openldap-devel May 2007

openldap-devel@openldap.org

9 participants
14 discussions

Getting more meaningful error out of back-config
by Ralf Haferkamp 18 Jul '07

18 Jul '07

Hi, I'd like to improve the error messages that back-config returns via LDAP to the client. Currently in many case you only get back a very generic error messages. E.g. when trying to add a second monitor database you just get: Error code LDAP_OTHER with the diagnostic message set to "<olcDatabase> failed init". To find out what really went wrong you need to dig up the logfiles. One way to get more meaningful error messages to the client would be by adding an additional const char** text parameter to the _db_init functions (and probably some other of the BI_db_func() functions as well), similiar to what is done in many other case when error messages need to be passed to the caller. Does somebody have better ideas how to achieve this? -- Ralf

3 5

Status of Connectionless LDAP (cldap)
by Michael B Allen 31 May '07

31 May '07

Hi, What's the status of the client oriented connectionless code? I'm getting an abort. I'm tracking it down now and I'm willing to put some work into this so if anyone has some advice I'd appreciate it. Mike $ gdb cldap GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run cldap://dc1.example.com Starting program: /home/miallen/cldap cldap://dc1.example.com cldap: io.c:81: ber_write: Assertion `buf != ((void *)0)' failed. Program received signal SIGABRT, Aborted. 0x0025d7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 (gdb) bt #0 0x0025d7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x0029d7f5 in raise () from /lib/tls/libc.so.6 #2 0x0029f199 in abort () from /lib/tls/libc.so.6 #3 0x00296dd1 in __assert_fail () from /lib/tls/libc.so.6 #4 0x009b0722 in ber_write () from /home/miallen/openldap/lib/liblber-2.3.so.0 #5 0x0061926a in ldap_build_search_req () from /home/miallen/openldap/lib/libldap-2.3.so.0 #6 0x00618ff3 in ldap_search_ext () from /home/miallen/openldap/lib/libldap-2.3.so.0 #7 0x00619087 in ldap_search_ext_s () from /home/miallen/openldap/lib/libldap-2.3.so.0 #8 0x0804959b in run (url=0xbff90c04 "cldap://dc1.example.com") at cldap.c:23 #9 0x08049767 in main (argc=0, argv=0xbff21914) at cldap.c:83 (gdb)

2 4

ldap_sasl_interactive_bind_s
by Quanah Gibson-Mount 29 May '07

29 May '07

I'm working on a patch to add LDAP SASL support to Postfix 2.4 (I made one for 2.2/2.3 a long time ago), and this time I want it to be accepted upstream, so I'm working on what they feel the issues are. Right now, they (a) always want LDAP_SASL_QUIET enabled (makes perfect sense to me) and (b) want the SASL mechanism to be a list of mechanisms the client supports, that should be tried when connecting to the server. I think (b) is rather non-sensical, given the configurations are rather different between things like DIGEST-MD5, EXTERNAL, and GSSAPI just to start, but... I assume to support this I should use the ldap_sasl_interactive_bind_s function, which takes as a parameter a list of mechanisms, if I'm reading it right. The question to me comes up with mixing LDAP_SASL_QUIET in, because part of the routine involved with multiple mechansisms seems to want interaction with the client. My assumption is that if I use ldap_sasl_interactive_bind_s, with LDAP_SASL_QUIET, and pass in a list of mechanisms, the client will just use the first mechanism in its list. Is that correct? Thanks, Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 1

ldap_sort_entries(by DN) -> parent first
by Hallvard B Furuseth 19 May '07

19 May '07

I'd like to modify ldap_sort_entries() so that when sorting by DN, it (usually) sorts parents before their children. This slow down a sort somewhat though. Maybe a magic value 'compare-function=NULL' could be passed when sorting DNs to mean that they shall (not) be sorted this way. Anyway, there are two obvious ways to do it: 1. Sort by number of RDNs in the DN before by the DN. This will always work, so on can e.g. feed the output to ldapadd. However the ordering may not be pretty to a human reader. The output is neither alphabetical nor grouped by subtree. Requires a new value in 'struct everything' in libldap/sort.c. 2. Reverse the DNs while sorting, so 'dc=example,dc=com' is sorted as {"dc=com", "dc=example"}. This will normally return the entries with subtrees grouped together, but can fail (put children in front of parents) if the parent DN is represented differently from the parent DN component of the child. Or the combination would also always work, and maybe give somewhat better ordering than #1 to a human reader. Opinions? Objections? -- Regards, Hallvard

1 0

Re: commit: ldap/servers/slapd/back-bdb dn2id.c filterindex.c proto-bdb.h search.c
by Hallvard B Furuseth 18 May '07

18 May '07

At 8 Feb 2007, hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb > (...) > filterindex.c 1.67 -> 1.68 > (...) > use dn2id index for extended filters using entryDN ext_candidates() with dnRelativeMatch and scope > LDAP_SCOPE_BASE does int sc = op->ors_scope; op->ors_scope = scope; rc = bdb_dn2idl( op, locker, &mra->ma_value, ei, ids, stack ); but never uses the saved 'sc'. Is it supposed to restore op->ors_scope after bdb_dn2idl()? -- Regards, Hallvard

1 0

Re: commit: ldap/servers/slapd aci.c at.c schema_init.c schemaparse.c slap.h syntax.c
by Kurt Zeilenga 17 May '07

17 May '07

On May 15, 2007, at 4:40 PM, ando(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd > > Modified Files: > aci.c 1.19 -> 1.20 > at.c 1.96 -> 1.97 > schema_init.c 1.397 -> 1.398 > schemaparse.c 1.83 -> 1.84 > slap.h 1.815 -> 1.816 > syntax.c 1.45 -> 1.46 > > Log Message: > allow attribute inheritance with syntax restriction (please review) > > CVS Web URLs: > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/ > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/aci.c > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/at.c > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/ > schema_init.c > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/ > schemaparse.c > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/slap.h > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/syntax.c > > Changes are generally available on cvs.openldap.org (and CVSweb) > within 30 minutes of being committed. > Kind of in right vein, but a bit off. An attribute of syntax X can only be a subtype of an attribute of syntax Y if Y is a more generic syntax. In particular, all abstract values representable in X must be representable in Y. While both printable string and directory string syntaxes are more generic than country string, directory string is not more generic than printable string. This is because printable string can represent zero length character strings and directory string cannot. So, what needed, for each syntax, is a list of more generic syntaxes. -- Kurt

2 2

Stale and New Docs
by Gavin Henry 17 May '07

17 May '07

Dear All, My first thing planned is a doc for "Replacing Slurpd" in the Replication section of the new TOC I posted. Anyone got a working config for an example, rather than me chopping bits from the tests. Also, anyone got any part-finished docs lying about, but not had time to finish. Lastly, I'd like to get some translators on board when the guide is more complete (2.4). What languages would we like? Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/

2 2

Restore slapd.replog(5) manpage?
by Hallvard B Furuseth 16 May '07

16 May '07

HEAD/servers/slurpd is gone, but ldapmodify still supports "replica" lines. Which I guess makes sense - someone may use a new client with an older server. So maybe the replog manpage should stay for a while too. (Explaining that it's obsolete, with a reference to syncrepl.) -- Regards, Hallvard

3 3

Re: commit: ldap/servers/slapd/overlays syncprov.c
by Howard Chu 14 May '07

14 May '07

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays > > Modified Files: > syncprov.c 1.186 -> 1.187 > > Log Message: > ITS#4961 disable schema checking on contextCSN update That may have been premature, need to see why the glue entry has no objectclass attribute. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: commit: ldap/libraries/libldap tls.c gnutls.c
by Ralf Haferkamp 14 May '07

14 May '07

On Sunday 13 May 2007 00:15, hyc(a)openldap.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap > > Modified Files: > tls.c 1.147 -> 1.148 > Removed Files: > gnutls.c 1.3 -> NONE > > Log Message: > Merged GNUtls support into main tls.c This broke building with openssl. Seems to be caused by the explicit #define HAVE_GNUTLS 1 #undef HAVE_OPENSSL in there. I've removed those lines again. -- Ralf

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel May 2007