openldap-devel April 2019

openldap-devel@openldap.org

5 participants
8 discussions

asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder 05 Nov '21

05 Nov '21

hyc(a)symas.com wrote in ITS#8240: > Our patch response was too hasty. There is no OpenLDAP bug here, the real > issue is production binaries being built with asserts enabled instead of > compiling with -DNDEBUG. That's an issue for packagers and distros to resolve. > Closing this ITS, not an OpenLDAP bug. Maybe I missed something. But this is the first time I've heard about -DNDEBUG being mandatory when compiling binary packages for production use. Does it have other effects? And what are general rules for assert statements in OpenLDAP code? In my own (Python) code assert statements are supposed to be only triggered if something goes wrong *internally* (type issues etc.). If somebody manages to trigger an assert statement with invalid input from "outside" I always consider this to be a serious bug revealing insufficient error handling even though e.g. web2ldap just logs the exception but won't crash. YMMV, but please clarify. I also wonder whether there are more mandatory rules for building packages and where I can find them. Please don't get me wrong: My inquiry is in good faith to avoid unnecessary ITS based on misunderstanding. Ciao, Michael.

1 1

Generating contextCSN on a newly adopted DB
by Ondřej Kuzník 25 Apr '19

25 Apr '19

Dealing with ITS#9015 has lead me to question part of the ITS#8281 fix in cd8ff37629012c1676ef79de164a159da9b2ae89 - the part that refuses to generate a contextCSN on a DB without one. When syncprov is adopting a database that has never been managed by it, it will only generate a new contexCSN if it's a standalone master (its serverID is zero and replicates from noone). But people can and do add a new database on a multimaster node expecting things to work OK, not something that happens now, even worse, we can lie to the consumer and say the DB is empty just because its contextCSN is. AFAIK, the root cause of ITS#8281 (as reported) was diagnosed to be two servers with the same serverID - not something we can or want to support. So my reaction is to make sure we always have a contextCSN (doesn't have to contain our own serverID yet), generating it if not unless we're running with SLAP_SINGLE_SHADOW(be) which means we might be a cascading replica. Is there a scenario that would break things? How about starting with an empty DB, should we still put a contextCSN there? Thanks, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP

1 0

Re: ITS 8996
by Hugh McMaster 23 Apr '19

23 Apr '19

Hi Quanah, On Sun, 21 Apr 2019 at 8:26 am, Quanah Gibson-Mount wrote: > As it is a feature request and not a bug fix, it may be a while as we're > currently working on getting the OpenLDAP 2.4 series (feature frozen) > wrapped up. At that point we can spend a bit more time on planning what > open feature requests will make their way into the next release series > (2.5). Thank you for the update. I had no idea the project was in a feature freeze, as the information doesn’t seem to be anywhere on the website. On that point, are there any plans/ideas to move to bugzilla or even github/gitlab for development? The ITS isn’t the most user friendly platform around. > Hugh

2 1

ITS 8996
by Hugh McMaster 21 Apr '19

21 Apr '19

Hi, I submitted #8996 [1] a month ago. I'm just wondering how long it will stay in Incoming before being reviewed and/or processed. Thank you, Hugh [1] http://www.openldap.org/its/index.cgi/Incoming?id=8996;page=29

2 1

need info for bug #955210: patch for openldap2 package
by Michael Ströder 19 Apr '19

19 Apr '19

HI! Please Cc: openldap-devel(a)openldap.org when replying. I need more information about this locked bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=955210 The bug is referenced in openldap2.changes for this patch: https://build.opensuse.org/package/view_file/network:ldap/openldap2/0009-Fi… OpenLDAP upstream (Cc:-ed) asks whether SUSE folks could file an upstream issue here: https://www.openldap.org/its/ Upstream requires an IPR notice when submitting patches as described here: https://www.openldap.org/devel/contributing.html#notice Thanks in advance. Ciao, Michael.

1 0

SuSE engagement?
by Quanah Gibson-Mount 19 Apr '19

19 Apr '19

Hi Michael, I'm looking at the patches SuSE applies to OpenLDAP, and it would be nice to have some engagement from SuSE on kicking some of these back, particularly something like 0017-Fix-segfault-in-nops.patch, which it appears is to address ITS#8759. Do you know what we need to do on our end to encourage SuSE to contribute back to the community? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 3

ITS review 4/17/2019
by Quanah Gibson-Mount 19 Apr '19

19 Apr '19

Some of these items are RE24 + master, a couple are master only. Some are for LMDB, not sure if they should be 0.9+master or master only. ------------------------------------------------------------------- The following ITSes have a patch or have been committed already. ------------------------------------------------------------------- ITS#8875 - back-mdb - fix performance problems with large DIT and many aliases (has patch) ITS#8864 - liblber - fix ber_flush (fb49d486a35fd4b2e993398c1eea0c8f7bc6ac40) ITS#8508 - liblunicode - Fix ucgendat (cc99da182f53d3d4f3874703643b277773717af3) ITS#8167 - libldap - fix non-blocking TLS (46c93e41f43da7f16270179c6eff75e450617329) ITS#8037 - slapd - Fix delta-syncrepl with relax (cb9a4d01bc1ecf1eeb3fb7ef39067b2b30b6c545) ITS#7721 - contrib/lastbind - allow authtimestamp forwarding with updateref (44e9bda0e42f40e0baf0a2c0ef733eb757abd366) ITS#7770 - back-monitor - Add mdb_stat info (e19c683c41e14365d28e82278eec1d8b12c71d4c , 6e2bac6465bb81a8c1aeb083b6dc497eb4187264 ) ITS#8841 - back-meta - Fix assertion if the network interface goes down (17f1e32b65c332f7a33b77ebe6e20b47188a88aa) ITS#8999 - slapd - Fix telephoneNumberNormalize, cert DN validation (d8c90a2feebb9eeecc69cd0c4411f51cb75a7dbb, 8b7f21c7aa8c99065977b3dd4eb41f9f41eeadde) ITS#8695 - slapd -"sleep" is deprecated (WINDOWS ONLY) (has patch) ITS#8637 - slapd-ldap - Correctly reject invalid config with slapd-config (has patch) ITS#8674 - libldap - Fix leak (has patch) ITS#7996, ITS#8450 - libldap - Fix race condition (has patch) ITS#8427 - slapd/syncrepl - Fix broken behavor for TLS options (has patch) ITS#8417 - liblmdb - Add -T option to mdb_load to specify the mapsize (has patch) ITS#8739 - liblmdb - Fixes fsync check on FreeBSD (has patch) ITS#8748 - liblmdb - New feature for write ops (has patch, IPR OK) ITS#8754 - libldap - Correctly ignore IPv6 if IPv6 is disabled (has patch) ITS#8671 - libldap - ldap_init_fd() in ldap.h (has patch, for Samba project) ITS#7042 - slapd/syncrepl - Allow disconfiguring TLS settings (has patch) ITS#8794 - libraries/libldap - Fix implicit declaration (has minor patch) ITS#9001 - libraries/libldap - Use new Tavl bits to reduce search time (has patch) ITS#9008 - slapd-modules - Fix rpath in module builds (has patch) ITS#8997 - slapd-ldap - Fix segfault (Howard already wrote the patch, just needs to be committed) ------------------------------------------------------------------- The following commits have no associated ITS, but apply to RE24 ------------------------------------------------------------------- 3bda24173df9b071aafc7c3f294c17af3ea2c7d0 -- Do not leak memory in slappasswd 593512bb7b2b5d23a658d3a8d05bdeeb15d7611f -- Just the first commit (there is significant divergence in the tests/slapd-progs between RE24 and master) --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 1

ITSes with no fix that need addressing
by Quanah Gibson-Mount 18 Apr '19

18 Apr '19

------------------------------------------------------------------- The following ITSes need fixes or other other action: ------------------------------------------------------------------- ITS#8967 - back-mdb "unchecked" limits broken with particular search scopes. ITS#8683 - back-meta documented feature hidden behind LDAP_DEVEL ITS#8686 - back-hdb broken with some MODRDN ops ITS#8691 - liblmdb segfault on shutdown (WINDOWS ONLY) ITS#8693, ITS#8799 - conversion from slapd.conf to cn=config is broken for slapo-chain ITS#8694 - Missing event information for slapd (WINDOWS ONLY) ITS#8698 - slapo-ppolicy broken with pwdCheckModule and extended password modify op ITS#8700 - build fails when slapd is disabled ITS#8708 - SASL/EXTERNAL bind succeeds when it should fail ITS#8721 - slapd-meta quarantine broken ITS#8102 - slapd/syncrepl - Mutex issues causing null_callback and other issues ITS#8743 - slapd-meta - Reject invalid slapd.conf -> cn=config conversion ITS#8751 - slapd-meta - deref aliases is broken ITS#8755 - libldap - leaking file descriptor when closing connection ITS#8768 - slapd/syncrepl - New cookie being sent incorrectly ITS#8788 - slapo-pcache - Fix pcache initialization, and documentation update? ITS#8790 - slapd/syncrepl N-way MMR w/o serverID in at least one entry can destroy the MMR cluster (MAJOR BUG), see also ITS#8789 ITS#9002 - slapcat - Add option to honor rtxnsize setting ITS#8998 - ldap.conf/.ldaprc - SASLNOCANON breaks ldapi:// URI -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel April 2019