asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
In my own (Python) code assert statements are supposed to be only triggered if
something goes wrong *internally* (type issues etc.). If somebody manages to
trigger an assert statement with invalid input from "outside" I always
consider this to be a serious bug revealing insufficient error handling even
though e.g. web2ldap just logs the exception but won't crash. YMMV, but please
clarify.
I also wonder whether there are more mandatory rules for building packages and
where I can find them.
Please don't get me wrong: My inquiry is in good faith to avoid unnecessary
ITS based on misunderstanding.
Ciao, Michael.
1 year, 7 months
Load balancer
by Ondřej Kuzník
I'd like to have the load balancer prototype merged in the project and
I've just created a ticket for that, ITS#8747.
This server (lloadd for lack of a better name that you could still find
in your friendly search engine) is a PDU-centric LDAP proxy. It will
only handle operations that affect the connection itself (abandon,
unbind, ...) and distribute the rest across connections established the
configured backend servers. You can find more information in the
(slightly disorganised) design notes in doc/devel/lloadd/design.md in
the repo.
I welcome anyone to help during the review and hope this can be merged
soon and extended further.
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
5 years, 8 months
Re: LDAP_FEATURE_SUBORDINATE_SCOPE
by Quanah Gibson-Mount
--On Tuesday, September 26, 2017 11:51 PM +0100 Howard Chu <hyc(a)symas.com>
wrote:
> Michael Ströder wrote:
>> HI!
>>
>> Does the commit below mean that this feature is not supported at all?
To be clear, we're leaving the state unchanged vs RE24 and prior releases,
where the feature is not advertised in the Root DSE.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 8 months
Re: LDAP_FEATURE_SUBORDINATE_SCOPE
by Howard Chu
Michael Ströder wrote:
> HI!
>
> Does the commit below mean that this feature is not supported at all?
>
> IIRC search with subordinate scope even works in 2.4.x.
> IMHO it would be ok to also announce that feature in rootDSE.
>
> BTW: There are many expired I-Ds (e.g. draft-behera-ldap-password-policy)
> implemented in OpenLDAP server.
>
> Ciao, Michael.
>
> commit 0d4cd897867e177a6e209b59cfb2330f32dc0355 (HEAD -> master,
> origin/master, origin/HEAD)
> Author: Quanah Gibson-Mount <quanah(a)openldap.org>
> Date: Tue Sep 26 11:51:27 2017 -0700
>
> LDAP_FEATURE_SUBORDINATE_SCOPE is from expired
> draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL
>
The feature has been implemented a long time, we just never advertise it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 8 months
LDAP_FEATURE_SUBORDINATE_SCOPE
by Michael Ströder
HI!
Does the commit below mean that this feature is not supported at all?
IIRC search with subordinate scope even works in 2.4.x.
IMHO it would be ok to also announce that feature in rootDSE.
BTW: There are many expired I-Ds (e.g.
draft-behera-ldap-password-policy) implemented in OpenLDAP server.
Ciao, Michael.
commit 0d4cd897867e177a6e209b59cfb2330f32dc0355 (HEAD -> master,
origin/master, origin/HEAD)
Author: Quanah Gibson-Mount <quanah(a)openldap.org>
Date: Tue Sep 26 11:51:27 2017 -0700
LDAP_FEATURE_SUBORDINATE_SCOPE is from expired
draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL
5 years, 8 months
whitespace cleanup
by Quanah Gibson-Mount
There are a number of files that have empty lines comprising of spaces
and/or tabs, and code blocks that start with spaces rather than tabs, which
break formatting. I would like to clean these up, but wanted to check if
there were any objections to this.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 8 months
LDAP_DEVEL and 2.5
by Quanah Gibson-Mount
I've revisited my commit (1a712bf18e6a37ede91aa7014cd3df5e81558375), and
moved a number of features that were not yet ready for release back behind
LDAP_DEVEL. The remaining items that are exposed are considered ready for
release.
Note that there are documentation updates on the way for the following new
features:
slapo-pcache: PCACHE_CONTROL_PRIVDB and PCACHE_EXOP_QUERY_DELETE.
LDAP_TCP_BUFFER
SLAP_AUXPROP_DONTUSECOPY
Please let me know if you feel there are still items that need to go back
behind LDAP_DEVEL.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 8 months
Re: kqueue support for OpenLDAP (ITS#6300)
by Quanah Gibson-Mount
--On Tuesday, September 19, 2017 8:17 PM -0700 Quanah Gibson-Mount
<quanah(a)symas.com> wrote:
> A long long time ago for a release that is now far far away, Apple
> submitted a patch adding kqueue support to OpenLDAP. I managed to track
> it down and have it working with some changes since the patch was
> originally written for OpenLDAP 2.3. In OpenLDAP master, it passed all
> tests with back-meta, back-ldap, back-meta backends along with the
> accesslog, syncprov, and rwm overlays.
That should be "back-mdb, back-ldap, and back-meta". :)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 8 months