openldap-devel August 2018

openldap-devel@openldap.org

3 participants
4 discussions

asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder 04 Nov '21

04 Nov '21

hyc(a)symas.com wrote in ITS#8240: > Our patch response was too hasty. There is no OpenLDAP bug here, the real > issue is production binaries being built with asserts enabled instead of > compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. > Closing this ITS, not an OpenLDAP bug. Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code? In my own (Python) code assert statements are supposed to be only triggered if something goes wrong *internally* (type issues etc.). If somebody manages to trigger an assert statement with invalid input from "outside" I always consider this to be a serious bug revealing insufficient error handling even though e.g. web2ldap just logs the exception but won't crash. YMMV, but please clarify. I also wonder whether there are more mandatory rules for building packages and where I can find them. Please don't get me wrong: My inquiry is in good faith to avoid unnecessary ITS based on misunderstanding. Ciao, Michael.

1 1

TLS 1.3 and 0-RTT
by Michael Ströder 06 Sep '18

06 Sep '18

HI! Are there any plans to support TLS 1.3? The 0-RTT feature could be a significant performance gain in case LDAP applications open a new TLS connection each time they check a password with a bind request. Ciao, Michael.

2 1

OpenLDAP Developer Day 2018
by Howard Chu 22 Aug '18

22 Aug '18

In case you missed it, we're holding an event to celebrate the 20th anniversary of the OpenLDAP Project this October in Germany. Talks are being solicited now. https://daasi.de/de/call-for-content_odd2018/ -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

cn=config support for non-overlay modules and naming conventions
by Quanah Gibson-Mount 02 Aug '18

02 Aug '18

The slapo-ppolicy overlay has a parameter for loading an external module for doing additional password checks. One example of this would be the LTB project's PPM (password policy module) extension. However, we currently have no method in OpenLDAP for supporting configuration for such a module via cn=config. Using this module, we can see two basic issues: a) There needs to be a way to load schema for the module for whatever its configuration items are b) There needs to be a way to use so that it can have multiple policies (similar to ppolicy) so that you can have different password checking policies. Something like: pwdCheckModule <modulepath> <policyDN>. In this way, you could have multiple password policies with different password check requirements. Additionally, we currently do not have a standard on a naming convention for manual pages, etc, for such an item. I would propose slapm-<name> (m for module), such as "slapm-ppm.5" Thoughts etc welcome. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel August 2018