July 2015 - openldap-devel

by Timur Kristóf

> I just had a look at how BDB handled this. As you can see they used a > TO_TSTRING macro to convert incoming pathnames from UTF8 to UTF16. > > https://gitorious.org/berkeleydb/berkeleydb/source/347d239a1e44ed4f773ae9... > > https://gitorious.org/berkeleydb/berkeleydb/source/347d239a1e44ed4f773ae9... > > (And a FROM_TSTRING for the reverse, as well.) (Mea culpa, I accidentally hit "reply" instead of "reply all". Sorry. Now reposting to the mailing list.) Since we only need to do this on Windows, we could use MultiByteToWideChar with CP_UTF8. (That's what TO_TSTRING does, too.) I do not think we would ever need to do any such conversion on UNIX. https://msdn.microsoft.com/en-us/library/windows/desktop/dd319072%28v=vs.... I'm not sure if we can just copy-paste BDB's code. Probably not, that would lead to licensing issues, wouldn't it?

5 years, 12 months

4
16
0 / 0

RE24 testing call #1 (2.4.42) LMDB RE0.9 testing call #1 (0.9.16)

by Quanah Gibson-Mount

OpenLDAP 2.4.42 Engineering Fixed liblber address length for CLDAP (ITS#8158) Fixed libldap dnssrv potential overflow with port number (ITS#7027,ITS#8195) Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199) Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS#8203) Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS#8184) Build Environment Fixed libdb detection with gcc 5.x (ITS#8056) LMDB 0.9.16 Release Engineering Fix cursor EOF bug (ITS#8190) Fix handling of subDB records (ITS#8181) Fix mdb_midl_shrink() usage (ITS#8200) This release is primarly addressing crash related problems and to fix the configure script for gcc 5.x. Thanks! --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

7 years, 9 months

5
11
0 / 0

warnings with gcc 5.1.1

by Michael Ströder

HI! When building OpenLDAP's contrib overlays gcc outputs lots of warnings. Are you interested in getting an ITS for that or not? Ciao, Michael.

7 years, 10 months

1
0
0 / 0

Re: openldap.git branch master updated. b7a291a488dff3902931559670cf94c7abe2655b

by Howard Chu

openldap-commit2devel(a)OpenLDAP.org wrote: > A ref change was pushed to the OpenLDAP (openldap.git) repository. > It will be available in the public mirror shortly. > > The branch, master has been updated > via b7a291a488dff3902931559670cf94c7abe2655b (commit) > from 1ab08d2f8e4c9baf71e3c146e95d013d7b8bd656 (commit) > > Those revisions listed above that are new to this repository have > not appeared on any other notification email; so we list those > revisions in full, below. > > - Log ----------------------------------------------------------------- > commit b7a291a488dff3902931559670cf94c7abe2655b > Author: Howard Chu <hyc(a)openldap.org> > Date: Wed Jul 8 14:22:29 2015 +0100 > > Experimental syslog() replacement > > 2-3x faster than libc. Add it to the Makefile yourself if you want to test it. > > ----------------------------------------------------------------------- > > Summary of changes: > servers/slapd/overlays/syncprov.c | 3 +- Oops. Ignore the above, reverted already. > servers/slapd/syslog.c | 329 +++++++++++++++++++++++++++++++++++++ The most obvious braindeadedness in glibc syslog() is that it acquires a mutex before writing to the log socket. This is utterly inane; the log socket is datagram-based and as such all writes to it are already atomic and need no mutex protection. The other big problem is that the function that generates the log timestamp also acquires 2 mutexes. I avoid all that crap too by writing my own implementation of localtime(). This overhead can be reduced further still by simply omitting the timestamp - it turns out that modern syslogds (rsyslog, syslog-ng) actually ignore the timestamp in the message and generate their own anyway. (Note that this localtime implementation is broken wrt DST.) There are a few other areas to explore here, including a log socket per thread, which would improve throughput even more in heavy workloads. These things can be explored without major overhauls of existing code. For greater throughput we need a logging mechanism that doesn't rely on sprintf. I.e., we should consider a binary log format where we simply pass around short message IDs (and relevant message parameters) and use a compiled message catalog that maps IDs to text. This would require a post-processor to read the binary log and generate human-readable messages somewhere else. (It's obviously not a new concept, IBM mainframes have done this for decades; the Microsoft system logger does this as well.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

7 years, 10 months

2
2
0 / 0

X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP

by Doug Leavitt

Hi, OpenSSL now has X509_V_FLAG_PARTIAL_CHAIN support in the code base as of 1.0.2a. I would like to submit a patch to enable X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP libldap, assuming it exists in the version of OpenSSL being use to build OpenLDAP. Before I submit any patch I would like to know that would be acceptable for integration. Should support always be enabled if the version of OpenSSL has it e.g. ifdef on X509_V_FLAG_PARTIAL_CHAIN Should it be a config time option check and ifdef enable if found in e.g. like the ifdef on HAVE_OPENSSL_CRL Are there more requirements that is required in the patch, before it would be accepted such as ldap_set_option support? Thanks in advance, Doug.

7 years, 11 months

3
5
0 / 0

libdb detection with gcc 5.1.1

by Michael Ströder

HI! This seems to be already fixed: ITS#8056: libdb detection with gcc 5 But gcc-5.1.1 arrived on openSUSE Tumbleweed and now libdb detection fails: checking db.h usability... yes checking db.h presence... yes checking for db.h... yes checking for Berkeley DB major version in db.h... none configure: error: Unknown Berkeley DB major version in db.h From config.log: configure:20300: checking db.h usability configure:20300: cc -c -g -O0 -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES -DSLAP_CONFIG_DELETE -I/usr/include -I/usr/include -I/usr/include -I/usr/include conftest.c >&5 configure:20300: $? = 0 configure:20300: result: yes configure:20300: checking db.h presence configure:20300: cc -E -I/usr/include -I/usr/include -I/usr/include -I/usr/include conftest.c configure:20300: $? = 0 configure:20300: result: yes configure:20300: checking for db.h configure:20300: result: yes configure:20311: checking for Berkeley DB major version in db.h configure:20331: result: none configure:20334: error: Unknown Berkeley DB major version in db.h Any clue? Ciao, Michael.

7 years, 11 months

3
5
0 / 0

Use of gethostbyaddr_r on openSUSE

by Michael Ströder

HI! I'm still fighting with building newer OpenLDAP RPMs for openSUSE. Originally Ralf Haferkamp generated the .spec files several years ago but is not involved anymore. He added this patch: https://build.opensuse.org/package/view_file/home:stroeder:branches:netwo... This patch seems to fail now (see below). I'm inclined to remove it but I wonder whether it might be still needed/useful today. Ciao, Michael. ------------------------ snip ------------------------ [ 85s] configure:20167: cc -c -Wno-format-extra-args -fno-strict-aliasing -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES conftest.c >&5 [ 85s] configure:20167: $? = 0 [ 85s] configure:20189: result: 6 [ 85s] configure:20204: checking number of arguments of gethostbyaddr_r [ 85s] configure:20229: cc -c -Wno-format-extra-args -fno-strict-aliasing -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES conftest.c >&5 [ 85s] conftest.c: In function 'main': [ 85s] conftest.c:139:43: warning: passing argument 7 of 'gethostbyaddr_r' from incompatible pointer type [-Wincompatible-pointer-types] [ 85s] alen, AF_INET, &hent, buffer, bufsize, &h_errno); [ 85s] ^ [ 85s] In file included from conftest.c:129:0: [ 85s] /usr/include/netdb.h:172:12: note: expected 'struct hostent ** restrict' but argument is of type 'int *' [ 85s] extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len, [ 85s] ^ [ 85s] conftest.c:138:9: error: too few arguments to function 'gethostbyaddr_r' [ 85s] (void)gethostbyaddr_r( (void *)&(add.s_addr), [ 85s] ^ [ 85s] In file included from conftest.c:129:0: [ 85s] /usr/include/netdb.h:172:12: note: declared here [ 85s] extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len, [ 85s] ^ [ 85s] configure:20229: $? = 1 [ 85s] configure: failed program was: [ 85s] | /* confdefs.h */

7 years, 11 months

2
2
0 / 0

Re: OpenLDAP 2.4.41 available

by Clément OUDOT

Hi, congratulations for the release! It seems the changelog has not been updated on this page: http://www.openldap.org/software/release/changes.html Clément. 2015-07-01 22:11 GMT+02:00 OpenLDAP Project <project(a)openldap.org>: > OpenLDAP 2.4.41 is now available for download as detailed on our download > page: > > http://www.openldap.org/software/download/ > > and should soon be available on all official mirrors: > > ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS > > This is a maintenance release and is made available for general use. Users > of OpenLDAP Software are encouraged to upgrade. > > > Significant contributors are: > > Howard Chu (Symas Corp) > Hallvard Furuseth (University of Oslo) > Quanah Gibson-Mount (Zimbra, Inc) > Ryan Tandy > > > OpenLDAP 2.4.41 Release (2015/06/21) > Fixed ldapsearch to explicitly flush its buffer (ITS#8118) > Fixed libldap async connections (ITS#8090) > Fixed libldap double free of request during abandon (ITS#7967) > Fixed libldap error string for LDAP_X_CONNECTING (ITS#8093) > Fixed libldap segfault in ldap_sync_initialize (ITS#8001) > Fixed libldap ldif-wrap off by one error (ITS#8003) > Fixed libldap handling of TLS in async mode (ITS#8022) > Fixed libldap null pointer dereference (ITS#8028) > Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS#8050) > Fixed slapd slapadd config db import of minimal frontend entry > (ITS#8150) > Fixed slapd slapadd onetime leak with -w (ITS#8014) > Fixed slapd sasl auxprop crash with invalid config (ITS#8092) > Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf > (ITS#7976) > Fixed slapd syncrepl mutex for cookie state (ITS#7968) > Fixed slapd syncrepl memory leaks (ITS#8035) > Fixed slapd syncrepl to free presentlist at end of refresh mode > (ITS#8038) > Fixed slapd syncrepl to streamline presentlist (ITS#8042) > Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS#8120) > Fixed slapd rootdn checks for hidden backends (ITS#8108) > Fixed slapd segfault when using matched values control (ITS#8046) > Fixed slapd-ldap reconnection behavior on remote failure (ITS#8142) > Fixed slapd-mdb minor case typo (ITS#8049) > Fixed slapd-mdb one-level search (ITS#7975) > Fixed slapd-mdb heap corruption (ITS#7965) > Fixed slapd-mdb crash after deleting in-use schema (ITS#7995) > Fixed slapd-mdb minor code cleanup (ITS#8011) > Fixed slapd-mdb to return errors when using incorrect env flags > (ITS#8016) > Fixed slapd-mdb to correctly update search candidates (ITS#8036, > ITS#7904) > Fixed slapd-mdb when there were more than 65535 aliases in scope > (ITS#8103) > Fixed slapd-mdb alias deref when objectClass is not indexed > (ITS#8146) > Fixed slapd-meta TLS initialization with ldaps URIs (ITS#8022) > Fixed slapd-meta to have better error logging (ITS#8131) > Fixed slapd-perl conversion to cn=config (ITS#8105) > Fixed slapd-sql autocommit config variable (ITS#8129,ITS#6613) > Fixed slapo-collect segfault (ITS#7797) > Fixed slapo-constraint with 0 count constraint (ITS#7780,ITS#7781) > Fixed slapo-deref with empty attribute list (ITS#8027) > Fixed slapo-memberof to correctly reject invalid members (ITS#8107) > Fixed slapo-sock result parser for CONTINUE (ITS#8048) > Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS#8013) > Fixed slapo-syncprov segfault on disconnect/abandon > (ITS#5452,ITS#8012) > Fixed slapo-syncprov memory leak (ITS#8039) > Fixed slapo-syncprov segfault on disconnect/abandon (ITS#8043) > Fixed slapo-syncprov deadlock when autogroup is in use (ITS#8063) > Fixed slapo-syncprov potential loss of changes when under load > (ITS#8081) > Fixed slapo-unique enforcement of uniqueness with manageDSAit control > (ITS#8057) > Build Environment > Fixed libdb detection with gcc 5.x (ITS#8056) > Fixed ftello reference for Win32 (ITS#8127) > Enhanced contrib modules build paths (ITS#7782) > Fixed contrib/autogroup internal operation identity > (ITS#8006) > Fixed contrib/autogroup to skip internal ops with accesslog > (ITS#8065) > Fixed contrib/passwd/sha2 compiler warning (ITS#8000) > Fixed contrib/noopsrch compiler warning (ITS#7998) > Fixed contrib/dupent compiler warnings (ITS#7997) > Test suite: Added vrFilter test (ITS#8046) > Contrib > Added pbkdf2 sha256 and sha512 schemes (ITS#7977) > Fixed autogroup modification callback responses (ITS#6970) > Fixed nssov compare with usergroup (ITS#8079) > Fixed nssov password change behavior (ITS#8080) > Fixed nssov updated to 0.9.4 (ITS#8097) > Documentation > Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION > information (ITS#8032) > Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION > information (ITS#8032) > Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option > (ITS#8099) > Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option > (ITS#8099) > Fixed slapd-meta(5) fix minor typo (ITS#7769) > > > MD5 (openldap-2.4.41.tgz) = 3f1a4cea52827e18feaedfdc1634b5d0 > SHA1 (openldap-2.4.41.tgz) = c6880df9fec928a5f010b78a4285b497e8a12d6b > >

7 years, 11 months

2
2
0 / 0

unbind requests to all backends?

by Michael Ströder

HI! Are unbind requests always propagated to all backends? Ciao, Michael.

7 years, 11 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel July 2015