OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Build/7283
Full headers

From: guillomovitch@gmail.com
Subject: Usage of private headers make building out-of-tree extensions painful
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 30 May 2012 08:43:39 +0000
From: guillomovitch@gmail.com
To: openldap-its@OpenLDAP.org
Subject: Usage of private headers make building out-of-tree extensions painful
Full_Name: Guillaume Rousse
Version: any
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.93.30.10)


In order to build out of tree extensions, such as ppolicy external password
checker (http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password),
you need additional slapd headers, portable.h and slapd.h (and a bunch of
additional dependant ones), which are currently not installed, and thus
considered as private.

A request to ship those headers was refused by fedora package maintainer,
precisely for this reason:
https://bugzilla.redhat.com/show_bug.cgi?id=812860

The situation ought to be clarified, and some kind of solution found, as
maintaining a custom slapd build just to be able to benefit from this
extensability is largely overkill.

Followup 1

Download message
Date: Wed, 30 May 2012 05:33:23 -0700
From: Howard Chu <hyc@symas.com>
To: guillomovitch@gmail.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#7283) Usage of private headers make building out-of-tree
 extensions painful
guillomovitch@gmail.com wrote:
> Full_Name: Guillaume Rousse
> Version: any
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.93.30.10)
>
>
> In order to build out of tree extensions, such as ppolicy external password
> checker (http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password),
> you need additional slapd headers, portable.h and slapd.h (and a bunch of
> additional dependant ones), which are currently not installed, and thus
> considered as private.
>
> A request to ship those headers was refused by fedora package maintainer,
> precisely for this reason:
> https://bugzilla.redhat.com/show_bug.cgi?id=812860

They gave the right answer. The slap.h header is private and subject to change 
without notice.

> The situation ought to be clarified, and some kind of solution found, as
> maintaining a custom slapd build just to be able to benefit from this
> extensability is largely overkill.

Probably this should be discussed on the openldap-devel mailing list. There's 
no straightforward solution to this request.

In the case of the LTB password checker module, there's barely any need for 
slap.h; the module could easily be tweaked to avoid all references to it.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org