openldap-devel May 2017

openldap-devel@openldap.org

6 participants
23 discussions

asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder 04 Nov '21

04 Nov '21

hyc(a)symas.com wrote in ITS#8240: > Our patch response was too hasty. There is no OpenLDAP bug here, the real > issue is production binaries being built with asserts enabled instead of > compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. > Closing this ITS, not an OpenLDAP bug. Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code? In my own (Python) code assert statements are supposed to be only triggered if something goes wrong *internally* (type issues etc.). If somebody manages to trigger an assert statement with invalid input from "outside" I always consider this to be a serious bug revealing insufficient error handling even though e.g. web2ldap just logs the exception but won't crash. YMMV, but please clarify. I also wonder whether there are more mandatory rules for building packages and where I can find them. Please don't get me wrong: My inquiry is in good faith to avoid unnecessary ITS based on misunderstanding. Ciao, Michael.

1 1

ITS#8654 - Option for LDAP client to bind to a local address
by Daniel Le 12 Jun '17

12 Jun '17

Hello, In reference to the enhancement request ITS#865, please comment on the following to add support for binding a local IP address to client socket. This is just an outline of changes for one local address. I am not sure whether a list of local addresses is necessary. If it is, then a new function, similarly to ldap_url_parsehosts, may be written to parse the list of local addresses and store them into a linked list. In my use case, only one IPv4 or IPv6 local address is used for binding. - Modify ldap.h and ldap_set_option to handle the new option LDAP_OPT_LOCAL_ADDRESS. Should it be named LDAP_OPT_CLIENT_ADDRESS, LDAP_OPT_SOCKET_BIND_ADDRESS...? - Modify struct ldapoptions in ldap-int.h to add element "char *ldo_local_address" to hold client local address when ldap_set_option(LDAP_OPT_LOCAL_ADDRESS...) is executed. This can char pointer can point to an IPv4 address or IPv6 address. - ldap_connect_to_host() in os-ip.c After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect), extract the local IP address. If local address family (AF_INET/ AF_INET6) matches the one of the host, bind socket to the local address. Regards, Daniel

1 1

Fwd: LMDB and text encoding
by Timur Kristóf 07 Jun '17

07 Jun '17

> I just had a look at how BDB handled this. As you can see they used a > TO_TSTRING macro to convert incoming pathnames from UTF8 to UTF16. > > https://gitorious.org/berkeleydb/berkeleydb/source/347d239a1e44ed4f773ae927… > > https://gitorious.org/berkeleydb/berkeleydb/source/347d239a1e44ed4f773ae927… > > (And a FROM_TSTRING for the reverse, as well.) (Mea culpa, I accidentally hit "reply" instead of "reply all". Sorry. Now reposting to the mailing list.) Since we only need to do this on Windows, we could use MultiByteToWideChar with CP_UTF8. (That's what TO_TSTRING does, too.) I do not think we would ever need to do any such conversion on UNIX. https://msdn.microsoft.com/en-us/library/windows/desktop/dd319072%28v=vs.85… I'm not sure if we can just copy-paste BDB's code. Probably not, that would lead to licensing issues, wouldn't it?

4 16

Re: Status of ldap_init_fd and LDAP_PROTO_EXT?
by Howard Chu 06 Jun '17

06 Jun '17

Volker Lendecke wrote: > Hi! > > What's the status of those two? They are mentioned in the manpages of > for example Debian Jessie and FreeBSD 11 (maybe from ports?), but the > manpage explicitly says you have to #include <ldap_pvt.h>, which is > not shipped. > > What's the reason of them being in ldap_pvt.h? Are they supposed to > change in the future? The function is now more than 10 years old, > without too much change in that decade. Generally, <ldap.h> was only supposed to export the "official" LDAP API and anything that was specific to OpenLDAP's implementation was stashed in <ldap_pvt.h> as non-standard features. I suppose the distinction is somewhat meaningless these days since the last LDAP API RFC was only valid for LDAPv2 and a version for LDAPv3 was never approved. At this point, OpenLDAP's API is the de facto standard. As clumsy as it may be... > > Not being able to fully asynchronously connect to a server was my main > reason to start my own little ldap library a few years ago, so I think > this can be useful code :-) Talk to your distro folks about shipping the files then. The Project's policy is that we do source releases exclusively, and everything contained in a source release is intended for end-users to read and use. That is, again, the point of open source. It would also help if end-users read the scripts in the test suite and used them as examples of how to setup various configurations. > > Thanks, Volker > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

3 3

RE: ITS#8654 - Option for LDAP client to bind to a local address
by Quanah Gibson-Mount 23 May '17

23 May '17

--On Tuesday, May 23, 2017 9:48 PM +0000 Daniel Le <daniel.le(a)exfo.com> wrote: > I cloned the master branch (git clone > git://git.openldap.org/openldap.git), then checked for the ITS#4707 patch > commit > (https://www.openldap.org/lists/openldap-bugs/200610/threads.html#0004) > in the OpenLDAP master code base and scanned the log of 2.3 branch > (http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=shortlog;h=ref > s/heads/OPENLDAP_REL_ENG_2_3), but didn't find it at both places. Seems > this patch never got committed. Can you help to confirm? Howard already confirmed it was never committed, just the different API was committed. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

RE: ITS#8654 - Option for LDAP client to bind to a local address
by Quanah Gibson-Mount 23 May '17

23 May '17

--On Tuesday, May 23, 2017 4:47 PM +0000 Daniel Le <daniel.le(a)exfo.com> wrote: > How does one check out code from the OpenLDAP master branch? As noted on the www.openldap.org main page: <http://www.openldap.org/software/repo.html> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

RE: ITS#8654 - Option for LDAP client to bind to a local address
by Quanah Gibson-Mount 23 May '17

23 May '17

--On Tuesday, May 23, 2017 4:18 PM +0000 Daniel Le <daniel.le(a)exfo.com> wrote: > Since the ITS#4707 patch was not merged into 2.4 and is subject to > additional modification to handle a list of local addresses, perhaps it > makes sense to leverage from what was done in 2.3 and write a new patch > for 2.4 (i.e. no merge)? All work should be done against OpenLDAP master rather than a release branch > Regarding multiple local IP addresses, I can think of a scenario where > the desired local network interface has an IPv4 address and an IPv6 > address, then the one which has the same address family as the server's > is chosen at the time of socket binding, but how to match a client IP > address with a server host address when there are multiple IPv4 and/or > IPv6 local addresses? Curious, does telnet -b handle this currently? > Daniel > > -----Original Message----- > From: Daniel Le > Sent: Monday, May 22, 2017 5:17 PM > To: 'Howard Chu' <hyc(a)symas.com>; Quanah Gibson-Mount <quanah(a)symas.com>; > 'openldap-devel(a)openldap.org' <openldap-devel(a)openldap.org> Subject: RE: > ITS#8654 - Option for LDAP client to bind to a local address > > From what I can see, ldap_init_fd() only allows the setting of > UDP/TCP/IPC protocol type and server's URI. > > Will the ITS#4707 patch > (ftp://ftp.openldap.org/incoming/openldap-2.3.27-bindaddr.patch.txt) be > merged into 2.4? > > And since this patch only handles one IP address, further change will be > necessary to support a list of IP addresses. > > Daniel > > -----Original Message----- > From: Howard Chu [mailto:hyc@symas.com] > Sent: Monday, May 22, 2017 2:49 PM > To: Quanah Gibson-Mount <quanah(a)symas.com>; Daniel Le > <daniel.le(a)exfo.com>; 'openldap-devel(a)openldap.org' > <openldap-devel(a)openldap.org> Subject: Re: ITS#8654 - Option for LDAP > client to bind to a local address > > Quanah Gibson-Mount wrote: >> --On Monday, May 22, 2017 7:28 PM +0000 Daniel Le <daniel.le(a)exfo.com> >> wrote: >> >>> I tumbled into the following ITS#4707 thread: >>> Patch: option to bind client socket to an address >>> https://www.openldap.org/lists/openldap-bugs/200610/threads.html#0004 >>> 7 >>> >>> Wasn't this patch integrated into OpenLDAP 2.3.X? I couldn't see it >>> in the 2.4.44 code base. >> >> The notes say it was added for 2.4, but that apparently is incorrect. >> >> "new API added in HEAD/RE24" > > The notes say *a* new API was added to 2.4, not necessarily *this* one. > And that is true, we added ldap_init_fd() which lets the caller setup > their socket any way they please. > > commit 1f635b8bcfaaac666005a88a5620e9798c9565e1 > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

Re: ITS#8654 - Option for LDAP client to bind to a local address
by Howard Chu 23 May '17

23 May '17

Quanah Gibson-Mount wrote: > --On Monday, May 22, 2017 7:28 PM +0000 Daniel Le <daniel.le(a)exfo.com> wrote: > >> I tumbled into the following ITS#4707 thread: >> Patch: option to bind client socket to an address >> https://www.openldap.org/lists/openldap-bugs/200610/threads.html#00047 >> >> Wasn't this patch integrated into OpenLDAP 2.3.X? I couldn't see it in >> the 2.4.44 code base. > > The notes say it was added for 2.4, but that apparently is incorrect. > > "new API added in HEAD/RE24" The notes say *a* new API was added to 2.4, not necessarily *this* one. And that is true, we added ldap_init_fd() which lets the caller setup their socket any way they please. commit 1f635b8bcfaaac666005a88a5620e9798c9565e1 -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 2

RE: ITS#8654 - Option for LDAP client to bind to a local address
by Quanah Gibson-Mount 22 May '17

22 May '17

--On Monday, May 22, 2017 7:28 PM +0000 Daniel Le <daniel.le(a)exfo.com> wrote: > I tumbled into the following ITS#4707 thread: > Patch: option to bind client socket to an address > https://www.openldap.org/lists/openldap-bugs/200610/threads.html#00047 > > Wasn't this patch integrated into OpenLDAP 2.3.X? I couldn't see it in > the 2.4.44 code base. The notes say it was added for 2.4, but that apparently is incorrect. "new API added in HEAD/RE24" --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: ITS#8654 - Option for LDAP client to bind to a local address
by Howard Chu 22 May '17

22 May '17

Daniel Le wrote: > Hello, > > In reference to the enhancement request ITS#865, please comment on the following to add support for binding a local IP address to client socket. This is just an outline of changes for one local address. I am not sure whether a list of local addresses is necessary. If it is, then a new function, similarly to ldap_url_parsehosts, may be written to parse the list of local addresses and store them into a linked list. In my use case, only one IPv4 or IPv6 local address is used for binding. As I commented in the ITS, since there is no existing IETF spec for this option, and since there is an existing implementation in Microsoft's API, we should copy the Microsoft API behavior, to maintain source level compatibility and make app developers' lives easier. Since they support a list of IP addresses, so should we. > > - Modify ldap.h and ldap_set_option to handle the new option LDAP_OPT_LOCAL_ADDRESS. > Should it be named LDAP_OPT_CLIENT_ADDRESS, LDAP_OPT_SOCKET_BIND_ADDRESS...? > > - Modify struct ldapoptions in ldap-int.h to add element "char *ldo_local_address" to hold client local address when ldap_set_option(LDAP_OPT_LOCAL_ADDRESS...) is executed. > This can char pointer can point to an IPv4 address or IPv6 address. > > - ldap_connect_to_host() in os-ip.c > After the connection socket is created (ldap_int_socket) and before it is connected (ldap_pvt_connect), extract the local IP address. > If local address family (AF_INET/ AF_INET6) matches the one of the host, bind socket to the local address. > > Regards, > Daniel > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel May 2017