openldap-bugs

openldap-bugs@openldap.org

1 participants
20964 discussions

ITS#5009 ldapsearch -C
by hyc＠symas.com 22 Jul '07

22 Jul '07

As noted elsewhere, the "-C" option is intentionally undocumented. Since the command line tools only support anonymous referral chasing, and referral chasing through untrusted servers is inherently unsafe, it's best not to do it. This ITS will be closed. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5040) modifyTimestamp being updated on login (bind) failure
by hyc＠symas.com 22 Jul '07

22 Jul '07

dan.cushing(a)netideasinc.com wrote: > Full_Name: Dan Cushing > Version: 2.3.36 > OS: Solaris 9 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (71.76.187.82) > > > When running OpenLDAP with the ppolicy overlay, the modifyTimestamp for a user > entry is updated if the user attempts to login (bind) with an incorrect > password. This is happening because the password lockout feature is enabled and > the operational attribute 'pwdFailureTime' is being updated. It seems like this > results in a misleading modifyTimestamp. Is it intended that the > modifyTimestamp attribute be updated when operational attributes are updated? Hadn't really thought about it before. We can certainly avoid this though. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by ghenry＠suretecsystems.com 21 Jul '07

21 Jul '07

<quote who="hyc(a)symas.com"> > ando(a)sys-net.it wrote: >> ghenry(a)suretecsystems.com wrote: >>> <quote who="hyc(a)symas.com"> >>>> ghenry(a)OpenLDAP.org wrote: >>>>> Full_Name: Gavin Henry >>>>> Version: HEAD >>>>> OS: >>>>> URL: ftp://ftp.openldap.org/incoming/ >>>>> Submission from: (NULL) (80.229.93.1) >>>>> Submitted by: ghenry >>>>> >>>>> >>>>> Dear All, >>>>> >>>>> It's not clear or explained what AVA means in slapd-meta(5) and >>>>> slapo-rwm(5) >>>> Standard terminology in X.500/LDAP. "Attribute Value Assertion" >>>>> A user was asking in #ldap >>>>> >>>>> I presume it means "Attribute Value"? >>>>> >>>>> If so, I will add an explaination in each man page. >>>> OpenLDAP docs are not intended to explain the basics of LDAP. You're >>>> expected >>>> to already know LDAP or refer to the RFCs for basic terminology. >>> Closing ITS. >> >> In any case, expanding acronyms when first used sounds "polite"; any >> further reference to the most appropriate RFC should allow newbie >> readers to learn more. > > Perhaps, in the Admin Guide. We have it in preamble.sdf already, so I think this is covered. > But in the man page? Where do you draw the line? > Do we have to start every man page with e.g. "the meta backend to slapd > (the > Standalone LDAP (Lightweight Directory Access Protocol) Daemon) performs > basic > LDAP proxying..." ? > > In this case, what good would it do? Would someone who hasn't read any > RFCs > know what "Attribute Value Assertion" means? Anyone who doesn't understand > the > X.500 information model has no business administering slapd. They need to > absorb that basic groundwork first, and IMO manpages are not the mechanism > for > teaching that. > -- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > >

1 0

Re: (ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by hyc＠symas.com 21 Jul '07

21 Jul '07

ando(a)sys-net.it wrote: > ghenry(a)suretecsystems.com wrote: >> <quote who="hyc(a)symas.com"> >>> ghenry(a)OpenLDAP.org wrote: >>>> Full_Name: Gavin Henry >>>> Version: HEAD >>>> OS: >>>> URL: ftp://ftp.openldap.org/incoming/ >>>> Submission from: (NULL) (80.229.93.1) >>>> Submitted by: ghenry >>>> >>>> >>>> Dear All, >>>> >>>> It's not clear or explained what AVA means in slapd-meta(5) and >>>> slapo-rwm(5) >>> Standard terminology in X.500/LDAP. "Attribute Value Assertion" >>>> A user was asking in #ldap >>>> >>>> I presume it means "Attribute Value"? >>>> >>>> If so, I will add an explaination in each man page. >>> OpenLDAP docs are not intended to explain the basics of LDAP. You're >>> expected >>> to already know LDAP or refer to the RFCs for basic terminology. >> Closing ITS. > > In any case, expanding acronyms when first used sounds "polite"; any > further reference to the most appropriate RFC should allow newbie > readers to learn more. Perhaps, in the Admin Guide. But in the man page? Where do you draw the line? Do we have to start every man page with e.g. "the meta backend to slapd (the Standalone LDAP (Lightweight Directory Access Protocol) Daemon) performs basic LDAP proxying..." ? In this case, what good would it do? Would someone who hasn't read any RFCs know what "Attribute Value Assertion" means? Anyone who doesn't understand the X.500 information model has no business administering slapd. They need to absorb that basic groundwork first, and IMO manpages are not the mechanism for teaching that. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#5054) AVA in slapd-meta(5) and slapo-rwm(5)
by ando＠sys-net.it 21 Jul '07

21 Jul '07

ghenry(a)suretecsystems.com wrote: > <quote who="hyc(a)symas.com"> >> ghenry(a)OpenLDAP.org wrote: >>> Full_Name: Gavin Henry >>> Version: HEAD >>> OS: >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (80.229.93.1) >>> Submitted by: ghenry >>> >>> >>> Dear All, >>> >>> It's not clear or explained what AVA means in slapd-meta(5) and >>> slapo-rwm(5) >> Standard terminology in X.500/LDAP. "Attribute Value Assertion" >>> A user was asking in #ldap >>> >>> I presume it means "Attribute Value"? >>> >>> If so, I will add an explaination in each man page. >> OpenLDAP docs are not intended to explain the basics of LDAP. You're >> expected >> to already know LDAP or refer to the RFCs for basic terminology. > > Closing ITS. In any case, expanding acronyms when first used sounds "polite"; any further reference to the most appropriate RFC should allow newbie readers to learn more. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Re: (ITS#5053) openldap 2.3.36 crashing
by hyc＠symas.com 20 Jul '07

20 Jul '07

igbed(a)wmin.ac.uk wrote: > Full_Name: Damian Igbe > Version: 2.3.6 > OS: SLES 10 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (161.74.11.24) > > > I have a delta-syncrepl replication working with password policy in place. > Authentication to the master works fine but when a client tries to authenticate > to the replica server, the following bug is encountered and the system crashes. There is not enough information in this bug report. Please include a copy of your slapd.conf from the replica, and a copy of your password policy. Please also show the LDAP request that was issued when the crash occurred. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4959) replica seg faults if syncrepl searchbase =""
by hyc＠symas.com 20 Jul '07

20 Jul '07

ali.pouya(a)free.fr wrote: > h.b.furuseth(a)usit.uio.no wrote : > >> That's from ITS#4975: The code was broken for builds without TLS. >> It's been fixed in HEAD. Does it work now? > > Hi Hallvard, > Yes I confirm that the problem with TLS compilation is fixed now. > > But the main problem of this ITS still remains (replica seg faults if syncrepl > searchbase =""). > > Sorry for this late answer. > Best regards > Ali If the current HEAD still crashes for you, please attach your slapd.conf files in a followup to this ITS, thanks. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4961) If database suffix is ""
by hyc＠symas.com 20 Jul '07

20 Jul '07

ali.pouya(a)free.fr wrote: > Unfortunately the problem has not been completely fixed in the HEAD. > With the fix in the head the error message disappears but the contextCSN ins NOT > ACTUALLY written to the disk. So at the next slapd startup the ContextCSN is > missing. An the servers hav to resynchronize. In fact the contextCSN was getting written out, but not getting read back in on the next startup. This should now be working in HEAD, please test. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by hyc＠symas.com 20 Jul '07

20 Jul '07

dhawes(a)vt.edu wrote: > On Thursday 19 July 2007 17:18, ghenry(a)suretecsystems.com wrote: >> <quote who="dhawes(a)vt.edu"> >> >>> On Thursday 19 July 2007 05:35, Gavin Henry wrote: >>>>> An updated version of addpartial is available at: >>>>> >>>>> ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz >>>>> >>>>> This version includes changes to work with OpenLDAP 2.3 as well as >>>>> ensuring syncrepl works properly. >>>>> >>>>> david hawes >>>> If this hasn't been added to 2.4/HEAD yet, would you consider updating >>>> it >>>> for inclusion in 2.4 contrib? >>> Absolutely, I've been meaning to test with 2.4. I'll bump it to the top >>> of >>> the list. >> Can you make sure that is dynamically configurable via cn=config like >> everything else in 2.4. >> >> Thanks. > > I have tested the overlay at > ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz, and it > works with 2.4.4alpha, including dynamic loading via cn=config. > > Apart from using "overlay addpartial", there is no slapd configuration for > addpartial. I believe this means it doesn't need its own schema to work > correctly. Please correct me if I am wrong about this. That's correct. If there was no config needed under the old mechanism, then none is needed with the new either. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: Contrib: addpartial overlay (ITS#3593)
by dhawes＠vt.edu 20 Jul '07

20 Jul '07

On Thursday 19 July 2007 17:18, ghenry(a)suretecsystems.com wrote: > <quote who="dhawes(a)vt.edu"> > > > On Thursday 19 July 2007 05:35, Gavin Henry wrote: > >> > An updated version of addpartial is available at: > >> > > >> > ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz > >> > > >> > This version includes changes to work with OpenLDAP 2.3 as well as > >> > ensuring syncrepl works properly. > >> > > >> > david hawes > >> > >> If this hasn't been added to 2.4/HEAD yet, would you consider updating > >> it > >> for inclusion in 2.4 contrib? > > > > Absolutely, I've been meaning to test with 2.4. I'll bump it to the top > > of > > the list. > > Can you make sure that is dynamically configurable via cn=config like > everything else in 2.4. > > Thanks. I have tested the overlay at ftp://ftp.openldap.org/incoming/david_hawes-addpartial-070126.tgz, and it works with 2.4.4alpha, including dynamic loading via cn=config. Apart from using "overlay addpartial", there is no slapd configuration for addpartial. I believe this means it doesn't need its own schema to work correctly. Please correct me if I am wrong about this. Thanks, dave

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs