Quanah Gibson-Mount wrote:
Howard -- Looking for a thumbs up/down on these.
The following ITSes were mostly supplied with patches and are IPR ok. I've imported them into my openldap-scratch repo for easy review. If they didn't have a supplied patch, I did the related work. Branch names are by ITS.
Suggested for LMDB 0.9:
its8612 - Fix LMDB builds on Solaris & derivative OSes https://github.com/quanah/openldap-scratch/tree/its6035
OK.
Suggested for RE24:
its5048 - Fix documentation for entryCSN with syncprov https://github.com/quanah/openldap-scratch/tree/its5048
OK
its7100 - Fix slapo-dds with entryTTL currently not decreasing https://github.com/quanah/openldap-scratch/tree/its7100
OK
its7373 - Fix tls_session reuse when hostname check fails https://github.com/quanah/openldap-scratch/tree/its7373
OK
its7374 - Fix MozNSS file matching for hashed CA cert directory (RE24 ONLY) https://github.com/quanah/openldap-scratch/tree/its7374
OK
its7389 - Fix MozNSS to fallback to PEM if cert not found in certdb (RE24 ONLY) https://github.com/quanah/openldap-scratch/tree/its7389
Questionable, since the required PEM support module is 3rd party and not included in MozNSS. We have no way to test or support this patch.
its7442 - Add debug statements when index_intlen values are out of range https://github.com/quanah/openldap-scratch/tree/its7442
Looks pointless.
its7520 - Omit unknown schema option for back-ldap https://github.com/quanah/openldap-scratch/tree/its7520
OK
its8037 - Fix delta-syncrepl with relax https://github.com/quanah/openldap-scratch/tree/its8037
Looks like an enhancement, not a bugfix
its8121 - Add LDAP_SASL_SIMPLE to ldap_bind(3) https://github.com/quanah/openldap-scratch/tree/its8121
OK
its8167 - Fix nonblocking TLS with referrals https://github.com/quanah/openldap-scratch/tree/its8167
OK, but non-blocking TLS was LDAP_DEVEL, not supported in RE24. This patch should be master/RE25 only.
its8404 - Fix assertion with back-meta when olcDbRewrite is changed https://github.com/quanah/openldap-scratch/tree/its8404
OK
its8578 - Remove unused variables in RE24 https://github.com/quanah/openldap-scratch/tree/its8578
OK
its8583 - Fix C++ LDAPCtrl structure https://github.com/quanah/openldap-scratch/tree/its8583
OK
its8605 - Fix various spelling errors https://github.com/quanah/openldap-scratch/tree/its8605
Introduces trailing whitespace - kill that before committing. In general, this patch falls under the "do not improve" rule http://www.openldap.org/devel/programming.html and should be rejected for not fixing any actual bugs. Many of the typos being fixed are in comments that are never user-visible anyway. Pollutes git history for a large number of files without any significant benefit.
Better leave it out of re24.
its8687 - OpenSSL 1.1 compatibility, fix build when cross-compiling https://github.com/quanah/openldap-scratch/tree/its8687
Squash into a single commit.
Purely for RE25:
its6035 - Fix slapd so it doesn't require restart after modifying olcAuthzRegexp https://github.com/quanah/openldap-scratch/tree/its6035
OK
its6300 - Add support for kqueue https://github.com/quanah/openldap-scratch/tree/its6300
OK
its6475 - Add documentation to slapd.conf(5) and slapd-config(5) for SASLDONTUSECOPY https://github.com/quanah/openldap-scratch/compare/its6475
OK
its7042 - Make it possible to unset TLS options with syncrepl https://github.com/quanah/openldap-scratch/tree/its7042
OK
its7532 - Add ldap_connection function for asynchronous clients https://github.com/quanah/openldap-scratch/tree/its7532
OK Ondrej was just asking about this one yesterday anyway.
its7721 - Allow authTimestamp to be forwarded via updateref https://github.com/quanah/openldap-scratch/tree/its7721
OK
its8037 - Fixes delta-sync replication when "relax" is used to modify the structural OC of an entry https://github.com/quanah/openldap-scratch/tree/its8037
OK
its8153 - olcTimeLimit should be SINGLE-VALUE https://github.com/quanah/openldap-scratch/tree/its8153
OK
its8291 - Fix slapmodify with BDB backends https://github.com/quanah/openldap-scratch/tree/its8291
OK
its8508 - ucgendat.c properly add title-case characters without upper-case equivalents (e.g. greek letters with iota subscript) https://github.com/quanah/openldap-scratch/tree/its8508
OK
its8511 - Fix documentation for multimaster, deprecate mirrormode https://github.com/quanah/openldap-scratch/tree/its8511
Gratuitous change, existing docs and practices are already established. Hard enough to get people to update their docs, this is a bad idea.
its8527 - Improve SYNC debug output in certain situations https://github.com/quanah/openldap-scratch/tree/its8527
OK
its8573 - Add TLS options to ldap* tools https://github.com/quanah/openldap-scratch/tree/its8573-tables
The manpage updates are a bit excessive. Maybe we need a single manpage just for common options, that we can refer to from all of the individual commands' pages.
its8692 - Support LDAP_MOD_INCREMENT with back-sock https://github.com/quanah/openldap-scratch/tree/its8692
OK
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Friday, October 06, 2017 2:27 PM +0100 Howard Chu hyc@symas.com wrote:
Quanah Gibson-Mount wrote:
Suggested for RE24:
its7389 - Fix MozNSS to fallback to PEM if cert not found in certdb (RE24 ONLY) https://github.com/quanah/openldap-scratch/tree/its7389
Questionable, since the required PEM support module is 3rd party and not included in MozNSS. We have no way to test or support this patch.
This appears to be a fix for ITS#7276 (Added 2.4.32, 2012/07/31), which we already accepted into RE24. So it seems a legitimate fix to include in RE24.
its7442 - Add debug statements when index_intlen values are out of range https://github.com/quanah/openldap-scratch/tree/its7442
Looks pointless.
Well, the man page is not clear on this point. I'm fine dropping the debug statements, but what about the manpage updates which clarify the min/max allowed values?
its8037 - Fix delta-syncrepl with relax https://github.com/quanah/openldap-scratch/tree/its8037
Looks like an enhancement, not a bugfix
I included this for RE24 as the reporter hit this problem with RE24. If we don't want to put it in RE24, are we OK for RE25/master?
its8167 - Fix nonblocking TLS with referrals https://github.com/quanah/openldap-scratch/tree/its8167
OK, but non-blocking TLS was LDAP_DEVEL, not supported in RE24. This patch should be master/RE25 only.
I noted this for RE24 because the reporter was using the feature in RE24 (I.e., they specifically enabled it). Is there any harm in including (but not documenting via the changes file) it in RE24?
its8605 - Fix various spelling errors https://github.com/quanah/openldap-scratch/tree/its8605
Introduces trailing whitespace - kill that before committing. In general, this patch falls under the "do not improve" rule http://www.openldap.org/devel/programming.html and should be rejected for not fixing any actual bugs. Many of the typos being fixed are in comments that are never user-visible anyway. Pollutes git history for a large number of files without any significant benefit.
Better leave it out of re24.
Is this ok for master/RE25 then?
its8511 - Fix documentation for multimaster, deprecate mirrormode https://github.com/quanah/openldap-scratch/tree/its8511
Gratuitous change, existing docs and practices are already established. Hard enough to get people to update their docs, this is a bad idea.
This change is not gratuitous in the least. The misinformation in our current documentation leads to constant confusion among end users, who often do not want to go to the lengths necessary to deploy the *concept* that is mirror mode, and instead just want to do "multimaster", so they leave our current misnamed 'mirrormode' parameter set to false. Fixing the documentation to match the reality of what's being configured is a positive step to removing confusion and to stop misleading end users on what is being done. I've provided numerous links from the mailing list where this caused problems for end users before. Our parameters should reflect what they actually do.
its8573 - Add TLS options to ldap* tools https://github.com/quanah/openldap-scratch/tree/its8573-tables
The manpage updates are a bit excessive. Maybe we need a single manpage just for common options, that we can refer to from all of the individual commands' pages.
Ok, I'll add that to my RE25 stack of rework.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
-
Howard Chu -
Quanah Gibson-Mount