openldap-devel November 2019

openldap-devel@openldap.org

5 participants
4 discussions

asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder 05 Nov '21

05 Nov '21

hyc(a)symas.com wrote in ITS#8240: > Our patch response was too hasty. There is no OpenLDAP bug here, the real > issue is production binaries being built with asserts enabled instead of > compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. > Closing this ITS, not an OpenLDAP bug. Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code? In my own (Python) code assert statements are supposed to be only triggered if something goes wrong *internally* (type issues etc.). If somebody manages to trigger an assert statement with invalid input from "outside" I always consider this to be a serious bug revealing insufficient error handling even though e.g. web2ldap just logs the exception but won't crash. YMMV, but please clarify. I also wonder whether there are more mandatory rules for building packages and where I can find them. Please don't get me wrong: My inquiry is in good faith to avoid unnecessary ITS based on misunderstanding. Ciao, Michael.

1 1

2.4 commit review
by Quanah Gibson-Mount 12 Jan '20

12 Jan '20

A few commits stacking up, so would like to review them for inclusion in an eventual 2.4.49. I think all of the following look good for RE24, but wanted to confirm specifically on (a) the GnuTLS changes, (b) the cleaner error handling during connection setup, and (c) the Totp changes. OpenLDAP: ITS#9067 fix syntax evaluation of preferredDeliveryMethod ITS#8753 Set minimum GnuTLS version to 3.2.2 ITS#9071 Document "tls none" for back-ldap ITS#9069 Do not call gnutls_global_set_mutex() ITS#9077 slapo-unique Let the loop finish ITS#9095 insert missing commit at end of slapindex processing ITS#9091 drop attr mappings added in an aborted txn ITS#9100 relax domainScope check for absent value ITS#9112 cleaner error handling during connection setup Contrib: Totp: ITS#9055 Introduce a combined password scheme TotP: ITS#9055 Accept previous token LMDB: ITS#9068 fix backslash escaping Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

5 9

Re: 2.4 commit review
by Hugh McMaster 24 Nov '19

24 Nov '19

Hi Quanah, On Sat, 2 Nov 2019 at 03:32, Quanah Gibson-Mount wrote: > > A few commits stacking up, so would like to review them for inclusion in an > eventual 2.4.49. Any chance that ITS#8996 could be included? Back in April, you said pkg-config support would need to wait for a 2.5 release [1], but given the pace of development, that could still be months or years away. Thanks, Hugh [1] http://www.openldap.org/lists/openldap-devel/201904/msg00012.html

3 9

Session tracking control
by Howard Chu 05 Nov '19

05 Nov '19

It looks like we currently parse this control, but only to allow logging its contents, and nothing more. Seems like it would be useful to carry the parsed info along with the o_authz struct, and make it usable in the ACL engine. This would allow setting ACLs that can distinguish between different applications acting on behalf of a given user (or service). Any security downside to this? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel November 2019