Jordan Brown wrote:
> Is there even a straightforward way in the protocol to get type information?
> If the protocol won't tell you, a client library can't tell you.
Any client can retrieve the schema definition of any schema element using an
LDAP Search request.
--
-- Howard Chu
why it wouldn't work in
2.5/2.6.
>
> Regards,
>
>
> Le 26/02/2024 à 16:54, Howard Chu a écrit :
>> The recent work on expanding dynamic group functionality in the dynlist
>> overlay seems to have been
>> a bad idea. It makes an already fairly complex overlay even more
d feedback appreciated.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
recommend turning that journaling off with LMDB; it's redundant with LMDB's own
COW strategy and harms
perf for no benefit.
Of course, you don't even need to trust the filesystem, you can just use LMDB
on a raw block device.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Graham Leggett wrote:
> On 03 Jan 2024, at 18:02, Howard Chu wrote:
>
>>> https://bugs.openldap.org/show_bug.cgi?id=10149
>>
>> Looks a bit like a chicken'n'egg situation, why should anyone trust the
>> connection that was used to
>> retrieve
retrieve certs and keys from the designated URI?
>
> This allows replication in 389ds to be fixed, with the patch available here
> for anyone interested:
>
> https://github.com/389ds/389-ds-base/pull/6021
>
> Regards,
> Graham
> —
>
--
-- Howard Chu
CTO
Howard Chu wrote:
> Johan wrote:
>> Hello all,
>
>> We have an OpenLDAP instance proxying an active directory with back_meta
>> and> mr_passthru.
>> We also have pcache on top, and as it do not support
>> LDAP_MATCHING_RULE_IN_CHAIN, I looked about imple
gt; P.S.: Is there a reason mr_passthru is not included to OpenLDAP ? not even in
> contrib ?
Since no one has contributed it upstream, I have no idea what you're talking
about.
Ask whoever wrote whatever it is.
> Thanks for reading
--
-- Howard Chu
CTO, Symas Corp. http://www.
. For each entry returned by the Search request, the
modOps would be applied
to the entry before returning it. A response control would be attached to each
entry, giving the
result code for the modification attempt on that entry.
Anyone interested in implementing this as an overlay?
--
-- Howard Chu
Michael Ströder wrote:
> On 11/18/22 14:35, Howard Chu wrote:
>> Michael Ströder wrote:
>>> Could you please have a short look at the build log in OBS and
>>> watch out for the compiler options used? They use many of the build
>>> hardening options: >>
&
Michael Ströder wrote:
> On 11/18/22 07:32, Howard Chu wrote:
>> Michael Ströder wrote:
>>> make test seems to fail for openSUSE on riscv64 already for test000-rootdse.
>>>
>>> Not sure whether that's an issue with build options in the .spec file or
>>>
cfarm.tetaneutral.net/machines/list/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
t;>
>> make test seems to fail for openSUSE on riscv64 already for test000-rootdse.
> Also of note might be ITS#9916 which has a proposed
> patch already[0], can you give that a try?
Irrelevant, since test000 does no backend operations.
--
-- Howard Chu
CTO, Symas Corp.
Currently having second thoughts about moving ahead on this, as FOSDEM
is always overcrowded and that's probably not a good place to be, with
COVID still rampant in so many mutations.
Howard Chu wrote:
> Michael Ströder wrote:
>> On 10/17/22 19:29, Michael Ströder wrote:
>>>
Michael Ströder wrote:
> On 10/17/22 19:29, Michael Ströder wrote:
>> On 10/17/22 19:22, Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> On 10/17/22 18:31, Howard Chu wrote:
>>>>> Anyone interested in setting up at FOSDEM next year?
>>>&
Michael Ströder wrote:
> On 10/17/22 18:31, Howard Chu wrote:
>> Anyone interested in setting up at FOSDEM next year?
>
> Run an OpenLDAP stand or request an IAM dev room for some talks?
An IAM dev room sounds like a more worthwhile use of time. ?
>
> Ciao, Michael.
>
Anyone interested in setting up at FOSDEM next year?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
re possible. That's the aim of ITS#9356.
>
> I hope I haven't missed anything important.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, vs
keeping stability over the long term.
*i.e., enterprises want to avoid any version updates unless they're for a
specific feature
they commissioned. We considered resurrecting use of the STABLE tag but that
really didn't
satisfy, and its use was retired for good reasons.
--
-- Howard Chu
ointless memory
copying and speed up overlay processing overall.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
consider the attached patch as a valid solution?
No. You haven't provided any independently verifiable data to measure the
effects of this change.
> 2. Improving slapo-constraint would also help.
What does that have to do with anything?
>
> On 8/13/21 10:59 AM, Michael Ströder wrot
re probable to stay in the future
> releases of the OpenLDAP.
>
> Best regards
> Aapo Romu
>
>
> --- Aapo Romu
> --- Software Architect
> --- Eficode Oy
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun h
gt; --- Eficode Oy
>
> On Mon, 9 Aug 2021 at 00:02, Quanah Gibson-Mount <mailto:qua...@symas.com>> wrote:
>
>
>
> --On Sunday, August 8, 2021 6:32 PM +0100 Howard Chu <mailto:h...@symas.com>> wrote:
>
> > Quanah Gibson-Mount wrote:
Quanah Gibson-Mount wrote:
For 2.5, we deprecated:
back-ndb
back-sql
back-perl
Should these be removed for 2.6?
I still routinely build back-perl in master. Is there any reason to remove it?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
Quanah Gibson-Mount wrote:
--On Sunday, August 8, 2021 3:21 AM +0100 Howard Chu wrote:
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu
wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unautho
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unauthorized data disclosure, or unauthorized
remote code execution. We do not consider assert() failures
Quanah Gibson-Mount wrote:
--On Friday, August 6, 2021 3:11 PM +0100 Howard Chu wrote:
Planning to post this to -announce soon, any comments?
Just a reminder to everyone: the Project has a long-standing policy of
doing active development on only one release version at a time. To
allow
rity flaws.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
by a similar function/macro, really.
Good point. Too much trouble for now, I'm going to revert this.
(I tried to add a comment in Github, but that didn't
seem to work, so mailing here instead.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
Ondřej Kuzník wrote:
On Wed, Jul 14, 2021 at 03:40:35PM +0100, Howard Chu wrote:
Howard Chu wrote:
Just some initial thoughts on what a new logging daemon should do for us:
Scaling back to something easier for now:
We'll use the existing Debug msgs as-is. The olcLogFile directive
Howard Chu wrote:
Just some initial thoughts on what a new logging daemon should do for us:
Scaling back to something easier for now:
We'll use the existing Debug msgs as-is. The olcLogFile directive will specify
the
path of a local logging file to write to. Currently, writing
Michael Ströder wrote:
> HI!
>
> This looks like spam to me:
Yes, we see it. Of course it will be dealt with, same as 9604 and 9605.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenL
Michael Ströder wrote:
> On 5/5/21 1:29 PM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> TLSProtocolMin 3.3
>>> TLSCipherSuite HIGH
>>
>> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
>> has no TLSv1.3 ciphers tho
Michael Ströder wrote:
> Filed ITS:
>
> https://bugs.openldap.org/show_bug.cgi?id=9546
Not a bug. Closing.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Archite
Michael Ströder wrote:
> On 5/5/21 2:51 AM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release
>>> 2.5.4 when connecting to an 2.4 provider:
>>>
>>> TLS: can't connect: error:141A90B5
hing like a crypto policy configuration:
>
> https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openssl-1.1.1-system-cipherlist.patch?expand=1
>
> Any clue what's going on?
What ciphers have you configured on your client and server? What versions of
OpenSSL are runn
;>
>> (I think they have very little value and should just be dropped; that would
>> be OK too.)
>>
>> SASL username: somen...@example.com
>> SASL SSF: 56
>> SASL data security layer installed.
>>
>> --
>> Jordan Brown, Oracle ZFS Storage Appli
>
> So anyway, one struct per LDAP_blah_NULLARG. Then replace most
> NULLARGs with {0}. But must add lots of macros, for the old fields.
>
> ==
>
> Hallvard
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
> first
> class citizen among the TLS backends (i.e. rather than using our OpenSSL
> compatibility layer and modifying tls_o.c, use wolfSSL's native functions and
> create a
> new tls_w.c). Looking forward to hearing from you.
>
> Thanks!
>
> Hayden Roche
>
--
Tero Saarni wrote:
> Howard Chu wrote:
>> In any heavily loaded environment you'll find that connection establishment
>> becomes serious overhead in itself. Thus it's better to aim for longer lived
>> connections that get reused as much as possible.
>
> Sure
ablishment
becomes serious overhead in itself. Thus it's better to aim for longer lived
connections that get reused as much as possible.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
> Michael Ströder wrote:
>> HI!
>>
>> As usual I'm using openSUSE Build Service to build openldap2 RPMs. This
>> smoothly works with 2.4.x.
>>
>> But building 2.5 branch snapshot fails.
>>
>> Maybe OBS compiler options are set p
/_log
Looks like it's complaining about some warnings in slapd-mtread.c. But the
warnings are bogus,
the output strings will never be anywhere close to the size of the output
buffers.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
Paul B. Henson wrote:
> On 11/19/2020 1:37 PM, Howard Chu wrote:
>
>> This would require that you actually read and process the proxy header
>> immediately after the accept call. It strikes me that this is the wrong
>> thing to do, if you also want to support TLS.
>
&g
Paul B. Henson wrote:
> On 11/19/2020 10:02 AM, Howard Chu wrote:
>
>>> 1. Config directives for specifying IP address(es) and network(s) expected
>>> and trusted to send proxy protocol header.
>>
>> Sounds like unnecessary work. Just use an ACL.
>
>
Michael Ströder wrote:
> On 11/19/20 5:04 PM, Howard Chu wrote:
>> Paul B. Henson wrote:
>>> In general, I believe applications listening on a specific port are either
>>> expecting the proxy protocol header, or not, I do not think it is
>>> dynam
roxy header to populate the
> appropriate data
> structures regarding connection, and then move on as it normally would to
> deal with the connection.
>
> If this feature is of interest, I will probably spend a little time poking at
> it and seeing how much trouble it wi
.
sha2 is already obsolete, for password purposes. I see no reason to promote it.
>
> FWIW:
> slapo-noopsrch and slapo-lastbind is what I use in almost every
> installation.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, High
s mutex init
> ITS#9182 - pcache: fix private DB init
Sounds fine, they're simple enough.
Did you also pull in the utf8bvnormalize leak patch?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Arch
assed by both client and server (tips
> and help welcome).
Thanks for this. Would be nice to get other testers' eyes on it.
Don't spend any time on the MozNSS backend, we are removing it.
>
> Thoughts?
>
> Refs [1]:
> https://github.com/cyrusimap/cyrus-sasl/pull/601
> https:/
e it in the release and default it to disabled.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
e tree and left
> master only.
Sounds fine.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Pallissard, Matthew wrote:
>
>
> On 2020-03-06T17:02:14, Howard Chu wrote:
>> Howard Chu wrote:
>>> Just some initial thoughts on what a new logging daemon should do for us:
>>>
>>> The primary goal - we want to use a binary message format with as few
Ondřej Kuzník wrote:
> On Thu, Mar 05, 2020 at 04:06:42PM +0000, Howard Chu wrote:
>> Just some initial thoughts on what a new logging daemon should do for us:
>>
>> The primary goal - we want to use a binary message format with as few format
>> conversions as pos
Howard Chu wrote:
> Just some initial thoughts on what a new logging daemon should do for us:
>
> The primary goal - we want to use a binary message format with as few format
> conversions as possible between log
> sender and log processor.
One other concern - what do we do abo
me because of the additional
moving parts:
message catalog creator, log server, log postprocessor. There's definitely more
complexity
here, but most of it is moved out of the runtime hot path, which is the main
goal. Suggestions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
;
> SRCH attr=cn givenName sn mail aeStatus
>
> Is there any rationale for that?
Because any of DN, filter, or attrs could be too long for a single syslog
message.
On many systems the limit was 1024 characters; using a single log message
resulted
in too many truncated messages.
--
-- Howard
fer stability. Over the past
7+
years we've catered too much to their need for stability, resulting in many new
features
sitting only in git master, unreleased for years. This new strategy is an
attempt to
prevent new features from languishing unreleased for so long, while still
providing for
the more st
r folks interested in gathering to do so.
Maybe even take some meeting minutes and forward here afterward.
>
> Ciao, Michael.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ondřej Kuzník wrote:
> On Wed, Dec 18, 2019 at 02:02:40AM +0000, Howard Chu wrote:
>> Ondřej Kuzník wrote:
>>> How about being able to merge identical attribute definitions whether
>>> they come from config or directly from code?
>>
>> We've got other ove
groups + old memberOf overlay and dynamic groups + dynamic memberOf
> concurrently in the deployment.
Which will work already with the code in master.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect,
Ondřej Kuzník wrote:
> On Mon, Dec 16, 2019 at 06:55:56PM +0000, Howard Chu wrote:
>> The dynlist overlay doesn't define the memberOf attribute schema.
>> Something else needs to do that, either loading it as user-defined
>> schema, or relying on the memberof overlay to a
Quanah Gibson-Mount wrote:
>
>
> --On Monday, December 16, 2019 11:46 PM +0100 Ondřej Kuzník
> wrote:
>
>> On Mon, Dec 16, 2019 at 06:55:56PM +, Howard Chu wrote:
>>> The dynlist overlay doesn't define the memberOf attribute schema.
>>> Somethin
what a better
approach would be.
Suggestions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
> So from an active developer's perspective, it adds steps but doesn't add
>> useful information.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Hugh McMaster wrote:
> Hi Howard,
>
> On Sun, 24 Nov 2019 at 01:59, Howard Chu wrote:
>> AFAICS it is just another moving part that breaks. It doesn't provide any
>> information.
>> To use it you have to know whether to look in the /usr configs or /usr/local
>
Hugh McMaster wrote:
> On Fri, 22 Nov 2019 at 21:59, Howard Chu wrote:
>> Quanah Gibson-Mount wrote:
>>> Howard, what's your opinion/thought on adding this for master/RE25? Ryan
>>> tested it and it worked for him.
>>
>> My personal opinion is that pkg-con
g whatever I was working on at the time.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, November 5, 2019 8:12 PM +0000 Howard Chu
> wrote:
>
>> Ryan Tandy wrote:
>>>> ITS#9069 Do not call gnutls_global_set_mutex()
>>>
>>> Subject to hyc's approval, but I think this could go in.
Ryan Tandy wrote:
>> ITS#9069 Do not call gnutls_global_set_mutex()
>
> Subject to hyc's approval, but I think this could go in. It's been in Debian
> since 10.0 and Ubuntu since 19.04, no negative feedback.
OK, sounds fine then.
--
-- Howard Chu
CTO, Symas Corp.
different applications acting
on behalf of a given user (or service).
Any security downside to this?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
05,#7800 fix ...), I
> have read both, but they haven't helped either.
If the checks in
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/back-mdb/dn2id.c;h=93fd3e387e968a1928eaa0f82211bcbc3687e777;hb=HEAD#l782
don't
find a result, then id doesn't get advanced a
ig, start another one if you really can't resist.)
>
> Again, thanks for being brave and getting this far, let us know what you
> think. This is mostly vaporware yet, giving everyone a great opportunity
> to shape the project and leave their mark - remember that without your
> help, it will take a long while before it's ready!
>
> Regards,
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ME_MAX + 1];
> }
>
>
> In cyrus.c, we have:
>
> #ifdef HAVE_CYRUS_SASL
> ...
> #ifdef HAVE_LIMITS_H
> #include
> #endif
> ...
>
>
> in config.log, it has:
>
> #define HAVE_CYRUS_SASL 1
>
> and
>
> #define HAVE_LIMITS_H 1
>
> So
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:54 PM +0100 Howard Chu wrote:
>> Feel free to add a note to slapd.conf(5) / slapd-config(5) about TLS
>> defaults.
I take this back. Pretty sure we've had this debate before, haven't found it in
the list archive.
We ex
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:02 PM +0100 Howard Chu wrote:
>
>> As I already said: there is no reason for the syncrepl consumer and
>> back-ldap to behave identically. The manpages are correct in each case.
>
> I've never said they should b
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu wrote:
>
>>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu
>>> wrote:
>>>
>>>> The behavior is supposed to be exactly as specified in the manpages.
>>>
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu wrote:
>
>> The behavior is supposed to be exactly as specified in the manpages.
>>
>> There is no reason to expect back-ldap and syncrepl to be exactly alike;
>> they perform differ
Quanah Gibson-Mount wrote:
> --On Saturday, July 20, 2019 8:43 PM +0100 Howard Chu wrote:
>
>> As documented in slapd-ldap(5)
>>
>>> The TLS settings default to the same as the main
>>> slapd TLS settings, e
lapd where one can configure things like CA cert
> and have it defaulted into all TLS clients? I'm not aware of one, yet it
> seems like
> an obvious thing to provide...
As documented in slapd-ldap(5)
> The TLS settings default to the same as the main slapd TLS
>
Michael Ströder wrote:
> On 7/17/19 4:41 PM, Howard Chu wrote:
>> strace is not useful here. Pretty sure we've stated this many times before.
>
> Sorry. Indeed ltrace output is more helpful.
>
> Here's
h
> does not say much:
> LDAPNOINIT=1 /usr/sbin/dhcpd -T
strace is not useful here. Pretty sure we've stated this many times before.
Use ltrace in this case.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Ch
derstanding that if the memberof overlay is responsible
> maintaining this attribute NO-USER-MODIFICATION should be added.
>
> Any objections against adding it?
>
> Ciao, Michael.
>
ISTR a few things would break when that was uncommented. Feel free to test it
out though.
--
-- Ho
Michael Ströder wrote:
> On 6/27/19 6:23 PM, Michael Ströder wrote:
>> On 6/27/19 6:18 PM, Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> On 6/14/19 5:15 PM, Quanah Gibson-Mount wrote:
>>>>> Thanks to Ondrej, this list is a bit shorter now. :)
>
ay
are
only the sysadmin's business, not any end user's.
> I have a back-port patch for this in my own 2.4.47 packages because it
> is very useful.
>
> Ciao, Michael.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://hig
if !defined(HOST_NAME_MAX) && defined(_POSIX_HOST_NAME_MAX)
> +#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
> +#endif
> +
> #include "ldap-int.h"
>
> #ifdef HAVE_CYRUS_SASL
>
>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
>
nt everything gets
> rebuilt anyway if OpenLDAP upgrade is pushed. But I want to make sure I
> fully understand everything and there's no issue left e.g. by
> introducing openldap.h.
>
> Ciao, Michael.
>
> [1]
> https://build.opensuse.org/package/view_file/home:stroeder:bran
> ITS#8875 - back-mdb - fix performance problems with large DIT and many
> aliases (has patch, RE25 only)
>
> ITS#8997 - slapd-ldap - Fix segfault (Howard already wrote the patch,
> just needs to be committed)
OK.
>
> ITS#9000 - slapo-memberof - Fix group rename issu
Michael Ströder wrote:
> On 3/18/19 5:15 PM, Howard Chu wrote:
>> I noticed that OpenSSL 1.1 now has an explicit dependency on Pthreads. Which
>> means that now
>> even our "non-threaded" libldap, when built with OpenSSL, must actually be
>> linked wit
Michael Ströder wrote:
> HI!
>
> Does anybody here think it's worth to give this a try?
>
> https://developers.google.com/season-of-docs/docs/
>
> Ciao, Michael.
>
Sure, why not? At least we can submit an application. Anyone have time to
mentor?
--
-- Howa
eaded
LDAP library any more? Should we just make libldap_r become the standard
library?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
s issue?
>
> ITS#8973 opened: http://www.openldap.org/its/index.cgi?findid=8973
>
>>From my point of view this is a regression in 2.4.47, but maybe the bug
> is inside the C# LDAP API.
>
There is no regression in 2.4.47 here.
--
-- Howard Chu
CTO, Symas Corp.
ITS#8952 - High CPU usage when idletime is < 4 (fix committed to master)
>
> Any objections to me syncing these over into RE24?
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified,
On Wednesday, January 23, 2019 6:27 PM + Howard Chu
>> wrote:
>>
>>> Rouven WEILER wrote:
>>>> Hello there,
>>>>
>>>> I am actually writing a package for OpenIndiana.
>>>> The automatic test routine may use the test ta
saw up to now the outout seems to be supposed to differ in some
> lines…
>
> Can someone help me there?
Not sure what you're trying to accomplish, OpenLDAP hasn't used ldbm in over 12
years.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland S
Michael Ströder wrote:
> On 11/22/18 10:13 PM, Michael Ströder wrote:
>> On 10/15/18 9:46 PM, Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> On 10/9/18 8:05 AM, Michael Ströder wrote:
>>>>> As discussed yesterday we could run a stand at FOSDE
Howard Chu wrote:
> Quanah Gibson-Mount wrote:
>> --On Tuesday, December 18, 2018 5:53 PM +0000 Howard Chu
>> wrote:
>>
>>>>
>>>> servers/slapd/bconfig.c ---
>>>
>>>> olcT
Quanah Gibson-Mount wrote:
> --On Tuesday, December 18, 2018 5:53 PM +0000 Howard Chu
> wrote:
>
>>>
>>> servers/slapd/bconfig.c ---
>>
>>> olcTLSCertificateKey -- ??? (Private SYNTAX OID) Shouldn't the SYNTAX
&g
ease it with 2.4.47?
If the patch is correct, the original patch author must submit it to the ITS.
The CVE makes no sense, since as already noted in the ITS, the bug is caused
by the nops overlay which is in contrib, and not officially part of OpenLDAP
Software.
--
-- Howard Chu
CTO, Symas Co
1 - 100 of 1256 matches
Mail list logo
