openldap-bugs

openldap-bugs@openldap.org

1 participants
20993 discussions

(ITS#4870) superfluous int declarations in bconfig.c
by bret.lambert＠gmail.com 13 Mar '07

13 Mar '07

Full_Name: Bret Lambert Version: HEAD OS: URL: ftp://ftp.openldap.org/incoming/bret-lambert-070312.patch Submission from: (NULL) (70.179.123.124) Superfluous redeclarations of 'int i' in bconfig.c Found via lint(1) on OpenBSD.

1 0

Re: (ITS#4868) Binary Attribute Patch(es)
by ando＠sys-net.it 12 Mar '07

12 Mar '07

vargok(a)yahoo.com wrote: > These address the use of Binary-valued attributes (#3113, #3386): The proposed patches have been applied (with changes) to HEAD code (you should be able to easily generate the diffs between HEAD and re23 code); please test. In detail, please check the solution for the ";binary" issue. If you report the behavior as satisfactory, backporting to re23 could be an option, since the fix should be well isolated, and it configures as borderline between new feature and bug fix. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4868) Binary Attribute Patch(es)
by ando＠sys-net.it 12 Mar '07

12 Mar '07

Few preliminary comments follow. vargok(a)yahoo.com wrote: > Version: 2.3.32 You should rather patch HEAD code instead of released, and even not the latest. However, given the development rate of back-sql (~0), it shouldn't really matter > These address the use of Binary-valued attributes (#3113, #3386): > > For example, inetOrgPerson.userCertificate is usually transferred with the > ";binary" directive. ";binary" is not handled by OpenLDAP/Back-SQL. Well, the solution you propose is not correct, since you are altering schema data, which is supposed to be read-only. In any case, the point is: - if we decide that back-sql should ignore tags, then the solution consists in using the canonical name of the underlying AttributeType when looking up data; - however, this would destroy the possibility to use different storages for differently encoded data; for example, a column for "cn;lang-en" and a column for "cn;lang-jp". I don't know how many users would prefer one solution over another, but in any case either we find a solution that preserves both capabilities or we choose one. I'd vote in favor of ignoring ";binary" since it's obsolete and related to transport only, but in favor of honoring language tags. > As well, > the data itself, when stored in the database is not properly read out -- all > data is read as SQL_C_CHAR data. This supports SQL_C_BINARY-based data. This is just fine. > There remains an issue with selecting attributes using, e.g., > "userCertificate;binary" -- nothing is returned. Someone with a better > understanding of the attribute-processing method would be much more effective in > terms of finding the correct place to remove the ";binary" from the > "attribute-name." (i.e. "userCertificate;binary" is NOT the attribute-name; > "userCertificate" is the attribute-name, ";binary" is a transport directive (see > #3113). In fact, "userCertificate;binary" is the attribute description. The attribute name is in ad_type->sat_cname. > Additionally, I included to the patch to remove the "assert(0)" in Back-SQL's > verification that a search filter and ldap-data don't mis-match on suffix. Fine, but already fixed. > Tags: OpenLDAP, Back-SQL, MySQL, userCertificate, Binary Attributes, Client > Certificates > > > (1) > ./servers/slapd/back-sql/search.c.patch > Addressed ITS#4856 -- I think you already fixed this > > (2) > ./servers/slapd/back-sql/back-sql.h.patch > ./servers/slapd/back-sql/entry-id.c.patch > ./servers/slapd/back-sql/sql-wrap.c.patch > Address ITS#3113, ITS#3386 > Support for binary attribute values > > (3) > ./servers/slapd/back-sql/schema-map.c.patch > Addresses issue with accessing attributes that have been provided with > ";binary" directive > > note that I have no doubts whatso ever that there are many better ways to do > (3). You made an extensive use of C++ style comments, which are non portable. Obviously you didn't read the contribution guidelines. I'm testing (and improving) it. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: (ITS#4866) Can we list Null Value Attributes
by hyc＠symas.com 12 Mar '07

12 Mar '07

The ITS is not for general software usage questions. Use the ldap(a)umich.edu mailing list for general LDAP questions. This ITS will be closed. maruthigsr(a)gmail.com wrote: > Full_Name: Maruthi Gullapudi > Version: > OS: AIX > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.221.133.211) > > > Hi, > > I wanted to list all the users based on the value of one attribute using the > LDAPSEARCH Command. The value of that attribute is NULL. I dont know whether > LDAPSEARCH will capture null values. > > Can anyone tell me how to list users from an LDAP directory based on a NUll > valued attribute. > > Thanks in Advance > Maruthi > > > . > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#4869) config creates base64 encoded rootdn
by hyc＠symas.com 12 Mar '07

12 Mar '07

What is the original rootdn? dieter(a)dkluenter.de wrote: > Full_Name: Dieter Kluenter > Version: 2.4.4alpha > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (84.142.235.193) > > > When running slapd with -F -f to create a new config database, olcRootDN value > is created base64 encoded > > => ldap_bv2dn(p,0) > ldap_err2string > <= ldap_bv2dn(p)=-4 Decoding error > ldap_err2string > olcRootDN: value #0: <olcRootDN> invalid DN 21 (Invalid syntax) > config error processing olcDatabase={1}hdb,cn=config: <olcRootDN> invalid DN 21 > > (Invalid syntax) > send_ldap_result: conn=-1 op=0 p=0 > send_ldap_result: err=19 matched="" text="" > slapd destroy: freeing system resources. > slapd stopped. > > -Dieter > > > . > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#4869) config creates base64 encoded rootdn
by dieter＠dkluenter.de 12 Mar '07

12 Mar '07

Full_Name: Dieter Kluenter Version: 2.4.4alpha OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.142.235.193) When running slapd with -F -f to create a new config database, olcRootDN value is created base64 encoded => ldap_bv2dn(p,0) ldap_err2string <= ldap_bv2dn(p)=-4 Decoding error ldap_err2string olcRootDN: value #0: <olcRootDN> invalid DN 21 (Invalid syntax) config error processing olcDatabase={1}hdb,cn=config: <olcRootDN> invalid DN 21 (Invalid syntax) send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=19 matched="" text="" slapd destroy: freeing system resources. slapd stopped. -Dieter

1 0

Re: example: OpenLDAP with SASL/DIGEST-MD5 authentication (ITS#4867)
by ando＠sys-net.it 12 Mar '07

12 Mar '07

Piotr.Golonka(a)cern.ch wrote: > Indeed, 2.2.13 may be historical, It is. It's not an opinion, but a fact. Even 2.2.30, the latest 2.2 release, is historical. > yet this is the version used in large > production systems (e.g. RedHat Enterprise Linux). I believe the problem is not ours. I think we did our best by pushing out 2.2 up to 2.2.30, then 2.3 up to 2.3.34, and now 2.4. If distributions don't catch up I don't think anyone can blame OpenLDAP (and I don't think you are; I'm just trying to make the point). > I'll try to have a look at what's in 2.4. I hope I get my point: every contribution is welcome, but not every contribution may be useful. Writing howtos for code that was released ages ago, and is not maintained may be considered little useful. This is an opinion, of course. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

Re: example: OpenLDAP with SASL/DIGEST-MD5 authentication (ITS#4867)
by Piotr.Golonka＠cern.ch 12 Mar '07

12 Mar '07

On Monday 12 March 2007 18:04, you wrote: > 2.2.13 is historical. ldap_sasl_bind(3) eventually got documented (only > the prototype in 2.3, more docs in 2.4). Please check current 2.4 > documentation and, in case, adapt your contribution to it. In fact, that > man page does not contain any coding example, as we usually refer to client > tools implementations. Please feel free to submit your contribution, lined > up to active code, as a FAQ entry <http://www.openldap.org/faq/>. The FAQ > is interactive. Hi, thanx for reply. Indeed, 2.2.13 may be historical, yet this is the version used in large production systems (e.g. RedHat Enterprise Linux). I'll try to have a look at what's in 2.4. best regards: Piotr

1 0

(ITS#4868) Binary Attribute Patch(es)
by vargok＠yahoo.com 12 Mar '07

12 Mar '07

Full_Name: Kevin Vargo Version: 2.3.32 OS: Linux (RH-EL4) URL: ftp://ftp.openldap.org/incoming/openldap-2.3.32-kv1-patch_support-binary-at… Submission from: (NULL) (128.237.242.55) These address the use of Binary-valued attributes (#3113, #3386): For example, inetOrgPerson.userCertificate is usually transferred with the ";binary" directive. ";binary" is not handled by OpenLDAP/Back-SQL. As well, the data itself, when stored in the database is not properly read out -- all data is read as SQL_C_CHAR data. This supports SQL_C_BINARY-based data. There remains an issue with selecting attributes using, e.g., "userCertificate;binary" -- nothing is returned. Someone with a better understanding of the attribute-processing method would be much more effective in terms of finding the correct place to remove the ";binary" from the "attribute-name." (i.e. "userCertificate;binary" is NOT the attribute-name; "userCertificate" is the attribute-name, ";binary" is a transport directive (see #3113). Additionally, I included to the patch to remove the "assert(0)" in Back-SQL's verification that a search filter and ldap-data don't mis-match on suffix. Tags: OpenLDAP, Back-SQL, MySQL, userCertificate, Binary Attributes, Client Certificates (1) ./servers/slapd/back-sql/search.c.patch Addressed ITS#4856 -- I think you already fixed this (2) ./servers/slapd/back-sql/back-sql.h.patch ./servers/slapd/back-sql/entry-id.c.patch ./servers/slapd/back-sql/sql-wrap.c.patch Address ITS#3113, ITS#3386 Support for binary attribute values (3) ./servers/slapd/back-sql/schema-map.c.patch Addresses issue with accessing attributes that have been provided with ";binary" directive note that I have no doubts whatso ever that there are many better ways to do (3).

1 0

(ITS#4867) example: OpenLDAP with SASL/DIGEST-MD5 authentication
by Piotr.Golonka＠CERN.CH 12 Mar '07

12 Mar '07

Full_Name: Piotr.Golonka(a)CERN.CH Version: 2.2.13 OS: Linux URL: ftp://ftp.openldap.org/incoming/golonka-pkg-070312.tgz Submission from: (NULL) (137.138.170.170) Hi, the documentation of the ldap_sasl_bind* family of functions is missing, and getting the actual DIGEST-MD5 authentication in your C code working seems to be completely undocumented. I went through the complete code of ldapsearch.c and extracted the minimal code that succesfully demonstrates DIGEST-MD5 authentication. In my case, I authenticated against ActiveDirectory server. I uploaded the example into your FTP server as golonka-pkg-070312.tgz I hope it may be useful to publish it as a short "Howto" material... regards Piotr Golonka CERN

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs