openldap-bugs

openldap-bugs@openldap.org

1 participants
21000 discussions

Re: (ITS#5282) refreshAndPersist can miss changes if error occurs
by hyc＠symas.com 13 Dec '07

13 Dec '07

quanah(a)zimbra.com wrote: > Full_Name: Quanah Gibson-Mount > Version: 2.3.39 > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (76.21.80.71) > > > If one is using refreshAndPersist with syncrepl, and an error occurs during a > change, the contextCSN will not be updated. However, if a /new/ change comes in > after that, that is successful, the CSN will be updated, and the missed change > is lost. This can happen, for example, if the replica runs out of locks while > making the change. It would be best then, if this happens, for the replica to > drop out of persist mode. This is a good reason to set an interval with this > mode. This was fixed in HEAD in January 2006. So the fix is in all 2.4 releases, but never made it into RE23. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5282) refreshAndPersist can miss changes if error occurs
by quanah＠zimbra.com 13 Dec '07

13 Dec '07

Full_Name: Quanah Gibson-Mount Version: 2.3.39 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.21.80.71) If one is using refreshAndPersist with syncrepl, and an error occurs during a change, the contextCSN will not be updated. However, if a /new/ change comes in after that, that is successful, the CSN will be updated, and the missed change is lost. This can happen, for example, if the replica runs out of locks while making the change. It would be best then, if this happens, for the replica to drop out of persist mode. This is a good reason to set an interval with this mode.

1 0

(ITS#5281) doc contribution - set examples - following references
by andreas＠mandriva.com.br 13 Dec '07

13 Dec '07

Full_Name: Andreas Hasenack Version: 2.4.6 OS: Linux URL: http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-followi… Submission from: (NULL) (200.140.247.99) http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-followi… Documentation contribution with further examples regarding the usage of sets in ACLs. This time, using a user/manager/secretary/group example. These files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Andreas Hasenack <andreas(a)mandriva.com.br>. These modifications are not subject to any license of Mandriva. I, Andreas Hasenack, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#5279) doc contribution - set examples - memberUid
by andreas＠mandriva.com.br 13 Dec '07

13 Dec '07

Full_Name: Andreas Hasenack Version: 2.4.6 OS: Linux URL: http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-memberU… Submission from: (NULL) (200.140.247.99) http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-memberU… Documentation contribution explaining how to use sets to emulate group ACLs when the member attribute is not in the DN syntax (like posixGroup as defined in RFC2307). These files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Andreas Hasenack <andreas(a)mandriva.com.br>. These modifications are not subject to any license of Mandriva. I, Andreas Hasenack, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

(ITS#5278) doc contribution - set examples - recursive groups
by andreas＠mandriva.com.br 13 Dec '07

13 Dec '07

Full_Name: Andreas Hasenack Version: 2.4.6 OS: Linux URL: http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-recursi… Submission from: (NULL) (200.140.247.99) Please find at http://users.mandriva.com.br/~andreas/ldap-doc/doc-set-examples/set-recursi… a documentation contribution giving set examples. So far, it has one example (recursive groups) and I will expand it to include more examples in the future. It is not in the form of a patch because I'm not sure in the guide where it would fit in, considering that the ACL part is duplicated (cn=config and slapd.conf) and will probably be changed. These files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Andreas Hasenack <andreas(a)mandriva.com.br>. These modifications are not subject to any license of Mandriva. I, Andreas Hasenack, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.

1 0

Re: (ITS#5274) add search to online docs
by h.b.furuseth＠usit.uio.no 13 Dec '07

13 Dec '07

kurt(a)OpenLDAP.org writes: > There are lots of existing ways of searching an admin guide. > > First, most web search engines can be told to localize their search to > a set of pages. For instance: > http://www.google.com/search?q=site:www.openldap.org/doc/admin24+rwm Not everyone knows how to do that. And in some cases such a Google search gives a better interface than a browser search, since it can show all resulsts together, with some context. The HTML seems easy enough - I derived this from a "search within results" form in a Google search: <form action="http://www.google.com/search"> <input type=hidden name=q value="site:openldap.org/doc/admin24"> <input type=text name=as_q size=31 maxlength=256 value=""> <input type=submit name=btnG VALUE="Search Admin Guide"> </form> I don't know how easy it is to auto-insert it in the Guide though. (Could easily be put as a third column in the /doc/index.html table I imagine.) -- Regards, Hallvard

1 0

Re: (ITS#5274) add search to online docs
by kurt＠OpenLDAP.org 13 Dec '07

13 Dec '07

On Dec 12, 2007, at 12:02 PM, craig5(a)pobox.com wrote: > Full_Name: Craig Sebenik > Version: 2.3.35 > OS: CentOS 4.5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.220.152.66) > > > It would be helpful if the admin documentation on the OpenLDAP web > pages had > some way to search. There are lots of existing ways of searching an admin guide. First, most web search engines can be told to localize their search to a set of pages. For instance: http://www.google.com/search?q=site:www.openldap.org/doc/admin24+rwm Second, the guide is available as a readily searchable single HTML document. Third, the guide is available as readily searchable PDF document. > > > http://www.openldap.org/doc/admin24/ > > IMO, it would be fantastic if there was a simple search box on each > page and an > "advanced search page" with more options. Use your browsers built-in search functions to search any single page, and if they aren't advanced enough for you, try a different browser. > However, a simple search box on just > the main page would be a great start. See above suggestions. Lastly, such things are easier said than done. I simply don't see sufficient value here to warrant expending the significant resources it would take to design, implement, test, and deploy a solution fulfilling this request. -- Kurt

1 0

Re: (ITS#5274) add search to online docs
by ghenry＠OpenLDAP.org 13 Dec '07

13 Dec '07

craig5(a)pobox.com wrote: > Full_Name: Craig Sebenik > Version: 2.3.35 > OS: CentOS 4.5 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (209.220.152.66) > > > It would be helpful if the admin documentation on the OpenLDAP web pages had > some way to search. > > http://www.openldap.org/doc/admin24/ > > IMO, it would be fantastic if there was a simple search box on each page and an > "advanced search page" with more options. However, a simple search box on just > the main page would be a great start. > > Maybe htdig or similar, or a custom Google link? -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

(ITS#5277) Feature request: Impose SSL/TLS for some addresses/interfaces
by michele.codutti＠uniud.it 13 Dec '07

13 Dec '07

Full_Name: Michele Codutti Version: 2.3 OS: Linux/Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (158.110.7.132) Recently I need to implement a clustered system of OpenLDAP with syncrepl replication method. Every node has two interfaces: one public (let's say eth0) and one connected to a private subnet (let's say eth1). What I want is to impose only SSL/TLS connection on eth0 and unencrypted connection on eth1. I want this because is useless to encrypt syncrepl traffic through the private (dedicated and secured) subnet. I haven't found any directive that do what I want. At last I've implemented a solution suggested by Pierangelo Masaratti. I imposed TLS/SSL by these ACL's: access to * by sockurl="ldap://$PUBLIC_NAME" ssf=128 break by sockurl="ldap://$PUBLIC_NAME" stop by sockurl="ldaps://$PUBLIC_NAME" ssf=128 break by sockurl="ldaps://$PUBLIC_NAME" stop by * break Pierangelo also suggested me to write an ITS to ask for a specific directive to do this more naturaly. So here I'm. Could it be done?

1 0

(ITS#5236) core.ldif differs from core.schema
by hyc＠symas.com 12 Dec '07

12 Dec '07

Michael Ströder wrote: > HI! > > following up on this because some older schema files reference > 'countryName' (and worked with RE23). > > Howard Chu wrote: >> I'm puzzled why RFC4519 drops the 'countryName' alias for this type >> from the RFC2256 definition. > > Me too... > > How to deal with that (except changing the schema files of other vendors)? After chatting with Kurt, we confirmed that there was no reason to drop the alias from our schema files, so I've restored it. (Implementations are allowed to recognize multiple names for the same attribute. Since slapd still only generates the canonical name in its output, we are still conformant.) -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs