virtue of my employment agreement with EMPLOYER-NAME, I have assigned my rights and interest in this work to EMPLOYER-NAME."

1 0

Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
by hyc＠symas.com 11 Sep '08

11 Sep '08

hyc(a)symas.com wrote: > rmeggins(a)redhat.com wrote: >> Full_Name: Rich Megginson >> Version: 2.4.11 and current HEAD >> OS: Fedora >> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch >> Submission from: (NULL) (76.113.59.19) >> This patch allows OpenLDAP to use Mozilla NSS for crypto. The approach uses the >> nss_compat_ossl library. This library allows the code to use the current >> OpenSSL API so that the changes to the actual OpenLDAP code are minimized. This >> is the same approach that has been used to port several other packages to use >> NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project. > Thanks for the patch. Some notes - for future reference, don't include diffs > to generated files (e.g. configure), just include the diffs to the source > (e.g. configure.in). Since "NSS" already has a well-established meaning in > POSIX environments (Name Service Switch), I've been referring to this as > MozNSS (Mozilla NSS) to avoid confusion. Also please read http://www.openldap.org/devel/contributing.html ; you haven't provided any of the required IPR notices. We can't touch the submission without them. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5696) Patch - support Mozilla NSS for crypto operations
by hyc＠symas.com 11 Sep '08

11 Sep '08

rmeggins(a)redhat.com wrote: > Full_Name: Rich Megginson > Version: 2.4.11 and current HEAD > OS: Fedora > URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch > Submission from: (NULL) (76.113.59.19) > > > This patch allows OpenLDAP to use Mozilla NSS for crypto. The approach uses the > nss_compat_ossl library. This library allows the code to use the current > OpenSSL API so that the changes to the actual OpenLDAP code are minimized. This > is the same approach that has been used to port several other packages to use > NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project. > > The nss_compat_ossl library is here - > http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ - it is > also included with Fedora Thanks for the patch. Some notes - for future reference, don't include diffs to generated files (e.g. configure), just include the diffs to the source (e.g. configure.in). Since "NSS" already has a well-established meaning in POSIX environments (Name Service Switch), I've been referring to this as MozNSS (Mozilla NSS) to avoid confusion. Also, there's already a working implementation of Mozilla NSS support in HEAD, but your patch covers a lot of areas I didn't look at yet (SHA1 hashing, etc) so we'll probably cherrypick pieces of your patch to merge. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5668) Invalid entryCSN generated, and slapd will not restart
by hyc＠symas.com 11 Sep '08

11 Sep '08

Hallvard B Furuseth wrote: > Looking at liblutil/utils.c:lutil_gettime() led me to > > Beware of QueryPerformanceCounter() > http://www.virtualdub.org/blog/pivot/entry.php?id=106 > > Is warning relevant to slapd? I don't know Windows programming at all. > Yes, it's relevant. People running on Windows should probably boot with /usepmtimer to make sure the ACPI timer is used (which runs at 3.5MHz). Then again, the simplest solution is "don't run mission-critical servers on Windows" because the platform is so completely inadequate, for this and many other reasons. Probably should read this as well http://support.microsoft.com/kb/895980 Of course, not all of this uncertainty is Microsoft's fault - AMD documented that their dual-core processors would keep their TSCs in sync between both cores, but in reality the TSCs never stay in sync. So if you happen to be running an old-enough Windows release, written when the TSC was still believed to be a reliable clock source, you may have problems unless you explicitly tell Windows to use the ACPI PM timer. If you're running on a very old motherboard that doesn't support ACPI, you won't have a PM timer to use; but in that case you're probably also running with a processor that doesn't have TSC issues. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5695) AC syntax in OpenLDAP
by ando＠sys-net.it 11 Sep '08

11 Sep '08

bash-3.2$ wget ftp://ftp.openldap.org/incoming/Tamburo-Luca-AC-08-09-11.tgz --19:53:57-- ftp://ftp.openldap.org/incoming/Tamburo-Luca-AC-08-09-11.tgz => `Tamburo-Luca-AC-08-09-11.tgz' Resolving ftp.openldap.org... 204.152.186.57, 2001:4f8:3:ba:2e0:18ff:fe02:efec Connecting to ftp.openldap.org|204.152.186.57|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /incoming ... done. ==> SIZE Tamburo-Luca-AC-08-09-11.tgz ... done. ==> PASV ... done. ==> RETR Tamburo-Luca-AC-08-09-11.tgz ... No such file `Tamburo-Luca-AC-08-09-11.tgz'. Could you please provide a pointer to the exact link? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

1 0

(ITS#5696) Patch - support Mozilla NSS for crypto operations
by rmeggins＠redhat.com 11 Sep '08

11 Sep '08

Full_Name: Rich Megginson Version: 2.4.11 and current HEAD OS: Fedora URL: ftp://ftp.openldap.org/incoming/openldap-2.4.11-nss-20080911.patch Submission from: (NULL) (76.113.59.19) This patch allows OpenLDAP to use Mozilla NSS for crypto. The approach uses the nss_compat_ossl library. This library allows the code to use the current OpenSSL API so that the changes to the actual OpenLDAP code are minimized. This is the same approach that has been used to port several other packages to use NSS instead of OpenSSL as part of the Fedora Crypto Consolidation project. The nss_compat_ossl library is here - http://svn.fedorahosted.org/svn/identity/common/trunk/nss_compat_ossl/ - it is also included with Fedora

1 0

(ITS#5695) AC syntax in OpenLDAP
by tamburo＠studenti.unina.it 11 Sep '08

11 Sep '08

Full_Name: Tamburo Luca Version: cvs OS: URL: ftp://ftp.openldap.org/incoming/Tamburo-Luca-AC-08-09-11.tgz Submission from: (NULL) (82.51.134.108) Hi, I'm a student at University "Federico II" (Napoli, Italy). For my bachelor degree I have worked on LDAP and Attribute Certicates. My main source has been Standard X.509 (2000). More precisely I have implemented a function to validate AC syntax, and the equality matching rule "attribute Certificate Exact Match" as defined in Internet Draft: "Internet X.509 Public Key Infrastructure LDAP Schema and Syntaxes for PMIs" (by D. Chadwick and S.Legg, 27 June 2002). I have changed the file servers/slapd/schema_init.c; I needed to create a new schema file called guest.schema which contains the definitions of objectclass pmiUser and the attribute type attributeCertificateAttribute. Link for the archive is ftp://ftp.openldap.org/incoming/Tamburo-Luca-AC-08-09-11.tgz Thanks in advance for your attention. Best regards, Luca Tamburo

1 0

RE: (ITS#5668) Invalid entryCSN generated, and slapd will not restart
by emmanuel.duru＠atosorigin.com 11 Sep '08

11 Sep '08

OK, it works.

1 0

Re: (ITS#5668) Invalid entryCSN generated, and slapd will not restart
by h.b.furuseth＠usit.uio.no 11 Sep '08

11 Sep '08

Looking at liblutil/utils.c:lutil_gettime() led me to Beware of QueryPerformanceCounter() http://www.virtualdub.org/blog/pivot/entry.php?id=106 Is warning relevant to slapd? I don't know Windows programming at all. -- Hallvard

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs