slapo-dynlist desgin question(s)
by Quanah Gibson-Mount
Stanford is looking at implementing groups into our LDAP servers, and in
particular, looking at using slapo-dynlist. However, it does not behave as
I expected it to.
Basically, it uses the credentials of whomever bound to determine the
membership list. This means I would have to give access to a privileged
attribute to those who wished to use groups, which is exactly what I'm
trying to avoid. What I wanted to do, was specifically control the access
to the group objects themselves. If an entity has access to the group
object, they would then be able to see all current members of the group.
I believe this would mean adding functionality to slapo-dynlist to where it
uses the rootdn to perform the internal search instead of the credentials.
Would it be possible to have this sort of addition?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
13 years, 11 months
Re: commit: ldap/libraries/libldap result.c
by Pierangelo Masarati
hyc(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap
>
> Modified Files:
> result.c 1.149 -> 1.150
>
> Log Message:
> Fairly sure this is what the TIMEOUT option should always have been for
Not strictly related, but does it make sense to have a malloc for a
struct timeval in global/per handler data? Wouldn't it be any better to
use tv_sec = -1 to indicate no timeout? We should be able to change
that, since the struct is opaque...
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
13 years, 11 months
RE24
by Howard Chu
OK, if no new issues are reported against HEAD in the next 24 hours then I
think tomorrow we should kick out a new 2.4alpha.
Offhand it looks to me like syncrepl enhancements are the only thing missing
for a Beta. Anyone else have a list of items they want to resolve for 2.4?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/
13 years, 11 months
modifyTimestamp resolution
by Howard Chu
In preparation for the upcoming syncrepl changes, I've updated liblutil to
generate CSNs with microseconds in the timestamp.
Currently slapd copies the entryCSN timestamp to the createTimestamp and
modifyTimestamp attributes when generating these attributes. Anyone have any
thoughts on whether it would be a too-surprising change for these attributes
to now have higher resolution? Should we keep truncating them to 1-second
resolution?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/
13 years, 11 months
libsasl alternatives: dovecot, tsasl, ...
by Michael B Allen
On Mon, 29 Jan 2007 16:38:02 +0000
Gavin Henry <ghenry(a)suretecsystems.com> wrote:
> On Sun, 28 Jan 2007 15:38:54 -0800
> Howard Chu <hyc(a)symas.com> wrote:
> > We've talked about jettisoning Cyrus SASL in favor of "something else"
> > but there haven't been any other implementations worth considering. Feel
> > free to continue this conversation on the openldap-devel mailing list if
> > you want to pursue it further.
>
> Timo from dovecot, uses his own version, and has talked before about
> breaking it out. Might be worth a browse of the latest Dovecot RC.
I just inquired about Heimdal's "tsasl" (not currently included in
Heimdal). They are interested in a simpler sasl solutions as well. He
also mentioned dovecot.
Mike
13 years, 11 months
Re: commit: ldap/servers/slapd syncrepl.c
by Howard Chu
ando(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/servers/slapd
>
> Modified Files:
> syncrepl.c 1.296 -> 1.297
>
> Log Message:
> plug one-time leaks related to configuration
This commit changed something like 180 lines of code, mostly for minor
formatting. A diff of such size makes it hard to identify the actual bugfix.
It really should have been two separate commits.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/
13 years, 11 months