HI!
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
Personally I see no use but one never knows...
Ciao, Michael.
Am Tue, 09 Dec 2014 18:46:55 +0100 schrieb Michael Ströder michael@stroeder.com:
HI!
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
There should be no harm to compile. Early Samba4 used udp for transport.
-Dieter
Dieter Klünter wrote:
Am Tue, 09 Dec 2014 18:46:55 +0100 schrieb Michael Ströder michael@stroeder.com:
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
There should be no harm to compile. Early Samba4 used udp for transport.
I thought Samba4 has its own LDAP client and server implementation.
Are you sure Samba4 uses connection-less LDAP implementation of OpenLDAP's libldap?
Ciao, Michael.
Am Wed, 10 Dec 2014 00:01:11 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Am Tue, 09 Dec 2014 18:46:55 +0100 schrieb Michael Ströder michael@stroeder.com:
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
There should be no harm to compile. Early Samba4 used udp for transport.
I thought Samba4 has its own LDAP client and server implementation.
As I mentioned 'early Samba4', and development leading to 4.
Are you sure Samba4 uses connection-less LDAP implementation of OpenLDAP's libldap?
They are, for the time being, not using libldap.
-Dieter
Dieter Klünter wrote:
Am Wed, 10 Dec 2014 00:01:11 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Am Tue, 09 Dec 2014 18:46:55 +0100 schrieb Michael Ströder michael@stroeder.com:
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
There should be no harm to compile. Early Samba4 used udp for transport.
I thought Samba4 has its own LDAP client and server implementation.
As I mentioned 'early Samba4', and development leading to 4.
Are you sure Samba4 uses connection-less LDAP implementation of OpenLDAP's libldap?
They are, for the time being, not using libldap.
=> dropped -DLDAP_CONNECTIONLESS
BTW: Experience shows that the code of rarely needed or unused features most times get not much attention. Thus it's also a security measure not to add it.
Ciao, Michael.
On 12/10/14 09:59 +0100, Michael Ströder wrote:
=> dropped -DLDAP_CONNECTIONLESS
BTW: Experience shows that the code of rarely needed or unused features most times get not much attention. Thus it's also a security measure not to add it.
Good point. This feature sounds ripe for amplification attacks.
Michael Ströder wrote:
Dieter Klünter wrote:
Am Wed, 10 Dec 2014 00:01:11 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
Am Tue, 09 Dec 2014 18:46:55 +0100 schrieb Michael Ströder michael@stroeder.com:
Another packaging decision:
Is building with -DLDAP_CONNECTIONLESS of any real use?
Is there any harm using it?
There should be no harm to compile. Early Samba4 used udp for transport.
I thought Samba4 has its own LDAP client and server implementation.
As I mentioned 'early Samba4', and development leading to 4.
Are you sure Samba4 uses connection-less LDAP implementation of OpenLDAP's libldap?
They are, for the time being, not using libldap.
=> dropped -DLDAP_CONNECTIONLESS
BTW: Experience shows that the code of rarely needed or unused features most times get not much attention. Thus it's also a security measure not to add it.
As I noted at the beginning of this year, http://symas.com/docs/2014FOSDEM-WhatsNewInOpenLDAP.pdf there has been a renewed effort to build Samba4/AD compatibility inside OpenLDAP. This LDAP_CONNECTIONLESS feature was originally written for PADL's XAD, an AD clone built on top of OpenLDAP, and it is being reused for the same purpose (AD compatibility) again now.
Howard Chu wrote:
As I noted at the beginning of this year, http://symas.com/docs/2014FOSDEM-WhatsNewInOpenLDAP.pdf there has been a renewed effort to build Samba4/AD compatibility inside OpenLDAP. This LDAP_CONNECTIONLESS feature was originally written for PADL's XAD, an AD clone built on top of OpenLDAP, and it is being reused for the same purpose (AD compatibility) again now.
Noted. If it's ready to be packaged I will happily re-enable -DLDAP_CONNECTIONLESS.
But for now: Unused code which isn't there does not break.
Ciao, Michael.
Michael Ströder wrote:
Howard Chu wrote:
As I noted at the beginning of this year, http://symas.com/docs/2014FOSDEM-WhatsNewInOpenLDAP.pdf there has been a renewed effort to build Samba4/AD compatibility inside OpenLDAP. This LDAP_CONNECTIONLESS feature was originally written for PADL's XAD, an AD clone built on top of OpenLDAP, and it is being reused for the same purpose (AD compatibility) again now.
Noted. If it's ready to be packaged I will happily re-enable -DLDAP_CONNECTIONLESS.
But for now: Unused code which isn't there does not break.
I basically agree with your decision. Just also note that disabling this breaks both server and client support for cldap://, and it is sometimes useful to be able to issue cldap:// search queries against M$AD/Samba4 servers.
Howard Chu wrote:
Michael Ströder wrote:
Howard Chu wrote:
As I noted at the beginning of this year, http://symas.com/docs/2014FOSDEM-WhatsNewInOpenLDAP.pdf there has been a renewed effort to build Samba4/AD compatibility inside OpenLDAP. This LDAP_CONNECTIONLESS feature was originally written for PADL's XAD, an AD clone built on top of OpenLDAP, and it is being reused for the same purpose (AD compatibility) again now.
Noted. If it's ready to be packaged I will happily re-enable -DLDAP_CONNECTIONLESS.
But for now: Unused code which isn't there does not break.
I basically agree with your decision. Just also note that disabling this breaks both server and client support for cldap://, and it is sometimes useful to be able to issue cldap:// search queries against M$AD/Samba4 servers.
Hmm, never tried it myself. Does it already reliably work in 2.4.40?
Ciao, Michael.
openldap-technical@openldap.org
-
Dan White -
Dieter Klünter -
Howard Chu -
Michael Ströder