asserts and manadatory build instructions (was ITS#8240)
by Michael Ströder
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
In my own (Python) code assert statements are supposed to be only triggered if
something goes wrong *internally* (type issues etc.). If somebody manages to
trigger an assert statement with invalid input from "outside" I always
consider this to be a serious bug revealing insufficient error handling even
though e.g. web2ldap just logs the exception but won't crash. YMMV, but please
clarify.
I also wonder whether there are more mandatory rules for building packages and
where I can find them.
Please don't get me wrong: My inquiry is in good faith to avoid unnecessary
ITS based on misunderstanding.
Ciao, Michael.
1 year, 7 months
Generating contextCSN on a newly adopted DB
by Ondřej Kuzník
Dealing with ITS#9015 has lead me to question part of the ITS#8281 fix
in cd8ff37629012c1676ef79de164a159da9b2ae89 - the part that refuses to
generate a contextCSN on a DB without one.
When syncprov is adopting a database that has never been managed by it,
it will only generate a new contexCSN if it's a standalone master (its
serverID is zero and replicates from noone). But people can and do add a
new database on a multimaster node expecting things to work OK, not
something that happens now, even worse, we can lie to the consumer and
say the DB is empty just because its contextCSN is.
AFAIK, the root cause of ITS#8281 (as reported) was diagnosed to be two
servers with the same serverID - not something we can or want to
support.
So my reaction is to make sure we always have a contextCSN (doesn't have
to contain our own serverID yet), generating it if not unless we're
running with SLAP_SINGLE_SHADOW(be) which means we might be a cascading
replica.
Is there a scenario that would break things? How about starting with an
empty DB, should we still put a contextCSN there?
Thanks,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
4 years, 1 month
Re: ITS 8996
by Hugh McMaster
Hi Quanah,
On Sun, 21 Apr 2019 at 8:26 am, Quanah Gibson-Mount wrote:
> As it is a feature request and not a bug fix, it may be a while as we're
> currently working on getting the OpenLDAP 2.4 series (feature frozen)
> wrapped up. At that point we can spend a bit more time on planning what
> open feature requests will make their way into the next release series
> (2.5).
Thank you for the update. I had no idea the project was in a feature
freeze, as the information doesn’t seem to be anywhere on the website.
On that point, are there any plans/ideas to move to bugzilla or even
github/gitlab for development? The ITS isn’t the most user friendly
platform around.
> Hugh
4 years, 1 month
SuSE engagement?
by Quanah Gibson-Mount
Hi Michael,
I'm looking at the patches SuSE applies to OpenLDAP, and it would be nice
to have some engagement from SuSE on kicking some of these back,
particularly something like 0017-Fix-segfault-in-nops.patch, which it
appears is to address ITS#8759. Do you know what we need to do on our end
to encourage SuSE to contribute back to the community?
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
4 years, 1 month
ITS review 4/17/2019
by Quanah Gibson-Mount
Some of these items are RE24 + master, a couple are master only. Some are
for LMDB, not sure if they should be 0.9+master or master only.
-------------------------------------------------------------------
The following ITSes have a patch or have been committed already.
-------------------------------------------------------------------
ITS#8875 - back-mdb - fix performance problems with large DIT and many
aliases (has patch)
ITS#8864 - liblber - fix ber_flush
(fb49d486a35fd4b2e993398c1eea0c8f7bc6ac40)
ITS#8508 - liblunicode - Fix ucgendat
(cc99da182f53d3d4f3874703643b277773717af3)
ITS#8167 - libldap - fix non-blocking TLS
(46c93e41f43da7f16270179c6eff75e450617329)
ITS#8037 - slapd - Fix delta-syncrepl with relax
(cb9a4d01bc1ecf1eeb3fb7ef39067b2b30b6c545)
ITS#7721 - contrib/lastbind - allow authtimestamp forwarding with updateref
(44e9bda0e42f40e0baf0a2c0ef733eb757abd366)
ITS#7770 - back-monitor - Add mdb_stat info
(e19c683c41e14365d28e82278eec1d8b12c71d4c ,
6e2bac6465bb81a8c1aeb083b6dc497eb4187264 )
ITS#8841 - back-meta - Fix assertion if the network interface goes down
(17f1e32b65c332f7a33b77ebe6e20b47188a88aa)
ITS#8999 - slapd - Fix telephoneNumberNormalize, cert DN validation
(d8c90a2feebb9eeecc69cd0c4411f51cb75a7dbb,
8b7f21c7aa8c99065977b3dd4eb41f9f41eeadde)
ITS#8695 - slapd -"sleep" is deprecated (WINDOWS ONLY) (has patch)
ITS#8637 - slapd-ldap - Correctly reject invalid config with slapd-config
(has patch)
ITS#8674 - libldap - Fix leak (has patch)
ITS#7996, ITS#8450 - libldap - Fix race condition (has patch)
ITS#8427 - slapd/syncrepl - Fix broken behavor for TLS options (has patch)
ITS#8417 - liblmdb - Add -T option to mdb_load to specify the mapsize (has
patch)
ITS#8739 - liblmdb - Fixes fsync check on FreeBSD (has patch)
ITS#8748 - liblmdb - New feature for write ops (has patch, IPR OK)
ITS#8754 - libldap - Correctly ignore IPv6 if IPv6 is disabled (has patch)
ITS#8671 - libldap - ldap_init_fd() in ldap.h (has patch, for Samba project)
ITS#7042 - slapd/syncrepl - Allow disconfiguring TLS settings (has patch)
ITS#8794 - libraries/libldap - Fix implicit declaration (has minor patch)
ITS#9001 - libraries/libldap - Use new Tavl bits to reduce search time (has
patch)
ITS#9008 - slapd-modules - Fix rpath in module builds (has patch)
ITS#8997 - slapd-ldap - Fix segfault (Howard already wrote the patch, just
needs to be committed)
-------------------------------------------------------------------
The following commits have no associated ITS, but apply to RE24
-------------------------------------------------------------------
3bda24173df9b071aafc7c3f294c17af3ea2c7d0 -- Do not leak memory in slappasswd
593512bb7b2b5d23a658d3a8d05bdeeb15d7611f -- Just the first commit (there is
significant divergence in the tests/slapd-progs between RE24 and master)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
4 years, 1 month
ITSes with no fix that need addressing
by Quanah Gibson-Mount
-------------------------------------------------------------------
The following ITSes need fixes or other other action:
-------------------------------------------------------------------
ITS#8967 - back-mdb "unchecked" limits broken with particular search scopes.
ITS#8683 - back-meta documented feature hidden behind LDAP_DEVEL
ITS#8686 - back-hdb broken with some MODRDN ops
ITS#8691 - liblmdb segfault on shutdown (WINDOWS ONLY)
ITS#8693, ITS#8799 - conversion from slapd.conf to cn=config is broken for
slapo-chain
ITS#8694 - Missing event information for slapd (WINDOWS ONLY)
ITS#8698 - slapo-ppolicy broken with pwdCheckModule and extended password
modify op
ITS#8700 - build fails when slapd is disabled
ITS#8708 - SASL/EXTERNAL bind succeeds when it should fail
ITS#8721 - slapd-meta quarantine broken
ITS#8102 - slapd/syncrepl - Mutex issues causing null_callback and other
issues
ITS#8743 - slapd-meta - Reject invalid slapd.conf -> cn=config conversion
ITS#8751 - slapd-meta - deref aliases is broken
ITS#8755 - libldap - leaking file descriptor when closing connection
ITS#8768 - slapd/syncrepl - New cookie being sent incorrectly
ITS#8788 - slapo-pcache - Fix pcache initialization, and documentation
update?
ITS#8790 - slapd/syncrepl N-way MMR w/o serverID in at least one entry can
destroy the MMR cluster (MAJOR BUG), see also ITS#8789
ITS#9002 - slapcat - Add option to honor rtxnsize setting
ITS#8998 - ldap.conf/.ldaprc - SASLNOCANON breaks ldapi:// URI
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
4 years, 1 month