Getting more meaningful error out of back-config
by Ralf Haferkamp
Hi,
I'd like to improve the error messages that back-config returns via LDAP to
the client. Currently in many case you only get back a very generic error
messages. E.g. when trying to add a second monitor database you just get:
Error code LDAP_OTHER with the diagnostic message set to "<olcDatabase> failed
init". To find out what really went wrong you need to dig up the logfiles.
One way to get more meaningful error messages to the client would be by adding
an additional const char** text parameter to the _db_init functions (and
probably some other of the BI_db_func() functions as well), similiar to what
is done in many other case when error messages need to be passed to the
caller.
Does somebody have better ideas how to achieve this?
--
Ralf
16 years, 2 months
Status of Connectionless LDAP (cldap)
by Michael B Allen
Hi,
What's the status of the client oriented connectionless code? I'm getting
an abort. I'm tracking it down now and I'm willing to put some work into
this so if anyone has some advice I'd appreciate it.
Mike
$ gdb cldap
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run cldap://dc1.example.com
Starting program: /home/miallen/cldap cldap://dc1.example.com
cldap: io.c:81: ber_write: Assertion `buf != ((void *)0)' failed.
Program received signal SIGABRT, Aborted.
0x0025d7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0 0x0025d7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x0029d7f5 in raise () from /lib/tls/libc.so.6
#2 0x0029f199 in abort () from /lib/tls/libc.so.6
#3 0x00296dd1 in __assert_fail () from /lib/tls/libc.so.6
#4 0x009b0722 in ber_write () from /home/miallen/openldap/lib/liblber-2.3.so.0
#5 0x0061926a in ldap_build_search_req () from /home/miallen/openldap/lib/libldap-2.3.so.0
#6 0x00618ff3 in ldap_search_ext () from /home/miallen/openldap/lib/libldap-2.3.so.0
#7 0x00619087 in ldap_search_ext_s () from /home/miallen/openldap/lib/libldap-2.3.so.0
#8 0x0804959b in run (url=0xbff90c04 "cldap://dc1.example.com") at cldap.c:23
#9 0x08049767 in main (argc=0, argv=0xbff21914) at cldap.c:83
(gdb)
16 years, 3 months
ldap_sasl_interactive_bind_s
by Quanah Gibson-Mount
I'm working on a patch to add LDAP SASL support to Postfix 2.4 (I made one
for 2.2/2.3 a long time ago), and this time I want it to be accepted
upstream, so I'm working on what they feel the issues are.
Right now, they
(a) always want LDAP_SASL_QUIET enabled (makes perfect sense to me)
and
(b) want the SASL mechanism to be a list of mechanisms the client supports,
that should be tried when connecting to the server.
I think (b) is rather non-sensical, given the configurations are rather
different between things like DIGEST-MD5, EXTERNAL, and GSSAPI just to
start, but...
I assume to support this I should use the ldap_sasl_interactive_bind_s
function, which takes as a parameter a list of mechanisms, if I'm reading
it right. The question to me comes up with mixing LDAP_SASL_QUIET in,
because part of the routine involved with multiple mechansisms seems to
want interaction with the client.
My assumption is that if I use ldap_sasl_interactive_bind_s, with
LDAP_SASL_QUIET, and pass in a list of mechanisms, the client will just use
the first mechanism in its list. Is that correct?
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
16 years, 3 months
ldap_sort_entries(by DN) -> parent first
by Hallvard B Furuseth
I'd like to modify ldap_sort_entries() so that when sorting by DN,
it (usually) sorts parents before their children.
This slow down a sort somewhat though. Maybe a magic value
'compare-function=NULL' could be passed when sorting DNs to mean
that they shall (not) be sorted this way.
Anyway, there are two obvious ways to do it:
1. Sort by number of RDNs in the DN before by the DN.
This will always work, so on can e.g. feed the output to ldapadd.
However the ordering may not be pretty to a human reader.
The output is neither alphabetical nor grouped by subtree.
Requires a new value in 'struct everything' in libldap/sort.c.
2. Reverse the DNs while sorting, so 'dc=example,dc=com'
is sorted as {"dc=com", "dc=example"}.
This will normally return the entries with subtrees grouped together,
but can fail (put children in front of parents) if the parent DN is
represented differently from the parent DN component of the child.
Or the combination would also always work, and maybe give somewhat
better ordering than #1 to a human reader.
Opinions? Objections?
--
Regards,
Hallvard
16 years, 4 months
Re: commit: ldap/servers/slapd/back-bdb dn2id.c filterindex.c proto-bdb.h search.c
by Hallvard B Furuseth
At 8 Feb 2007, hyc(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb
> (...)
> filterindex.c 1.67 -> 1.68
> (...)
> use dn2id index for extended filters using entryDN
ext_candidates() with dnRelativeMatch and scope > LDAP_SCOPE_BASE does
int sc = op->ors_scope;
op->ors_scope = scope;
rc = bdb_dn2idl( op, locker, &mra->ma_value, ei, ids,
stack );
but never uses the saved 'sc'. Is it supposed to restore op->ors_scope
after bdb_dn2idl()?
--
Regards,
Hallvard
16 years, 4 months
Stale and New Docs
by Gavin Henry
Dear All,
My first thing planned is a doc for "Replacing Slurpd" in the Replication
section of the new TOC I posted.
Anyone got a working config for an example, rather than me chopping bits
from the tests.
Also, anyone got any part-finished docs lying about, but not had time to
finish.
Lastly, I'd like to get some translators on board when the guide is more
complete (2.4).
What languages would we like?
Gavin.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry(a)suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
16 years, 4 months
Restore slapd.replog(5) manpage?
by Hallvard B Furuseth
HEAD/servers/slurpd is gone, but ldapmodify still supports "replica"
lines. Which I guess makes sense - someone may use a new client with
an older server. So maybe the replog manpage should stay for a while
too. (Explaining that it's obsolete, with a reference to syncrepl.)
--
Regards,
Hallvard
16 years, 4 months
Re: commit: ldap/libraries/libldap tls.c gnutls.c
by Ralf Haferkamp
On Sunday 13 May 2007 00:15, hyc(a)openldap.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap
>
> Modified Files:
> tls.c 1.147 -> 1.148
> Removed Files:
> gnutls.c 1.3 -> NONE
>
> Log Message:
> Merged GNUtls support into main tls.c
This broke building with openssl. Seems to be caused by the explicit
#define HAVE_GNUTLS 1
#undef HAVE_OPENSSL
in there. I've removed those lines again.
--
Ralf
16 years, 4 months