September 2017 - openldap-devel

asserts and manadatory build instructions (was ITS#8240)

by Michael Ströder

hyc(a)symas.com wrote in ITS#8240: > Our patch response was too hasty. There is no OpenLDAP bug here, the real > issue is production binaries being built with asserts enabled instead of > compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. > Closing this ITS, not an OpenLDAP bug. Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code? In my own (Python) code assert statements are supposed to be only triggered if something goes wrong *internally* (type issues etc.). If somebody manages to trigger an assert statement with invalid input from "outside" I always consider this to be a serious bug revealing insufficient error handling even though e.g. web2ldap just logs the exception but won't crash. YMMV, but please clarify. I also wonder whether there are more mandatory rules for building packages and where I can find them. Please don't get me wrong: My inquiry is in good faith to avoid unnecessary ITS based on misunderstanding. Ciao, Michael.

2 years, 1 month

1
1
0 / 0

ITS review 9/29/2017

by Quanah Gibson-Mount

Howard -- Looking for a thumbs up/down on these. The following ITSes were mostly supplied with patches and are IPR ok. I've imported them into my openldap-scratch repo for easy review. If they didn't have a supplied patch, I did the related work. Branch names are by ITS. ----------------------- Suggested for LMDB 0.9: ----------------------- its8612 - Fix LMDB builds on Solaris & derivative OSes <https://github.com/quanah/openldap-scratch/tree/its6035> ----------------------- Suggested for RE24: ----------------------- its5048 - Fix documentation for entryCSN with syncprov <https://github.com/quanah/openldap-scratch/tree/its5048> its7100 - Fix slapo-dds with entryTTL currently not decreasing <https://github.com/quanah/openldap-scratch/tree/its7100> its7373 - Fix tls_session reuse when hostname check fails <https://github.com/quanah/openldap-scratch/tree/its7373> its7374 - Fix MozNSS file matching for hashed CA cert directory (RE24 ONLY) <https://github.com/quanah/openldap-scratch/tree/its7374> its7389 - Fix MozNSS to fallback to PEM if cert not found in certdb (RE24 ONLY) <https://github.com/quanah/openldap-scratch/tree/its7389> its7442 - Add debug statements when index_intlen values are out of range <https://github.com/quanah/openldap-scratch/tree/its7442> its7520 - Omit unknown schema option for back-ldap <https://github.com/quanah/openldap-scratch/tree/its7520> its8037 - Fix delta-syncrepl with relax <https://github.com/quanah/openldap-scratch/tree/its8037> its8121 - Add LDAP_SASL_SIMPLE to ldap_bind(3) <https://github.com/quanah/openldap-scratch/tree/its8121> its8167 - Fix nonblocking TLS with referrals <https://github.com/quanah/openldap-scratch/tree/its8167> its8404 - Fix assertion with back-meta when olcDbRewrite is changed <https://github.com/quanah/openldap-scratch/tree/its8404> its8578 - Remove unused variables in RE24 <https://github.com/quanah/openldap-scratch/tree/its8578> its8583 - Fix C++ LDAPCtrl structure <https://github.com/quanah/openldap-scratch/tree/its8583> its8605 - Fix various spelling errors <https://github.com/quanah/openldap-scratch/tree/its8605> its8687 - OpenSSL 1.1 compatibility, fix build when cross-compiling <https://github.com/quanah/openldap-scratch/tree/its8687> ----------------------- Purely for RE25: ----------------------- its6035 - Fix slapd so it doesn't require restart after modifying olcAuthzRegexp <https://github.com/quanah/openldap-scratch/tree/its6035> its6300 - Add support for kqueue <https://github.com/quanah/openldap-scratch/tree/its6300> its6475 - Add documentation to slapd.conf(5) and slapd-config(5) for SASLDONTUSECOPY <https://github.com/quanah/openldap-scratch/compare/its6475> its7042 - Make it possible to unset TLS options with syncrepl <https://github.com/quanah/openldap-scratch/tree/its7042> its7532 - Add ldap_connection function for asynchronous clients <https://github.com/quanah/openldap-scratch/tree/its7532> its7721 - Allow authTimestamp to be forwarded via updateref <https://github.com/quanah/openldap-scratch/tree/its7721> its8037 - Fixes delta-sync replication when "relax" is used to modify the structural OC of an entry <https://github.com/quanah/openldap-scratch/tree/its8037> its8153 - olcTimeLimit should be SINGLE-VALUE <https://github.com/quanah/openldap-scratch/tree/its8153> its8291 - Fix slapmodify with BDB backends <https://github.com/quanah/openldap-scratch/tree/its8291> its8508 - ucgendat.c properly add title-case characters without upper-case equivalents (e.g. greek letters with iota subscript) <https://github.com/quanah/openldap-scratch/tree/its8508> its8511 - Fix documentation for multimaster, deprecate mirrormode <https://github.com/quanah/openldap-scratch/tree/its8511> its8527 - Improve SYNC debug output in certain situations <https://github.com/quanah/openldap-scratch/tree/its8527> its8573 - Add TLS options to ldap* tools <https://github.com/quanah/openldap-scratch/tree/its8573-tables> its8692 - Support LDAP_MOD_INCREMENT with back-sock <https://github.com/quanah/openldap-scratch/tree/its8692> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 1 month

2
2
0 / 0

Load balancer

by Ondřej Kuzník

I'd like to have the load balancer prototype merged in the project and I've just created a ticket for that, ITS#8747. This server (lloadd for lack of a better name that you could still find in your friendly search engine) is a PDU-centric LDAP proxy. It will only handle operations that affect the connection itself (abandon, unbind, ...) and distribute the rest across connections established the configured backend servers. You can find more information in the (slightly disorganised) design notes in doc/devel/lloadd/design.md in the repo. I welcome anyone to help during the review and hope this can be merged soon and extended further. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP

6 years, 2 months

1
0
0 / 0

Re: LDAP_FEATURE_SUBORDINATE_SCOPE

by Quanah Gibson-Mount

--On Tuesday, September 26, 2017 11:51 PM +0100 Howard Chu <hyc(a)symas.com> wrote: > Michael Ströder wrote: >> HI! >> >> Does the commit below mean that this feature is not supported at all? To be clear, we're leaving the state unchanged vs RE24 and prior releases, where the feature is not advertised in the Root DSE. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 2 months

1
0
0 / 0

Re: LDAP_FEATURE_SUBORDINATE_SCOPE

by Howard Chu

Michael Ströder wrote: > HI! > > Does the commit below mean that this feature is not supported at all? > > IIRC search with subordinate scope even works in 2.4.x. > IMHO it would be ok to also announce that feature in rootDSE. > > BTW: There are many expired I-Ds (e.g. draft-behera-ldap-password-policy) > implemented in OpenLDAP server. > > Ciao, Michael. > > commit 0d4cd897867e177a6e209b59cfb2330f32dc0355 (HEAD -> master, > origin/master, origin/HEAD) > Author: Quanah Gibson-Mount <quanah(a)openldap.org> > Date: Tue Sep 26 11:51:27 2017 -0700 > > LDAP_FEATURE_SUBORDINATE_SCOPE is from expired > draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL > The feature has been implemented a long time, we just never advertise it. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

6 years, 2 months

1
0
0 / 0

LDAP_FEATURE_SUBORDINATE_SCOPE

by Michael Ströder

HI! Does the commit below mean that this feature is not supported at all? IIRC search with subordinate scope even works in 2.4.x. IMHO it would be ok to also announce that feature in rootDSE. BTW: There are many expired I-Ds (e.g. draft-behera-ldap-password-policy) implemented in OpenLDAP server. Ciao, Michael. commit 0d4cd897867e177a6e209b59cfb2330f32dc0355 (HEAD -> master, origin/master, origin/HEAD) Author: Quanah Gibson-Mount <quanah(a)openldap.org> Date: Tue Sep 26 11:51:27 2017 -0700 LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL

6 years, 2 months

1
0
0 / 0

whitespace cleanup

by Quanah Gibson-Mount

There are a number of files that have empty lines comprising of spaces and/or tabs, and code blocks that start with spaces rather than tabs, which break formatting. I would like to clean these up, but wanted to check if there were any objections to this. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 2 months

1
0
0 / 0

LDAP_DEVEL and 2.5

by Quanah Gibson-Mount

I've revisited my commit (1a712bf18e6a37ede91aa7014cd3df5e81558375), and moved a number of features that were not yet ready for release back behind LDAP_DEVEL. The remaining items that are exposed are considered ready for release. Note that there are documentation updates on the way for the following new features: slapo-pcache: PCACHE_CONTROL_PRIVDB and PCACHE_EXOP_QUERY_DELETE. LDAP_TCP_BUFFER SLAP_AUXPROP_DONTUSECOPY Please let me know if you feel there are still items that need to go back behind LDAP_DEVEL. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 2 months

1
0
0 / 0

ITS review 9/12/2017

by Quanah Gibson-Mount

The following ITSes were mostly supplied with patches and are IPR ok. I've imported them into my openldap-scratch repo for easy review. If they didn't have a supplied patch, I did the related work. Branch names are by ITS. ----------------------- Suggested for RE24: its5048 - Fix documentation for entryCSN with syncprov <https://github.com/quanah/openldap-scratch/tree/its5048> its7100 - Fix slapo-dds with entryTTL currently not decreasing <https://github.com/quanah/openldap-scratch/tree/its7100> its7373 - Fix tls_session reuse when hostname check fails <https://github.com/quanah/openldap-scratch/tree/its7373> its7374 - Fix MozNSS file matching for hashed CA cert directory (RE24 ONLY) <https://github.com/quanah/openldap-scratch/tree/its7374> its7389 - Fix MozNSS to fallback to PEM if cert not found in certdb (RE24 ONLY) <https://github.com/quanah/openldap-scratch/tree/its7389> its7442 - Add debug statements when index_intlen values are out of range <https://github.com/quanah/openldap-scratch/tree/its7442> its7520 - Omit unknown schema option for back-ldap <https://github.com/quanah/openldap-scratch/tree/its7520> its8037 - Fix delta-syncrepl with relax <https://github.com/quanah/openldap-scratch/tree/its8037> its8121 - Add LDAP_SASL_SIMPLE to ldap_bind(3) <https://github.com/quanah/openldap-scratch/tree/its8121> its8167 - Fix nonblocking TLS with referrals <https://github.com/quanah/openldap-scratch/tree/its8167> its8404 - Fix assertion with back-meta when olcDbRewrite is changed <https://github.com/quanah/openldap-scratch/tree/its8404> its8578 - Remove unused variables in RE24 <https://github.com/quanah/openldap-scratch/tree/its8578> its8583 - Fix C++ LDAPCtrl structure <https://github.com/quanah/openldap-scratch/tree/its8583> its8605 - Fix various spelling errors <https://github.com/quanah/openldap-scratch/tree/its8605> ----------------------- Suggested for RE25, possibly RE24: its8153 - olcTimeLimit should be SINGLE-VALUE <https://github.com/quanah/openldap-scratch/tree/its8153> its8692 - Support LDAP_MOD_INCREMENT with back-sock <https://github.com/quanah/openldap-scratch/tree/its8692> ----------------------- Purely for RE25: its7042 - Make it possible to unset TLS options with syncrepl <https://github.com/quanah/openldap-scratch/tree/its7042> its7532 - Add ldap_connection function for asynchronous clients <https://github.com/quanah/openldap-scratch/tree/its7532> its7721 - Allow authTimestamp to be forwarded via updateref <https://github.com/quanah/openldap-scratch/tree/its7721> its8291 - Fix slapmodify with BDB backends <https://github.com/quanah/openldap-scratch/tree/its8291> its8527 - Improve SYNC debug output in certain situations <https://github.com/quanah/openldap-scratch/tree/its8527> its8573 - Add TLS options to ldap* tools <https://github.com/quanah/openldap-scratch/tree/its8573-tables> --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 2 months

3
2
0 / 0

Re: kqueue support for OpenLDAP (ITS#6300)

by Quanah Gibson-Mount

--On Tuesday, September 19, 2017 8:17 PM -0700 Quanah Gibson-Mount <quanah(a)symas.com> wrote: > A long long time ago for a release that is now far far away, Apple > submitted a patch adding kqueue support to OpenLDAP. I managed to track > it down and have it working with some changes since the patch was > originally written for OpenLDAP 2.3. In OpenLDAP master, it passed all > tests with back-meta, back-ldap, back-meta backends along with the > accesslog, syncprov, and rwm overlays. That should be "back-mdb, back-ldap, and back-meta". :) --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

6 years, 2 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel September 2017