openldap-devel

openldap-devel@openldap.org

1418 discussions

poll/epoll patch for libldap?
by Nicholas Dronen 28 Aug '08

28 Aug '08

Hi: I work on a commercial server application, a gateway, which uses pam_ldap to authenticate users in some situations. As a server application, it can easily exceed the 1024 default file descriptor limit of select(2), which has bitten us recently. Since the server application ships in an appliance, we can provide a patch in the form of an OpenLDAP RPM that's been recompiled with -DOPENLDAP_FD_SETSIZE. That fixes the immediate problem for us, but would you be willing to accept a patch to libldap that gave developers a programmatic way to use poll or epoll instead of having to recompile? Regards, Nick

5 8

Re: commit: openldap-guide/admin replication.sdf
by ghenry＠OpenLDAP.org 18 Aug '08

18 Aug '08

----- ghenry(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/openldap-guide/admin > > Modified Files: > replication.sdf 1.62 -> 1.63 > > Log Message: > To do list review: small typo quick fix. This means the following list I've just compiled whilst reviewing the current state of the admin guide and my own todos: # OpenLDAP Test suite * Go through Samba stuff again # OpenLDAP contrib scripts for generating LDIF etc. # OpenLDAP Admin Guide - * Intro o Tighten "LDAP vs RDBMS" o Check "What is slapd and what can it do?" o "Replicated Directory Service" - add MultiMaster picture. * "Configuring slapd" - check DIT layout is right * "The slapd Configuration File" - check backends are correct and in above * "Access Control" - Finish "Converting from slapd.conf(5) to a cn=config directory format" * Backends section to finish * Overlays section to finish * Maintenance section to finish * Monitoring section to finish * Tuning section to finish * More in Troubleshooting section * More in Upgrading from 2.3.x section * Check "Recommended OpenLDAP Software Dependency Versions" section * Do some "Real World OpenLDAP Deployments and Examples" * "OpenLDAP Software Contributions" to complete * "Configuration File Examples" to complete Just e-mailing here for reference. If anyone sees any quick grabs they are interested in ;-) Thanks, Gavin. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

What happened to cvs.openldap.org?
by Michael Ströder 16 Aug '08

16 Aug '08

HI! Since yesterday I can't reach the pserver on cvs.OpenLDAP.org anymore. $ cvs up -Rd . cvs [update aborted]: connect to cvs.OpenLDAP.org(204.152.186.56):2401 failed: Connection refused Ciao, Michael.

2 3

Re: commit: ldap/libraries/libldap ldap-tls.h tls2.c tls_g.c tls_m.c tls_o.c ldap-int.h
by Howard Chu 13 Aug '08

13 Aug '08

hyc(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/ldap/libraries/libldap > > Modified Files: > ldap-int.h 1.189 -> 1.190 > Added Files: > ldap-tls.h NONE -> 1.1 > tls2.c NONE -> 1.1 > tls_g.c NONE -> 1.1 > tls_m.c NONE -> 1.1 > tls_o.c NONE -> 1.1 > > Log Message: > Modular TLS support, proof of concept. tls2.c would replace tls.c, > but I'm leaving tls.c intact for now. The GnuTLS and OpenSSL support are working fine; the MozillaNSS support is still pretty broken; it can't initialize itself. (However, it sort of works when linked into a Mozilla app that already does the NSS initialization. See the patch here https://bugzilla.mozilla.org/show_bug.cgi?id=292127 for one example of to accomplish that.) -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

HEADS UP: tls restructuring
by Howard Chu 13 Aug '08

13 Aug '08

I've split all of the OpenSSL and GnuTLS-specific code into their own separate source files, to clean up some of the #ifdef mess that was in tls.c before. This approach actually allows support for both to be compiled in at the same time. I'll probably add an LDAP_OPT_X option to select which implementation to use at runtime. (It might make sense to make these dynamically loadable modules, but for now I don't want to make libldap dependent on ltdl/dlopen/whatever.) I have not committed these changes yet. Probably will in the next day or two unless there are objections. There's one user-visible change: get_option(LDAP_OPT_X_TLS_SSL_CTX) now returns a pointer to a privately defined structure. For GnuTLS this is in fact the same behavior as before. For OpenSSL this is a change; it used to return the actual (SSL *). If this is going to break something of yours, holler now... -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 4

reduced DEFAULT_SEARCH_STACK_DEPTH
by Suhel Momin 11 Aug '08

11 Aug '08

Hi, I want to understand what is the impact of changing following #defines #define DEFAULT_SEARCH_STACK_DEPTH 16 #define MINIMUM_SEARCH_STACK_DEPTH 8 I can see that this value is used to allocate search_stack. I modified these values to #define DEFAULT_SEARCH_STACK_DEPTH 4 #define MINIMUM_SEARCH_STACK_DEPTH 2 This helped in reducing memory footprint however I am not sure about the wide range impact. Thanks, Suhel

2 1

multiple calls to ldap_initialize
by manu＠netbsd.org 04 Aug '08

04 Aug '08

Hello The man page says that ldap_initialize should not be re-entered, since it does initialize the library. As I understand this statement, it means that it can be called multiple times (to get simultaneous connexions to multiple LDAP servers), provided the calls are done sequentially. Is that right? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu(a)netbsd.org

1 0

Remove SunOS LWP support
by Hallvard B Furuseth 30 Jul '08

30 Jul '08

libraries/libldap_r/thr_lwp.c (SunOS LWP) has since 1999 (rev 1.5) said: /* This implementation NEEDS WORK. It currently does not compile */ I suggest we kill LWP support. Has anyone tried to use it since 1999? Note, configure --with-threads=lwp turns into either Solaris threads (#define HAVE_THR) or SunOS LWP (#define HAVE_LWP). -- Hallvard

3 3

Re: commit: openldap-guide/admin appendix-recommended-versions.sdf aspell.en.pws install.sdf maintenance.sdf quickstart.sdf runningslapd.sdf schema.sdf slapdconf2.sdf slapdconfig.sdf
by Howard Chu 25 Jul '08

25 Jul '08

ghenry(a)OpenLDAP.org wrote: > Update of /repo/OpenLDAP/pkg/openldap-guide/admin > > Modified Files: > appendix-recommended-versions.sdf 1.4 -> 1.5 > aspell.en.pws 1.24 -> 1.25 > install.sdf 1.47 -> 1.48 > maintenance.sdf 1.11 -> 1.12 > quickstart.sdf 1.51 -> 1.52 > runningslapd.sdf 1.23 -> 1.24 > schema.sdf 1.50 -> 1.51 > slapdconf2.sdf 1.47 -> 1.48 > slapdconfig.sdf 1.107 -> 1.108 > > Log Message: > (ITS#5616) Docs: various admin guide corrections > > CVS Web URLs: > http://www.openldap.org/devel/cvsweb.cgi/admin/?cvsroot=OpenLDAP-guide > http://www.openldap.org/devel/cvsweb.cgi/admin/appendix-recommended-version… > http://www.openldap.org/devel/cvsweb.cgi/admin/aspell.en.pws?cvsroot=OpenLD… Who validated these corrections? "datebase" is not a valid word. There are several terms in this diff that are invalid. > http://www.openldap.org/devel/cvsweb.cgi/admin/install.sdf?cvsroot=OpenLDAP… > http://www.openldap.org/devel/cvsweb.cgi/admin/maintenance.sdf?cvsroot=Open… > http://www.openldap.org/devel/cvsweb.cgi/admin/quickstart.sdf?cvsroot=OpenL… > http://www.openldap.org/devel/cvsweb.cgi/admin/runningslapd.sdf?cvsroot=Ope… > http://www.openldap.org/devel/cvsweb.cgi/admin/schema.sdf?cvsroot=OpenLDAP-… > http://www.openldap.org/devel/cvsweb.cgi/admin/slapdconf2.sdf?cvsroot=OpenL… > http://www.openldap.org/devel/cvsweb.cgi/admin/slapdconfig.sdf?cvsroot=Open… > > Changes are generally available on cvs.openldap.org (and CVSweb) > within 30 minutes of being committed. > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

2 1

back-bdb flaw
by Howard Chu 23 Jul '08

23 Jul '08

There appears to be a long-standing problem with back-bdb and entries with more than BDB_IDL_DB_MAX immediate children. If the entryIDs of the children are non-contiguous, then attempts to delete the subtree of the entry will fail, because the IDL range for the OneLevel index in the dn2id DB will never zero out. back-hdb doesn't have this problem. Not sure what an appropriate fix is. Ideally, when deleting an entry whose ID corresponds to either the lower or upper bound of the range, we should update the range with the ID of the next remaining sibling. But there's no easy way to search for that ID, so we just increment/decrement the range by 1. The OneLevel index is the only structure that can quickly tell us what the siblings are, and it's obviously useless when this situation arises. The only way to search would be to [inc/dec]rement the ID and retrieve the corresponding entry's DN to see if it is a sibling of the deleted entry, and loop until a sibling is found or we run into the opposite range boundary. On a large DB this will be extremely slow. Seems like the best fix is to deprecate back-bdb and only use back-hdb from now on. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

5 15

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-devel