openldap-devel August 2007

openldap-devel@openldap.org

21 participants
48 discussions

Re: commit: ldap/servers/slapd entry.c
by Hallvard B Furuseth 09 Aug '07

09 Aug '07

ando(a)OpenLDAP.org writes: > Tag: OPENLDAP_REL_ENG_2_3 > entry.c 1.129.2.13 -> 1.129.2.14 > import fix to ITS#5071 This (/* require ';binary' when appropriate (ITS#5071) */) is a functionality change which can prevent people from upgrading. I don't think that belongs so late in RE23's life cycle. -- Regards, Hallvard

4 5

Re: commit: ldap/servers/slapd/back-bdb back-bdb.h index.c init.c monitor.c proto-bdb.h
by Pierangelo Masarati 08 Aug '07

08 Aug '07

ando(a)OpenLDAP.org wrote: > add monitor support for unindexed attributes (need to manually #define BDB_MONITOR_IDX) This patch adds an operational attribute, olmBDBNotIndexed, that contains information about search operations directed to this database and using unindexed attributes in the filter. As a result, the monitor entry for the database will contain attributes like olmBDBNotIndexed: <attr>#<count>#<index> where <attr> is the attribute, <count> is the number of occurrences of that attribute in a search filter that could not use indexes, and <index> is the type of filters that were used, with the syntax used for the "index" directive. For example, olmBDBNotIndexed: mobile#91#eq olmBDBNotIndexed: telephoneNumber#1876#eq,sub To enable, one needs to explicitly #define BDB_MONITOR_IDX. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

3 7

Re: commit: ldap/doc/man/man5 slapd-relay.5
by Pierangelo Masarati 06 Aug '07

06 Aug '07

ando(a)OpenLDAP.org wrote: > Log Message: > add back-config support to back-relay Heads-up: I've changed the syntax. Now, slapo-rwm(5) is no longer implicitly instantiated when the "relay" directive is used. I didn't like it at the very beginning, although it would make things simpler for straightforward configurations. So please, holler if you think the old syntax should be preserved. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Handling links/references in docs (footnotes?)
by Gavin Henry 05 Aug '07

05 Aug '07

Dear all, I'm just about done merging http://www.openldap.org/faq/data/cache/738.html into maintenance.sdf, but I want to keep the link references to the oracle site. Should I do {{URL:blah}} or can sdf to nice footnotes? Thanks. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/

1 0

Re: commit: ldap/servers/slapd backend.c backglue.c backover.c bconfig.c config.h proto-slap.h slap.h
by Ralf Haferkamp 03 Aug '07

03 Aug '07

The BI_db_func()-functions (xxx_db_init, xxx_db_open, xxx_db_close and xxx_db_destroy) now accept a ConfigArgs pointer as an additional argument. I think I fixed all existing backends and overlays to accept the new parameter (make test succeeded with --enable-backends=yes and --enable-overlays=yes). Currently only back-monitor uses the new parameter for printing error messages to the ca->msg attribute. I plan to update the other backends and overlays next. On Wednesday 25 July 2007 17:21, ralf(a)openldap.org wrote: [..] > Log Message: > Added a new parameter (ConfigArgs*) to the _db_init, _db_open, _db_close > and _db_destroy functions. [..] -- Ralf

1 1

doc-modified generation?
by Gavin Henry 02 Aug '07

02 Aug '07

Hi All, What file is used for the date of the html generation? It's always stuck at "10 July 2007" Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/

2 1

Re: commit: ldap/servers/slapd dn.c
by Pierangelo Masarati 02 Aug '07

02 Aug '07

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/servers/slapd > > Modified Files: > Tag: OPENLDAP_REL_ENG_2_3 > dn.c 1.170.2.10 -> 1.170.2.11 > > Log Message: > ITS#5057 from HEAD re23 is failing test026 because of AVA sorting. Interesting enough, HEAD succeeds. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Certificate list validation
by Pierangelo Masarati 02 Aug '07

02 Aug '07

I'm playing with certification authorities and so, and I came across certificate lists. Currently, the certificate list syntax 1.3.6.1.4.1.1466.115.121.1.9 is validated by sequenceValidate, which simply checks if the value starts with a LBER_SEQUENCE tag. After reading related RFCs and X.509 I understood that a certificate list is always supposed to be a complete structure, respectful of X.509 7.3. I stumbled on this problem because I have to implement an architecture based on strongAuthenticationUser and certificationAuthority (I know they're deprecated in favor of pkiUser and pkiCA, but this is not an option right now, unfortunately), where the latter requires authorityRevocationList and certificateRevocationList. When the lists are empty, common practice allowed to use an arbitrary dummy value, while OpenLDAP requires at least ":: MAAAAA==" (i.e. LBER_SEQUENCE in base64) to fool sequenceValidate(). I'd like to know: - is my understanding of X.509 correct? (certificate lists need to be complete as per X.509 7.3, with no revokedCertificates) - is there any other common practice to deal with empty authorityRevocationList/certificateRevocationList? - would a certificateListValidate() that complies with X.509 7.3 be helpful/welcome in 2.4? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel August 2007