asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
In my own (Python) code assert statements are supposed to be only triggered if
something goes wrong *internally* (type issues etc.). If somebody manages to
trigger an assert statement with invalid input from "outside" I always
consider this to be a serious bug revealing insufficient error handling even
though e.g. web2ldap just logs the exception but won't crash. YMMV, but please
clarify.
I also wonder whether there are more mandatory rules for building packages and
where I can find them.
Please don't get me wrong: My inquiry is in good faith to avoid unnecessary
ITS based on misunderstanding.
Ciao, Michael.
1 year, 2 months
OpenLDAP stand at FOSDEM
by Michael Ströder
HI!
As discussed yesterday we could run a stand at FOSDEM which takes place
2 & 3 February 2019 at Brussels.
The CfP for various kinds of contributions:
https://fosdem.org/2019/news/
Application form for a stand:
https://submission.fosdem.org/stands.php
I'd be willing to spend some time at an OpenLDAP booth.
@Howard: Would you like to apply for it?
I'm not sure whether somebody requested a IAM devroom again.
Will try to monitor that.
Ciao, Michael.
4 years
ITS#8286 round 2
by Quanah Gibson-Mount
Here's where I've ended up with for ITS#8286. Only 2 real remaining
questions if this looks good (olcTLSCertificateKey and olcTLSVerifyClient).
Commit is currently
<https://github.com/quanah/openldap-scratch/commit/efef34db2f36e00a44c3f2d...>
---------------- servers/slapd/bconfig.c -----------------------
olcConfigFile -- Changed to case exact match
olcConfigDir -- Changed to case exact match
olcArgsFile -- Changed to case exact match
olcLogFile -- case exact match
olcModulePath -- case exact match
olcPasswordCryptSaltFormat -- case ignore match
olcPidFile -- case exact match
olcPluginLogFile -- case exact match
olcRootPw -- octetStringMatch
olcSaslAuxprops -- case ignore match
olcSaslHost -- case ignore match
olcSaslRealm -- case exact match
olcSaslSecProps -- case exact match
olcSizeLimit -- case exact match
olcSubordinate -- case exact match
olcTCPBuffer -- case exact match
olcTimeLimit -- case exact match
olcTLSCACertificateFile -- case exact match
olcTLSCACertificatePath -- case exact match
olcTLSCertificateFile -- case exact match
olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the SYNTAX be
1.3.6.1.4.1.1466.115.121.1.8? And use certificateExactMatch?
olcTLSCertificateKeyFile -- case exact match
olcTLSCipherSuite -- case exact match
olcTLSCRLCheck -- case exact match
olcTLSCRLFile -- case exact match
olcTLSRandFile -- case exact match
olcTLSVerifyClient -- case exact match (Shouldn't this be an enum, like
olcMemberOfDangling ?)
olcTLSDHParamFile -- case exact match
olcTLSECName -- case exact match
olcTLSProtocolMin -- case exact match
---------------- BACKENDS -----------------------
--- back-asyncmeta
olcDbURI -- case exact match
olcDbStartTLS -- case exact match
olcDbACLPasswd -- DELETE
olcDbIDAssertBind -- case ignore match
olcDbTFSupport -- case ignore match
olcDbTimeout -- case ignore match
olcDbIdleTimeout -- case ignore match
olcDbNetworkTimeout -- case ignore match
olcDbCancel -- case ignore match
olcDbQuarantine -- case ignore match
olcDbDefaultTarget -- case ignore match
olcDbDnCacheTtl -- case ignore match
olcDbBindTimeout -- integer match
olcDbOnErr -- case ignore match
olcDbNretries -- case ignore match
olcDbClientPr -- case ignore match
olcDbKeepalive -- case ignore match
--- back-bdb/hdb
olcDbCheckpoint -- case ignore match
olcDbCryptFile -- case exact match
olcDbCryptKey -- case exact match
olcDbConfig -- IA5 case ignore match
olcDbLockDetect -- case ignore match
olcDbMode -- case ignore match
--- back-ldap
olcDbURI -- case exact match
olcDbStartTLS -- case exact match
olcDbACLPasswd -- DELETE
olcDbACLBind -- case ignore match
olcDbIDAssertPasswd -- DELETE
olcDbIDAssertBind -- case ignore match
olcDbIDAssertMode -- DELETE
olcDbTFSupport -- case ignore match
olcDbTimeout -- case ignore match
olcDbIdleTimeout -- case ignore match
olcDbConnTtl -- case ignore match
olcDbNetworkTimeout -- case ignore match
olcDbCancel -- case ignore match
olcDbQuarantine -- case ignore match
olcDbOnErr -- case ignore match
olcDbKeepalive -- case ignore match
--- back-mdb
olcDbDirectory -- Changed to case exact match
olcDbCheckpoint -- case ignore match
olcDbMode -- case ignore match
--- back-meta
olcDbURI -- case exact match
olcDbStartTLS -- case exact match
olcDbACLPasswd -- DELETE
olcDbIDAssertBind -- case ignore match
olcDbTFSupport -- case ignore match
olcDbTimeout -- case ignore match
olcDbIdleTimeout -- case ignore match
olcDbConnTtl -- case ignore match
olcDbNetworkTimeout -- case ignore match
olcDbCancel -- case ignore match
olcDbQuarantine -- case ignore match
olcDbDefaultTarget -- case ignore match
olcDbDnCacheTtl -- case ignore match
olcDbBindTimeout -- integer match
olcDbOnErr -- case ignore match
olcDbNretries -- case ignore match
olcDbClientPr -- case ignore match
olcDbKeepalive -- case ignore match
--- back-sql
olcDbHost -- case exact match
olcDbName -- case exact match
olcDbUser -- case exact match
olcDbPass -- case exact match
olcSqlConcatPattern -- case exact match
olcSqlSubtreeCond -- case exact match
olcSqlChildrenCond -- case exact match
olcSqlDnMatchCond-- case exact match
olcSqlOcQuery -- case exact match
olcSqlAtQuery -- case exact match
olcSqlInsEntryStmt -- case exact match
olcSqlUpperFunc -- case exact match
olcSqlStrcastFunc -- case exact match
olcSqlDelEntryStmt -- case exact match
olcSqlRenEntryStmt -- case exact match
olcSqlDelObjclassesStmt -- case exact match
olcSqlBaseObject -- case exact match
olcSqlLayer -- case exact match
olcSqlFetchAttrs -- case ignore match
olcSqlAliasingKeyword -- case exact match
olcSqlAliasingQuote -- case ignore match
olcSqlIdQuery -- case exact match
---------------- OVERLAYS -----------------------
--- accesslog.c
logpurge -- case ignore match
logold -- case exact match
--- auditlog.c
olcAuditLogFile -- case exact match
--- autoca.c
olcACAuserClass -- case ignore match
olcACAserverClass -- case ignore match
--- dds.c
olcDDSmaxTtl -- case ignore match
olcDDSminTtl -- case ignore match
olcDDSdefaultTtl -- case ignore match
olcDDSinterval -- case ignore match
olcDDStolerance -- case ignore match
--- dyngroup.c
olcDGAttrPair -- case ignore match
--- memberof.c
olcMemberOfDangling -- case ignore match
olcMemberOfGroupOC -- case ignore match
olcMemberOfMemberAD -- case ignore match
olcMemberOfMemberOfAD -- case ignore match
olcMemberOfDanglingError -- case ignore match
--- pcache.c
olcProxyCache -- case ignore match
olcPcachePosition -- case ignore match
olcPcacheMaxQueries -- case ignore match
--- rwm.c
olcRwmTFSupport -- case ignore match
--- syncprov.c
olcSpCheckpoint -- case ignore match
--- translucent.c
olcTranslucentLocal -- case ignore match
olcTranslucentRemote -- case ignore match
---------------- CONTRIB -----------------------
--- adremap.c
olcADremapDowncase -- case ignore match
olcADremapDNmap -- case ignore match
--- autogroup.c
olcAGmemberOfAd -- case ignore match
--- smbk5pwd.c
olcSmbK5PwdEnable -- case ignore match
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
4 years, 1 month
Re: openldap.git branch master updated. 9cc97ea9e1c9ee2ee9f7d427ef9b950e890c219f
by Howard Chu
openldap-commit2devel(a)OpenLDAP.org wrote:
> A ref change was pushed to the OpenLDAP (openldap.git) repository.
> It will be available in the public mirror shortly.
>
> The branch, master has been updated
> via 9cc97ea9e1c9ee2ee9f7d427ef9b950e890c219f (commit)
> from 2731ff0c23ae29414d12658f31d9d3bde6b5c374 (commit)
>
> Those revisions listed above that are new to this repository have
> not appeared on any other notification email; so we list those
> revisions in full, below.
>
> - Log -----------------------------------------------------------------
> commit 9cc97ea9e1c9ee2ee9f7d427ef9b950e890c219f
> Author: Howard Chu <hyc(a)openldap.org>
> Date: Thu Dec 13 06:29:32 2018 -0800
>
> MS AD DirSync support
>
> Requires "attribute_option range=" in config.
Correction: "attributeoptions range="
> No test script provided yet, since testing requires an actual AD server.
Here's a sample config, assuming the AD server's baseDN is "dc=ldapsync,dc=local"
It's based on the consumer config from test017.
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
include ./schema/msuser.schema
attributeoptions range=
database mdb
suffix "dc=ldapsync,dc=local"
rootdn "cn=Replica,dc=ldapsync,dc=local"
rootpw secret
directory ./testrun/db.2.a
index objectClass eq
index cn,sn,uid pres,eq,sub
index entryUUID,entryCSN eq
syncrepl rid=1
provider=ldap://ldapsync/
binddn="cn=Administrator,cn=users,dc=ldapsync,dc=local"
bindmethod=simple
credentials=MSAD-secret
searchbase="dc=ldapsync,dc=local"
filter="(|(objectClass=user)(objectclass=group))"
schemachecking=off
scope=sub
type=dirSync
interval=00:00:00:03
updateref ldap://ldapsync/
database monitor
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> servers/slapd/schema/msuser.ldif | 4299 ++++++++++++++++++++++++++++++++++++
> servers/slapd/schema/msuser.schema | 4295 +++++++++++++++++++++++++++++++++++
> servers/slapd/syncrepl.c | 610 ++++-
> 3 files changed, 9140 insertions(+), 64 deletions(-)
> create mode 100644 servers/slapd/schema/msuser.ldif
> create mode 100644 servers/slapd/schema/msuser.schema
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
4 years, 1 month