[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4574) require none doesn't work

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4574) require none doesn't work
From: ando@sys-net.it
Date: Sat, 3 Jun 2006 14:26:38 GMT

On Fri, 2006-06-02 at 20:17 +0000, quanah@stanford.edu wrote:
> 
> --On Friday, June 02, 2006 7:19 PM +0000 quanah@stanford.edu wrote:
> 
> > However, if you set require to "none", which it says is possible in the
> > last sentence there, slapd fails to start with the following error:
> >
> > line 37 (require none)
> > /usr/local/etc/openldap/slapd.conf: line 37: <require> unknown feature
> > none slapd destroy: freeing system resources.
> > slapd stopped.
> > connections_destroy: nothing to destroy.
> 
> 
> It looks like the problem code is here, in bconfig.c:
> 
> static int
> config_requires(ConfigArgs *c) {
>         slap_mask_t requires = 0;
>         int i;
>         slap_verbmasks requires_ops[] = {
>                 { BER_BVC("bind"),              SLAP_REQUIRE_BIND },
>                 { BER_BVC("LDAPv3"),            SLAP_REQUIRE_LDAP_V3 },
>                 { BER_BVC("authc"),             SLAP_REQUIRE_AUTHC },
>                 { BER_BVC("sasl"),              SLAP_REQUIRE_SASL },
>                 { BER_BVC("strong"),            SLAP_REQUIRE_STRONG },
>                 { BER_BVNULL, 0 }
>         };
> 
> 
> It is definitely missing "none" as an option.

"none" needs special handling.  config_requires() uses verbs_to_mask(),
which ORs mask items, while the use of "none" in "requires", according
to the man page, consists in resetting bits already present in the mask.
If we agree that verbs_to_mask() should:

- OR the selected bit if != 0
- clear out all mask if == 0

then the fix is trivial in input, provided we place the 0-valued case
first in the array of choices.  However, the EMIT case will be a bit
more complicated.  Currently, if the mask is zero, it is simply skipped,
while, according to slapd.conf, "none" should actually clear out any
value in the mask.  The current code will not emit any olcRequires value
instead of a single "olcRequires: none" for those databases that have
"requires" explicitly set to "none".  I can fix this behavior by
changing "verbs_to_mask() and mask_to_verbs(), but I fear this could
break the behavior of other config stuff that relies on the current
behavior of those functions.

p.

Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Prev by Date: (ITS#4577) Berkley db version incompatible - while installing open ldap 2.3
Next by Date: Re: (ITS#4574) require none doesn't work
Index(es):
- Chronological
- Thread