We are heavily utilising back-sql on our product. Granted it has its issues
but it does so far fulfill our needs. We are currently running on 2.4.58
which we build ourselves for Debian and RHEL/CentOS based systems. We
needed couple of patches to back-sql to make it work for us. I just created
issues (and added my patches) for them. I don't have a slightest idea if
the patches are of any use for you but they make our environments work.
Removing back-sql from future releases would make us stuck with 2.4 release.
--- Aapo Romu
--- Software Architect
--- Eficode Oy
On Mon, 9 Aug 2021 at 00:02, Quanah Gibson-Mount <quanah(a)symas.com> wrote:
> --On Sunday, August 8, 2021 6:32 PM +0100 Howard Chu <hyc(a)symas.com>
> > Quanah Gibson-Mount wrote:
> >> For 2.5, we deprecated:
> >> back-ndb
> >> back-sql
> >> back-perl
> >> Should these be removed for 2.6?
> > I still routinely build back-perl in master. Is there any reason to
> > remove it?
> Not necessarily, that's why I started the discussion. back-bdb was
> deprecated with 2.3, but was around for all of 2.4 as well. I see no
> reason to keep back-ndb around. back-sql has numerous open issues, but
> I've no real insight into whether it retains any usefulness.
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
hyc(a)symas.com wrote in ITS#8240:
> Our patch response was too hasty. There is no OpenLDAP bug here, the real
> issue is production binaries being built with asserts enabled instead of
> compiling with -DNDEBUG. That's an issue for packagers and distros to resolve.
> Closing this ITS, not an OpenLDAP bug.
Maybe I missed something. But this is the first time I've heard about -DNDEBUG
being mandatory when compiling binary packages for production use. Does it
have other effects?
And what are general rules for assert statements in OpenLDAP code?
In my own (Python) code assert statements are supposed to be only triggered if
something goes wrong *internally* (type issues etc.). If somebody manages to
trigger an assert statement with invalid input from "outside" I always
consider this to be a serious bug revealing insufficient error handling even
though e.g. web2ldap just logs the exception but won't crash. YMMV, but please
I also wonder whether there are more mandatory rules for building packages and
where I can find them.
Please don't get me wrong: My inquiry is in good faith to avoid unnecessary
ITS based on misunderstanding.
I'm trying to use OpenLDAP as the basis for a C LDAP client on a POSIX-y (but non-Linux) embedded RTOS, and so would like to replace its OpenSSL TLS backend with an mbedtls backend. (Note that mbedtls, as I understand it, was originally developed as a lightweight embedded replacement for OpenSSL.)
The hacky answer would be to use a translation layer from OpenSSL to mbedtls (the ESP32's esp-idf code has one of these), but this run the risk of hitting a corner case and getting completely stuck. :-(
So... has anyone tried writing a direct mbedtls TLS backend for OpenLDAP? I understand that OpenLDAP had specific licence-related issues with TLS code, and so anything like this might possibly have had to have been developed in a fork under a different licence.
Thanks very much, Nick