openldap-devel February 2007

openldap-devel@openldap.org

8 participants
18 discussions

slapo-dynlist desgin question(s)
by Quanah Gibson-Mount 06 Feb '07

06 Feb '07

Stanford is looking at implementing groups into our LDAP servers, and in particular, looking at using slapo-dynlist. However, it does not behave as I expected it to. Basically, it uses the credentials of whomever bound to determine the membership list. This means I would have to give access to a privileged attribute to those who wished to use groups, which is exactly what I'm trying to avoid. What I wanted to do, was specifically control the access to the group objects themselves. If an entity has access to the group object, they would then be able to see all current members of the group. I believe this would mean adding functionality to slapo-dynlist to where it uses the rootdn to perform the internal search instead of the credentials. Would it be possible to have this sort of addition? --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

3 34

Re: (ITS#4832) Segmentation fault with test049-sync-config
by Gavin Henry 06 Feb '07

06 Feb '07

> Is it possible to just run this test? I can't seem to figure out how, > without > doing a "make test" again. Figured it out: cd tests; ./scripts/defines.sh ./run test049-sync-config Thanks.

2 1

Re: commit: ldap/libraries/libldap result.c
by Pierangelo Masarati 06 Feb '07

06 Feb '07

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap > > Modified Files: > result.c 1.149 -> 1.150 > > Log Message: > Fairly sure this is what the TIMEOUT option should always have been for Not strictly related, but does it make sense to have a malloc for a struct timeval in global/per handler data? Wouldn't it be any better to use tv_sec = -1 to indicate no timeout? We should be able to change that, since the struct is opaque... p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

3 7

Re: commit: ldap/tests/scripts test050-syncrepl-multimaster
by Gavin Henry 06 Feb '07

06 Feb '07

<quote who="hyc(a)OpenLDAP.org"> > Update of /repo/OpenLDAP/pkg/ldap/tests/scripts > > Modified Files: > test050-syncrepl-multimaster 1.2 -> 1.3 > > Log Message: > Additional syncrepl timeouts needed > > > CVS Web URLs: > http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/ > http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test050-syncrepl-mul… > Nice! But I'm confused. I thought we didn't use the multimaster name, but MirrorMode instead? Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/

2 3

RE24
by Howard Chu 02 Feb '07

02 Feb '07

OK, if no new issues are reported against HEAD in the next 24 hours then I think tomorrow we should kick out a new 2.4alpha. Offhand it looks to me like syncrepl enhancements are the only thing missing for a Beta. Anyone else have a list of items they want to resolve for 2.4? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

4 4

modifyTimestamp resolution
by Howard Chu 02 Feb '07

02 Feb '07

In preparation for the upcoming syncrepl changes, I've updated liblutil to generate CSNs with microseconds in the timestamp. Currently slapd copies the entryCSN timestamp to the createTimestamp and modifyTimestamp attributes when generating these attributes. Anyone have any thoughts on whether it would be a too-surprising change for these attributes to now have higher resolution? Should we keep truncating them to 1-second resolution? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

2 2

libsasl alternatives: dovecot, tsasl, ...
by Michael B Allen 01 Feb '07

01 Feb '07

On Mon, 29 Jan 2007 16:38:02 +0000 Gavin Henry <ghenry(a)suretecsystems.com> wrote: > On Sun, 28 Jan 2007 15:38:54 -0800 > Howard Chu <hyc(a)symas.com> wrote: > > We've talked about jettisoning Cyrus SASL in favor of "something else" > > but there haven't been any other implementations worth considering. Feel > > free to continue this conversation on the openldap-devel mailing list if > > you want to pursue it further. > > Timo from dovecot, uses his own version, and has talked before about > breaking it out. Might be worth a browse of the latest Dovecot RC. I just inquired about Heimdal's "tsasl" (not currently included in Heimdal). They are interested in a simpler sasl solutions as well. He also mentioned dovecot. Mike

2 1

Re: commit: ldap/servers/slapd syncrepl.c
by Howard Chu 31 Jan '07

31 Jan '07

ando(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd > > Modified Files: > syncrepl.c 1.296 -> 1.297 > > Log Message: > plug one-time leaks related to configuration This commit changed something like 180 lines of code, mostly for minor formatting. A diff of such size makes it hard to identify the actual bugfix. It really should have been two separate commits. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel February 2007