Re: commit: ldap/servers/slapd entry.c
by Hallvard B Furuseth
ando(a)OpenLDAP.org writes:
> Tag: OPENLDAP_REL_ENG_2_3
> entry.c 1.129.2.13 -> 1.129.2.14
> import fix to ITS#5071
This (/* require ';binary' when appropriate (ITS#5071) */) is a
functionality change which can prevent people from upgrading.
I don't think that belongs so late in RE23's life cycle.
--
Regards,
Hallvard
14 years, 9 months
Re: commit: ldap/servers/slapd/back-bdb back-bdb.h index.c init.c monitor.c proto-bdb.h
by Pierangelo Masarati
ando(a)OpenLDAP.org wrote:
> add monitor support for unindexed attributes (need to manually #define BDB_MONITOR_IDX)
This patch adds an operational attribute, olmBDBNotIndexed, that
contains information about search operations directed to this database
and using unindexed attributes in the filter. As a result, the monitor
entry for the database will contain attributes like
olmBDBNotIndexed: <attr>#<count>#<index>
where <attr> is the attribute, <count> is the number of occurrences of
that attribute in a search filter that could not use indexes, and
<index> is the type of filters that were used, with the syntax used for
the "index" directive. For example,
olmBDBNotIndexed: mobile#91#eq
olmBDBNotIndexed: telephoneNumber#1876#eq,sub
To enable, one needs to explicitly #define BDB_MONITOR_IDX.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
14 years, 9 months
Re: commit: ldap/doc/man/man5 slapd-relay.5
by Pierangelo Masarati
ando(a)OpenLDAP.org wrote:
> Log Message:
> add back-config support to back-relay
Heads-up: I've changed the syntax. Now, slapo-rwm(5) is no longer
implicitly instantiated when the "relay" directive is used. I didn't
like it at the very beginning, although it would make things simpler for
straightforward configurations. So please, holler if you think the old
syntax should be preserved.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
14 years, 9 months
Re: commit: ldap/servers/slapd backend.c backglue.c backover.c bconfig.c config.h proto-slap.h slap.h
by Ralf Haferkamp
The BI_db_func()-functions (xxx_db_init, xxx_db_open, xxx_db_close and
xxx_db_destroy) now accept a ConfigArgs pointer as an additional argument. I
think I fixed all existing backends and overlays to accept the new parameter
(make test succeeded with --enable-backends=yes and --enable-overlays=yes).
Currently only back-monitor uses the new parameter for printing error messages
to the ca->msg attribute. I plan to update the other backends and overlays
next.
On Wednesday 25 July 2007 17:21, ralf(a)openldap.org wrote:
[..]
> Log Message:
> Added a new parameter (ConfigArgs*) to the _db_init, _db_open, _db_close
> and _db_destroy functions.
[..]
--
Ralf
14 years, 9 months
doc-modified generation?
by Gavin Henry
Hi All,
What file is used for the date of the html generation?
It's always stuck at "10 July 2007"
Gavin.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry(a)suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
14 years, 9 months
Re: commit: ldap/servers/slapd dn.c
by Pierangelo Masarati
hyc(a)OpenLDAP.org wrote:
> Update of /repo/OpenLDAP/pkg/ldap/servers/slapd
>
> Modified Files:
> Tag: OPENLDAP_REL_ENG_2_3
> dn.c 1.170.2.10 -> 1.170.2.11
>
> Log Message:
> ITS#5057 from HEAD
re23 is failing test026 because of AVA sorting. Interesting enough,
HEAD succeeds.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
14 years, 9 months
Certificate list validation
by Pierangelo Masarati
I'm playing with certification authorities and so, and I came across
certificate lists. Currently, the certificate list syntax
1.3.6.1.4.1.1466.115.121.1.9 is validated by sequenceValidate, which
simply checks if the value starts with a LBER_SEQUENCE tag. After
reading related RFCs and X.509 I understood that a certificate list is
always supposed to be a complete structure, respectful of X.509 7.3.
I stumbled on this problem because I have to implement an architecture
based on strongAuthenticationUser and certificationAuthority (I know
they're deprecated in favor of pkiUser and pkiCA, but this is not an
option right now, unfortunately), where the latter requires
authorityRevocationList and certificateRevocationList.
When the lists are empty, common practice allowed to use an arbitrary
dummy value, while OpenLDAP requires at least ":: MAAAAA==" (i.e.
LBER_SEQUENCE in base64) to fool sequenceValidate().
I'd like to know:
- is my understanding of X.509 correct? (certificate lists need to be
complete as per X.509 7.3, with no revokedCertificates)
- is there any other common practice to deal with empty
authorityRevocationList/certificateRevocationList?
- would a certificateListValidate() that complies with X.509 7.3 be
helpful/welcome in 2.4?
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
14 years, 9 months
