[Fedora-directory-devel] Please review: [Bug 436837] Dynamically reload schema via task interface
by Noriko Hosoi
Summary: Dynamically reload schema via task interface
https://bugzilla.redhat.com/show_bug.cgi?id=436837
"Dynamically reload schema via task interface" is introduced to support
these requirements:
- managing user specified schema file names instead of putting all the
user defined schema into 99user.ldif
- reloading schema from the schema files without the server downtime
------- Additional Comments From nhosoi(a)redhat.com 2008-05-30 19:49 EST -------
Created an attachment (id=307257)
--> (https://bugzilla.redhat.com/attachment.cgi?id=307257&action=view)
cvs diffs
Modified files:
ldap/servers/slapd/attrsyntax.c
ldap/servers/slapd/backend.c
ldap/servers/slapd/backend_manager.c
ldap/servers/slapd/dse.c
ldap/servers/slapd/entry.c
ldap/servers/slapd/mapping_tree.c
ldap/servers/slapd/pblock.c
ldap/servers/slapd/proto-slap.h
ldap/servers/slapd/schema.c
ldap/servers/slapd/schemaparse.c
ldap/servers/slapd/slap.h
ldap/servers/slapd/slapi-plugin.h
ldap/servers/slapd/slapi-private.h
ldap/servers/slapd/back-ldbm/init.c
ldap/ldif/template-dse.ldif.in
Makefile.am
New file:
ldap/servers/plugins/schema_reload/schema_reload.c
Description:
see http://directory.fedoraproject.org/wiki/Dynamically_Reload_Schema
In addition to the test cases in the wiki page, ran the concurrency check (test
case 6) in the wiki against the valgrind'ed server. Some memory leaks and
attribute syntax info (struct asyntaxinfo) leaks were found. The leaks are
also fixed.
15 years, 6 months
[Fedora-directory-devel] Re: Please review: LDAPI+AUTOBIND (Noriko Hosoi)
by Howard Chu
> Date: Fri, 09 May 2008 17:34:37 -0700
> From: Noriko Hosoi<nhosoi(a)redhat.com>
> Subject: [Fedora-directory-devel] Please review: LDAPI+AUTOBIND
> To: "Fedora Directory server developer discussion."
> <fedora-directory-devel(a)redhat.com>
> Message-ID:<4824ED9D.3080400(a)redhat.com>
> Content-Type: text/plain; charset="utf-8"
>
> LDAPI and AUTOBIND had been implemented some time back, but AUTOBIND did
> not have an option to enable at the configuration.
That was an intentional decision, with a lot of strong reasons behind it. You
seem to be ignoring all the discussion that went into this before.
https://www.redhat.com/archives/fedora-directory-devel/2007-February/msg0...
> The following review
> requests includes
> 1. introducing the congirutation option --enable-autobind,
> 2. cleaning up the Directory Server instance creation code to support
> AUTOBIND, and
> 3. bug fixes in the non-Linux part of slapd_get_socket_peer.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 6 months
[Fedora-directory-devel] A couple of build cleanups
by Michele Baldessari
Hi all,
I am working on packaging FDS for debian [1], and here are a couple of
changes that make sense upstream. I'm posting everything in one mail,
but should you want me to file separate issues in bugzilla let me know.
- Remove explicit softokn3 linking (it's deprecated anyway. See also #446101):
--- Makefile.am.orig 2008-05-18 13:10:27.000000000 +0200
+++ Makefile.am 2008-05-18 13:10:33.000000000 +0200
@@ -39,7 +39,7 @@
# Linker Flags
#------------------------
NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
-NSS_LINK = @nss_lib@ -lssl3 -lnss3 -lsoftokn3
+NSS_LINK = @nss_lib@ -lssl3 -lnss3
LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
DB_LINK = @db_lib@ -ldb-@db_libver@
SASL_LINK = @sasl_lib@ -lsasl2
- Expand Makefile.am CLEANFILES target with other generated files:
--- Makefile.am.orig 2008-05-18 13:10:27.000000000 +0200
+++ Makefile.am 2008-05-18 13:16:34.000000000 +0200
@@ -59,7 +59,32 @@
#------------------------
BUILT_SOURCES = dirver.h dberrstrs.h
-CLEANFILES = dirver.h dberrstrs.h ns-slapd.properties
+CLEANFILES = dirver.h dberrstrs.h ns-slapd.properties ldap/admin/src/scripts/dscreate.map \
+ ldap/admin/src/scripts/DSCreate.pm ldap/admin/src/scripts/DSMigration.pm \
+ ldap/admin/src/scripts/dsorgentries.map ldap/admin/src/scripts/migrate-ds.pl \
+ ldap/admin/src/scripts/Migration.pm ldap/admin/src/scripts/SetupDialogs.pm \
+ ldap/admin/src/scripts/setup-ds.pl ldap/admin/src/scripts/setup-ds.res \
+ ldap/admin/src/scripts/Setup.pm ldap/admin/src/scripts/template-bak2db \
+ ldap/admin/src/scripts/template-bak2db.pl ldap/admin/src/scripts/template-db2bak \
+ ldap/admin/src/scripts/template-db2bak.pl ldap/admin/src/scripts/template-db2index \
+ ldap/admin/src/scripts/template-db2index.pl ldap/admin/src/scripts/template-db2ldif \
+ ldap/admin/src/scripts/template-db2ldif.pl ldap/admin/src/scripts/template-dbverify \
+ ldap/admin/src/scripts/template-ldif2db ldap/admin/src/scripts/template-ldif2db.pl \
+ ldap/admin/src/scripts/template-ldif2ldap ldap/admin/src/scripts/template-monitor \
+ ldap/admin/src/scripts/template-ns-accountstatus.pl ldap/admin/src/scripts/template-ns-activate.pl \
+ ldap/admin/src/scripts/template-ns-inactivate.pl ldap/admin/src/scripts/template-ns-newpwpolicy.pl \
+ ldap/admin/src/scripts/template-restart-slapd ldap/admin/src/scripts/template-restoreconfig \
+ ldap/admin/src/scripts/template-saveconfig ldap/admin/src/scripts/template-start-slapd \
+ ldap/admin/src/scripts/template-stop-slapd ldap/admin/src/scripts/template-suffix2instance \
+ ldap/admin/src/scripts/template-upgradedb ldap/admin/src/scripts/template-verify-db.pl \
+ ldap/admin/src/scripts/template-vlvindex ldap/admin/src/scripts/Util.pm \
+ ldap/ldif/template-baseacis.ldif ldap/ldif/template-bitwise.ldif ldap/ldif/template-country.ldif \
+ ldap/ldif/template-dnaplugin.ldif ldap/ldif/template-domain.ldif ldap/ldif/template-dse.ldif \
+ ldap/ldif/template-ldapi-autobind.ldif ldap/ldif/template-ldapi-default.ldif \
+ ldap/ldif/template-ldapi.ldif ldap/ldif/template-locality.ldif ldap/ldif/template-org.ldif \
+ ldap/ldif/template-orgunit.ldif ldap/ldif/template-pampta.ldif ldap/ldif/template-sasl.ldif \
+ ldap/ldif/template-state.ldif ldap/ldif/template-suffix-db.ldif
+
dirver.h: Makefile
perl $(srcdir)/dirver.pl -v "$(VERSION)" -o dirver.h
regards,
Michele
[1] http://lists.alioth.debian.org/pipermail/pkg-fedora-ds-maintainers/2008-A...
15 years, 6 months
[Fedora-directory-devel] BIND control using ACI feature request
by C.S.R.C.Murthy
Dear sir,
The ACI in fedora directory server can be used to control only
search/read/write operations but not BIND operation. This limitation
leads to certain deficiencies as below,
Suppose for an application that is using ldap for authentication
verification, we want to specify that uids belonging to certain group
can only authenticate but not the entire spectrum of uids, there is no
way to code it in ACI. This is because the application can simply do a
BIND operation with UID belonging to any group and corresponding
password and gets authenticated. So even though I make groups Iam unable
to enforce authentication control.
May I request you to provide BIND control using ACI in future directory
server release.
regards
murthy
15 years, 6 months
[Fedora-directory-devel] Please review: LDAPI+AUTOBIND
by Noriko Hosoi
LDAPI and AUTOBIND had been implemented some time back, but AUTOBIND did
not have an option to enable at the configuration. The following review
requests includes
1. introducing the congirutation option --enable-autobind,
2. cleaning up the Directory Server instance creation code to support
AUTOBIND, and
3. bug fixes in the non-Linux part of slapd_get_socket_peer.
Also, I added a memo for LDAPI and AutoBind on the fedora project wiki:
http://directory.fedoraproject.org/wiki/LDAPI_and_AutoBind
Thanks,
--noriko
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Summary: LDAPI: introduce --enable-autobind to support AUTOBIND
https://bugzilla.redhat.com/show_bug.cgi?id=436388
------- Additional Comments From nhosoi(a)redhat.com 2008-05-09 18:35 EST -------
Created an attachment (id=304990)
--> (https://bugzilla.redhat.com/attachment.cgi?id=304990&action=view)
cvs diff configure.ac Makefile.am
Files:
ldapserver/configure.ac
ldapserver/Makefile.am
Description: introduced --enable-autobind
By default, autobind is off.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Summary: LDAPI: cleaning up template-ldapi*.ldif files
https://bugzilla.redhat.com/show_bug.cgi?id=436400
------- Additional Comments From nhosoi(a)redhat.com 2008-05-09 18:52 EST -------
Created an attachment (id=304993)
--> (https://bugzilla.redhat.com/attachment.cgi?id=304993&action=view)
cvs diff template-ldapi-default.ldif.in DSCreate.pm.in
Files:
ldap/ldif/template-ldapi-default.ldif.in
ldap/admin/src/scripts/DSCreate.pm.in
Description:
LDAPI itself requires these 2 configuration parameters.
nsslapd-ldapifilepath: /var/run/slapd-<ID>.socket
nsslapd-ldapilisten: on
The rest is needed only when autobind is enabled.
Modified DSCreate to generate the following parameters when the DS is
configured with --enable-autobind.
nsslapd-ldapiautobind: off
nsslapd-ldapimaprootdn: cn=Directory Manager
nsslapd-ldapimaptoentries: off
nsslapd-ldapiuidnumbertype: uidNumber
nsslapd-ldapigidnumbertype: gidNumber
nsslapd-ldapientrysearchbase: <your_suffix>
nsslapd-ldapiautodnsuffix: cn=peercred,cn=external,cn=auth
Fixed nsslapd-ldapientrysearchbase value to set the server's suffix (instead of
hardcoded dc=example,dc=com).
template-ldapi-default.ldif.in seems not used. But to reduce the confusion, I
updated the file, as well, for the future use.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Summary: LDAPI: enable all the platform supports for slapd_get_socket_peer and test them
https://bugzilla.redhat.com/show_bug.cgi?id=436390
------- Additional Comments From nhosoi(a)redhat.com 2008-05-09 19:52 EST -------
Created an attachment (id=304994)
--> (https://bugzilla.redhat.com/attachment.cgi?id=304994&action=view)
cvs diff slap.h getsocketpeer.c daemon.c
Files:
ldap/servers/slapd/slap.h
/getsocketpeer.c
/daemon.c
Description:
Debugged the basic code of slapd_get_socket_peer, which is used for Solaris9
and HP-UX. The recvmsg call returns an error immediately if no data is waiting
to be received since the socket is set PR_SockOpt_Nonblocking (O_NONBLOCK). To
make slapd_get_socket_peer more robust, we have to retry recvmsg if it returns
EAGAIN. But set a retry count not to hang there.
Also introduced c_local_valid in the Connection handle to tell the autobind
code that the uid/gid pair is valid or not.
15 years, 6 months
