of 10 minutes.
Bugzilla appears to be running normally now. Considering increasing the bantime
further, we'll see.
Reply to this thread if you notice any other problems in the next few days.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Su
I note that there is a default REFHOPLIMIT defined in ldap-int.h and a
refhoplimit field in
the ldap options structure. But there is no option defined to change it via
ldap_set_option().
Seems like a 26 year oversight. Should that be added for 2.7?
--
-- Howard Chu
CTO, Symas Corp
Jordan Brown wrote:
> Is there even a straightforward way in the protocol to get type information?
> If the protocol won't tell you, a client library can't tell you.
Any client can retrieve the schema definition of any schema element using an
LDAP Search request.
--
--
eason why it wouldn't work in
2.5/2.6.
>
> Regards,
>
>
> Le 26/02/2024 à 16:54, Howard Chu a écrit :
>> The recent work on expanding dynamic group functionality in the dynlist
>> overlay seems to have been
>> a bad idea. It makes an already fairly complex overlay eve
e
dynlist config.
Testing and feedback appreciated.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
rbing. But we always
recommend turning that journaling off with LMDB; it's redundant with LMDB's own
COW strategy and harms
perf for no benefit.
Of course, you don't even need to trust the filesystem, you can just use LMDB
on a raw block device.
--
-- Howard Chu
CTO, Symas C
Graham Leggett wrote:
> On 03 Jan 2024, at 18:02, Howard Chu wrote:
>
>>> https://bugs.openldap.org/show_bug.cgi?id=10149
>>
>> Looks a bit like a chicken'n'egg situation, why should anyone trust the
>> connection that was used to
>> retrieve ce
as used to
retrieve certs and keys from the designated URI?
>
> This allows replication in 389ds to be fixed, with the patch available here
> for anyone interested:
>
> https://github.com/389ds/389-ds-base/pull/6021
>
> Regards,
> Graham
> —
>
--
-- Howard
Howard Chu wrote:
> Johan wrote:
>> Hello all,
>
>> We have an OpenLDAP instance proxying an active directory with back_meta
>> and> mr_passthru.
>> We also have pcache on top, and as it do not support
>> LDAP_MATCHING_RULE_IN_CHAIN, I looked about imple
> P.S.: Is there a reason mr_passthru is not included to OpenLDAP ? not even in
> contrib ?
Since no one has contributed it upstream, I have no idea what you're talking
about.
Ask whoever wrote whatever it is.
> Thanks for reading
--
-- Howard Chu
CTO, Symas Corp. h
body. For each entry returned by the Search request, the
modOps would be applied
to the entry before returning it. A response control would be attached to each
entry, giving the
result code for the modification attempt on that entry.
Anyone interested in implementing this as an overlay?
--
--
Michael Ströder wrote:
> On 11/18/22 14:35, Howard Chu wrote:
>> Michael Ströder wrote:
>>> Could you please have a short look at the build log in OBS and
>>> watch out for the compiler options used? They use many of the build
>>> hardening options: >>
&
Michael Ströder wrote:
> On 11/18/22 07:32, Howard Chu wrote:
>> Michael Ströder wrote:
>>> make test seems to fail for openSUSE on riscv64 already for test000-rootdse.
>>>
>>> Not sure whether that's an issue with build options in the .spec file or
>&g
ps://cfarm.tetaneutral.net/machines/list/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
t;
>> make test seems to fail for openSUSE on riscv64 already for test000-rootdse.
> Also of note might be ITS#9916 which has a proposed
> patch already[0], can you give that a try?
Irrelevant, since test000 does no backend operations.
--
-- Howard Chu
CTO, Symas Corp.
Currently having second thoughts about moving ahead on this, as FOSDEM
is always overcrowded and that's probably not a good place to be, with
COVID still rampant in so many mutations.
Howard Chu wrote:
> Michael Ströder wrote:
>> On 10/17/22 19:29, Michael Ströder wrote:
>>
Michael Ströder wrote:
> On 10/17/22 19:29, Michael Ströder wrote:
>> On 10/17/22 19:22, Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> On 10/17/22 18:31, Howard Chu wrote:
>>>>> Anyone interested in setting up at FOSDEM next year?
>>>>
Michael Ströder wrote:
> On 10/17/22 18:31, Howard Chu wrote:
>> Anyone interested in setting up at FOSDEM next year?
>
> Run an OpenLDAP stand or request an IAM dev room for some talks?
An IAM dev room sounds like a more worthwhile use of time. ?
>
> Ciao, Michael.
>
Anyone interested in setting up at FOSDEM next year?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
re possible. That's the aim of ITS#9356.
>
> I hope I haven't missed anything important.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
available, vs
keeping stability over the long term.
*i.e., enterprises want to avoid any version updates unless they're for a
specific feature
they commissioned. We considered resurrecting use of the STABLE tag but that
really didn't
satisfy, and its use was retired for good reasons.
uce a bit
of pointless memory
copying and speed up overlay processing overall.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
you consider the attached patch as a valid solution?
No. You haven't provided any independently verifiable data to measure the
effects of this change.
> 2. Improving slapo-constraint would also help.
What does that have to do with anything?
>
> On 8/13/21 10:59 AM, Michael St
the maintenance
> of the back-sql I might be willing to temporarily look over things regarding
> that component if it would make it more probable to stay in the future
> releases of the OpenLDAP.
>
> Best regards
> Aapo Romu
>
>
> --- Aapo Romu
> --- Softwa
ect
> --- Eficode Oy
>
> On Mon, 9 Aug 2021 at 00:02, Quanah Gibson-Mount <mailto:qua...@symas.com>> wrote:
>
>
>
> --On Sunday, August 8, 2021 6:32 PM +0100 Howard Chu <mailto:h...@symas.com>> wrote:
>
> > Quanah Gibson-Mount wr
Quanah Gibson-Mount wrote:
For 2.5, we deprecated:
back-ndb
back-sql
back-perl
Should these be removed for 2.6?
I still routinely build back-perl in master. Is there any reason to remove it?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
Quanah Gibson-Mount wrote:
--On Sunday, August 8, 2021 3:21 AM +0100 Howard Chu wrote:
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu
wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unautho
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unauthorized data disclosure, or unauthorized
remote code execution. We do not consider assert() failures
Quanah Gibson-Mount wrote:
--On Friday, August 6, 2021 3:11 PM +0100 Howard Chu wrote:
Planning to post this to -announce soon, any comments?
Just a reminder to everyone: the Project has a long-standing policy of
doing active development on only one release version at a time. To
allow
rity flaws.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
a similar function/macro, really.
Good point. Too much trouble for now, I'm going to revert this.
(I tried to add a comment in Github, but that didn't
seem to work, so mailing here instead.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Hi
Ondřej Kuzník wrote:
On Wed, Jul 14, 2021 at 03:40:35PM +0100, Howard Chu wrote:
Howard Chu wrote:
Just some initial thoughts on what a new logging daemon should do for us:
Scaling back to something easier for now:
We'll use the existing Debug msgs as-is. The olcLogFile directive
Howard Chu wrote:
Just some initial thoughts on what a new logging daemon should do for us:
Scaling back to something easier for now:
We'll use the existing Debug msgs as-is. The olcLogFile directive will specify
the
path of a local logging file to write to. Currently, writing to
Michael Ströder wrote:
> HI!
>
> This looks like spam to me:
Yes, we see it. Of course it will be dealt with, same as 9604 and 9605.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenL
Michael Ströder wrote:
> On 5/5/21 1:29 PM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> TLSProtocolMin 3.3
>>> TLSCipherSuite HIGH
>>
>> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
>> has no TLSv1.3 ciphers th
Michael Ströder wrote:
> On 5/5/21 1:29 PM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> TLSProtocolMin 3.3
>>> TLSCipherSuite HIGH
>>
>> Then you're getting TLSv1.3 on these connections. Your ciphersuite config
>> has no TLSv1.3 ciphers th
Michael Ströder wrote:
> Filed ITS:
>
> https://bugs.openldap.org/show_bug.cgi?id=9546
Not a bug. Closing.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Archite
Michael Ströder wrote:
> On 5/5/21 2:51 AM, Howard Chu wrote:
>> Michael Ströder wrote:
>>> I have issues with OpenSSL ciphers on my openSUSE Tumbleweed and release
>>> 2.5.4 when connecting to an 2.4 provider:
>>>
>>> TLS: can't connect: error:141
nted something like a crypto policy configuration:
>
> https://build.opensuse.org/package/view_file/security:tls/openssl-1_1/openssl-1.1.1-system-cipherlist.patch?expand=1
>
> Any clue what's going on?
What ciphers have you configured on your client and server? What versions of
O
; function?
>>
>> (I think they have very little value and should just be dropped; that would
>> be OK too.)
>>
>> SASL username: somen...@example.com
>> SASL SSF: 56
>> SASL data security layer installed.
>>
>> --
>> Jordan Brown, Oracle ZF
a missing update causes
a compile-time error instead of being ignorable.
>
> So anyway, one struct per LDAP_blah_NULLARG. Then replace most
> NULLARGs with {0}. But must add lots of macros, for the old fields.
>
> ==
>
> Hallvard
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
e we'd want to make wolfSSL a
> first
> class citizen among the TLS backends (i.e. rather than using our OpenSSL
> compatibility layer and modifying tls_o.c, use wolfSSL's native functions and
> create a
> new tls_w.c). Looking forward to hearing from you.
>
> Than
Tero Saarni wrote:
> Howard Chu wrote:
>> In any heavily loaded environment you'll find that connection establishment
>> becomes serious overhead in itself. Thus it's better to aim for longer lived
>> connections that get reused as much as possible.
>
> Sur
connection establishment
becomes serious overhead in itself. Thus it's better to aim for longer lived
connections that get reused as much as possible.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
> Michael Ströder wrote:
>> HI!
>>
>> As usual I'm using openSUSE Build Service to build openldap2 RPMs. This
>> smoothly works with 2.4.x.
>>
>> But building 2.5 branch snapshot fails.
>>
>> Maybe OBS compiler options are
dap25/_log
Looks like it's complaining about some warnings in slapd-mtread.c. But the
warnings are bogus,
the output strings will never be anywhere close to the size of the output
buffers.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Paul B. Henson wrote:
> On 11/19/2020 1:37 PM, Howard Chu wrote:
>
>> This would require that you actually read and process the proxy header
>> immediately after the accept call. It strikes me that this is the wrong
>> thing to do, if you also want to support TLS.
>
&g
Paul B. Henson wrote:
> On 11/19/2020 10:02 AM, Howard Chu wrote:
>
>>> 1. Config directives for specifying IP address(es) and network(s) expected
>>> and trusted to send proxy protocol header.
>>
>> Sounds like unnecessary work. Just use an ACL.
>
>
Michael Ströder wrote:
> On 11/19/20 5:04 PM, Howard Chu wrote:
>> Paul B. Henson wrote:
>>> In general, I believe applications listening on a specific port are either
>>> expecting the proxy protocol header, or not, I do not think it is
>>> dynamica
ad and process the proxy header to populate the
> appropriate data
> structures regarding connection, and then move on as it normally would to
> deal with the connection.
>
> If this feature is of interest, I will probably spend a little time poking at
> it and seeing ho
a2 is already obsolete, for password purposes. I see no reason to promote it.
>
> FWIW:
> slapo-noopsrch and slapo-lastbind is what I use in almost every
> installation.
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, High
s mutex init
> ITS#9182 - pcache: fix private DB init
Sounds fine, they're simple enough.
Did you also pull in the utf8bvnormalize leak patch?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
ing are being passed by both client and server (tips
> and help welcome).
Thanks for this. Would be nice to get other testers' eyes on it.
Don't spend any time on the MozNSS backend, we are removing it.
>
> Thoughts?
>
> Refs [1]:
> https://github.com/cyrusimap/cyrus-s
t leave it in the release and default it to disabled.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
e tree and left
> master only.
Sounds fine.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Pallissard, Matthew wrote:
>
>
> On 2020-03-06T17:02:14, Howard Chu wrote:
>> Howard Chu wrote:
>>> Just some initial thoughts on what a new logging daemon should do for us:
>>>
>>> The primary goal - we want to use a binary message format with as few
Ondřej Kuzník wrote:
> On Thu, Mar 05, 2020 at 04:06:42PM +0000, Howard Chu wrote:
>> Just some initial thoughts on what a new logging daemon should do for us:
>>
>> The primary goal - we want to use a binary message format with as few format
>> conversions as possibl
Howard Chu wrote:
> Just some initial thoughts on what a new logging daemon should do for us:
>
> The primary goal - we want to use a binary message format with as few format
> conversions as possible between log
> sender and log processor.
One other concern - what do we do abo
27;s a bit worrisome because of the additional
moving parts:
message catalog creator, log server, log postprocessor. There's definitely more
complexity
here, but most of it is moved out of the runtime hot path, which is the main
goal. Suggestions?
--
-- Howard Chu
CTO, Symas Corp. h
RCH attr=cn givenName sn mail aeStatus
>
> Is there any rationale for that?
Because any of DN, filter, or attrs could be too long for a single syslog
message.
On many systems the limit was 1024 characters; using a single log message
resulted
in too many truncated messages.
--
-- Ho
terms.
> NOTE: This code was changed to use the 'CC BY 4.0' license by
> permission of the author.
>
> Would the project accept a patch that makes this change?
>
> Thanks,
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
s; they prefer stability. Over the past
7+
years we've catered too much to their need for stability, resulting in many new
features
sitting only in git master, unreleased for years. This new strategy is an
attempt to
prevent new features from languishing unreleased for so long, while still
provi
ny other folks interested in gathering to do so.
Maybe even take some meeting minutes and forward here afterward.
>
> Ciao, Michael.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
> Quanah Gibson-Mount wrote:
>>
>>
>> --On Monday, December 16, 2019 11:46 PM +0100 Ondřej Kuzník
>> wrote:
>>
>>> On Mon, Dec 16, 2019 at 06:55:56PM +, Howard Chu wrote:
>>>> The dynlist overlay doesn't define the
Ondřej Kuzník wrote:
> On Wed, Dec 18, 2019 at 02:02:40AM +0000, Howard Chu wrote:
>> Ondřej Kuzník wrote:
>>> How about being able to merge identical attribute definitions whether
>>> they come from config or directly from code?
>>
>> We've got other o
; groups + old memberOf overlay and dynamic groups + dynamic memberOf
> concurrently in the deployment.
Which will work already with the code in master.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Archit
Ondřej Kuzník wrote:
> On Mon, Dec 16, 2019 at 06:55:56PM +0000, Howard Chu wrote:
>> The dynlist overlay doesn't define the memberOf attribute schema.
>> Something else needs to do that, either loading it as user-defined
>> schema, or relying on the memberof overlay
Quanah Gibson-Mount wrote:
>
>
> --On Monday, December 16, 2019 11:46 PM +0100 Ondřej Kuzník
> wrote:
>
>> On Mon, Dec 16, 2019 at 06:55:56PM +, Howard Chu wrote:
>>> The dynlist overlay doesn't define the memberOf attribute schema.
>>> Someth
g, but not sure what a better
approach would be.
Suggestions?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
>> So from an active developer's perspective, it adds steps but doesn't add
>> useful information.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Hugh McMaster wrote:
> Hi Howard,
>
> On Sun, 24 Nov 2019 at 01:59, Howard Chu wrote:
>> AFAICS it is just another moving part that breaks. It doesn't provide any
>> information.
>> To use it you have to know whether to look in the /usr configs or /usr/local
Hugh McMaster wrote:
> On Fri, 22 Nov 2019 at 21:59, Howard Chu wrote:
>> Quanah Gibson-Mount wrote:
>>> Howard, what's your opinion/thought on adding this for master/RE25? Ryan
>>> tested it and it worked for him.
>>
>> My personal opinion is that pk
ilding whatever I was working on at the time.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, November 5, 2019 8:12 PM +0000 Howard Chu
> wrote:
>
>> Ryan Tandy wrote:
>>>> ITS#9069 Do not call gnutls_global_set_mutex()
>>>
>>> Subject to hyc's approval, but I think this could go
Ryan Tandy wrote:
>> ITS#9069 Do not call gnutls_global_set_mutex()
>
> Subject to hyc's approval, but I think this could go in. It's been in Debian
> since 10.0 and Ubuntu since 19.04, no negative feedback.
OK, sounds fine then.
--
-- Howard Chu
CTO, S
different applications acting
on behalf of a given user (or service).
Any security downside to this?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ts (ITS#7705,#7800 fix ...), I
> have read both, but they haven't helped either.
If the checks in
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/back-mdb/dn2id.c;h=93fd3e387e968a1928eaa0f82211bcbc3687e777;hb=HEAD#l782
don't
find a result, then id do
turn this thread into another flame war on slapd.conf vs.
> cn=config, start another one if you really can't resist.)
>
> Again, thanks for being brave and getting this far, let us know what you
> think. This is mostly vaporware yet, giving everyone a great opportunity
> to shape the project and leave their mark - remember that without your
> help, it will take a long while before it's ready!
>
> Regards,
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
working.
>
> Hi Alexander,
>
> That would be great, thanks for the offer. :) I currently build on Windows
> using gcc under MSYS2, which doesn't seem to be an offering from MS (no
> surprise
> there). But I do see a project maintaining VC bits for OpenLDAP that perhap
> char my_hostname[HOST_NAME_MAX + 1];
> }
>
>
> In cyrus.c, we have:
>
> #ifdef HAVE_CYRUS_SASL
> ...
> #ifdef HAVE_LIMITS_H
> #include
> #endif
> ...
>
>
> in config.log, it has:
>
> #define HAVE_CYRUS_SASL 1
>
> and
>
> #define
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:54 PM +0100 Howard Chu wrote:
>> Feel free to add a note to slapd.conf(5) / slapd-config(5) about TLS
>> defaults.
I take this back. Pretty sure we've had this debate before, haven't found it in
the list archi
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:02 PM +0100 Howard Chu wrote:
>
>> As I already said: there is no reason for the syncrepl consumer and
>> back-ldap to behave identically. The manpages are correct in each case.
>
> I've never said they sho
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu wrote:
>
>>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu
>>> wrote:
>>>
>>>> The behavior is supposed to be exactly as specified in the manpages.
>>>
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu wrote:
>
>> The behavior is supposed to be exactly as specified in the manpages.
>>
>> There is no reason to expect back-ldap and syncrepl to be exactly alike;
>> they perform differ
Quanah Gibson-Mount wrote:
> --On Saturday, July 20, 2019 8:43 PM +0100 Howard Chu wrote:
>
>> As documented in slapd-ldap(5)
>>
>>> The TLS settings default to the same as the main
>>> slapd TLS settings, except for tls_reqcer
there a global place in slapd where one can configure things like CA cert
> and have it defaulted into all TLS clients? I'm not aware of one, yet it
> seems like
> an obvious thing to provide...
As documented in slapd-ldap(5)
> The TLS settings default to the s
Michael Ströder wrote:
> On 7/17/19 4:41 PM, Howard Chu wrote:
>> strace is not useful here. Pretty sure we've stated this many times before.
>
> Sorry. Indeed ltrace output is more helpful.
>
> H
llowing command which
> does not say much:
> LDAPNOINIT=1 /usr/sbin/dhcpd -T
strace is not useful here. Pretty sure we've stated this many times before.
Use ltrace in this case.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://
understanding that if the memberof overlay is responsible
> maintaining this attribute NO-USER-MODIFICATION should be added.
>
> Any objections against adding it?
>
> Ciao, Michael.
>
ISTR a few things would break when that was uncommented. Feel free to test it
out though.
--
Michael Ströder wrote:
> On 6/27/19 6:23 PM, Michael Ströder wrote:
>> On 6/27/19 6:18 PM, Howard Chu wrote:
>>> Michael Ströder wrote:
>>>> On 6/14/19 5:15 PM, Quanah Gibson-Mount wrote:
>>>>> Thanks to Ondrej, this list is a bit shorter now. :)
>
ual rules in play
are
only the sysadmin's business, not any end user's.
> I have a back-port patch for this in my own 2.4.47 packages because it
> is very useful.
>
> Ciao, Michael.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Hi
if !defined(HOST_NAME_MAX) && defined(_POSIX_HOST_NAME_MAX)
> +#define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
> +#endif
> +
> #include "ldap-int.h"
>
> #ifdef HAVE_CYRUS_SASL
>
>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
>
ckaged environment everything gets
> rebuilt anyway if OpenLDAP upgrade is pushed. But I want to make sure I
> fully understand everything and there's no issue left e.g. by
> introducing openldap.h.
>
> Ciao, Michael.
>
> [1]
> https://build.opensuse.org/package/vie
hanks,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Quanah Gibson-Mount wrote:
> --On Monday, June 17, 2019 2:23 PM +0100 Howard Chu wrote:
>
>>> The following ITSes have a patch or have been committed already.
>>> ---
>>>
>>> ITS#772
> ITS#8875 - back-mdb - fix performance problems with large DIT and many
> aliases (has patch, RE25 only)
>
> ITS#8997 - slapd-ldap - Fix segfault (Howard already wrote the patch,
> just needs to be committed)
OK.
>
> ITS#9000 - slapo-memberof - Fix group rename issu
Michael Ströder wrote:
> On 3/18/19 5:15 PM, Howard Chu wrote:
>> I noticed that OpenSSL 1.1 now has an explicit dependency on Pthreads. Which
>> means that now
>> even our "non-threaded" libldap, when built with OpenSSL, must actually be
>> linked with t
Michael Ströder wrote:
> HI!
>
> Does anybody here think it's worth to give this a try?
>
> https://developers.google.com/season-of-docs/docs/
>
> Ciao, Michael.
>
Sure, why not? At least we can submit an application. Anyone have time to
mentor?
--
--
eaded
LDAP library any more? Should we just make libldap_r become the standard
library?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1 - 100 of 1736 matches
Mail list logo
