[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: OpenLDAP 2.1.15 released

A couple comments on this release...

re: slurpd on Win NT - this has been minimally working with MinGW since
OpenLDAP 2.1.3. In 2.1.15, support was added to run slurpd as a Windows
service, instead of just as a command-line executable.

re: liblutil getpeereid - this is the code responsible for sending/getting
Unix credentials across a Unix domain socket. In 4.4 BSD-derived systems
(e.g. FreeBSD, recent Linux) there are explicit system calls for this
purpose. The liblutil code is known to work on FreeBSD, Linux, and Solaris 8.
It's known *not* to work on AIX 4.2, MacOS-X, and Windows. There are probably
others that it does not support. For these unsupported platforms, you cannot
use SASL/EXTERNAL over ldapi sessions. Support for AIX and MacOS-X may appear
at a later date.

re: libldap IPv6 SASL host bug - if you use IPv6, you need to manually enable
this bug fix. The code is complete but the configure test to enable it is
not. It seems not very many people are using IPv6 yet, so this probably
doesn't affect you. But if it does, the easy fix is to manually enable the
new code by adding "#define HAVE_GETNAMEINFO 1" to include/portable.h after
configure finishes. (Only if your system actually provides the getnameinfo()
function; otherwise don't do this.)

Summary of recent operational changes:

In 2.1.6 the support for "suffixaliases" in slapd was disabled. The whole
premise was wrong, and there are other cleaner ways to redirect requests at
different targets into a single database. (Referrals, back-ldap, etc.)

In 2.1.13 the suffixalias code was deleted. Also the libldap caching code was
deleted. The client-side caching had been unsupported for a very long time
and was never going to make it out of "experimental" status.

Also in 2.1.13, new checks were added to slapd to require that the naming
attributes in an entry's DN existed in the body of the entry. This has been
required by X.500 since day 1, but most LDAP servers ignored this
requirement. slapd now enforces it when adding or modifying an entry. Note
that if you installed a recent slapd over an existing database from an
earlier release, it's possible that your database already contains illegal
entries that do not conform to this requirement. These entries will work fine
for searches, but the next time you attempt to modify one, it will trigger
the schema check and cause the modify to fail, even though the mod request
didn't touch any attributes relevant to the DN or RDN.

As you know, the slapadd tool does minimal error checking on its input. In
particular, it allows you to add a file in fairly random order - you can add
a child entry before adding its parent entry, and everything works.
Unfortunately, this random order can have a bad effect on back-bdb's
performance. In 2.1.13, back-bdb's slapadd support was changed to internally
sort the added entries to insure that a parent always gets created before any
of its children. slapadd also allowed you to add a file with child entries
without any parent entry at all. This would cause internal errors when slapd
ran. In 2.1.14 this condition is detected and slapadd will exit with an error
instead of accepting it silently.

In 2.1.14, support for LDAP over UDP was fixed to conform to RFC 1798. This
is an obsolete spec, and the corresponding spec for LDAPv3 has never gotten
anywhere. Use of this feature is not recommended. All the UDP code in
releases up to this point is broken wrt the RFC, and the behavior in 2.1.14
is not compatible with older releases.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-announce@OpenLDAP.org
[mailto:owner-openldap-announce@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga

OpenLDAP 2.1.15 is now available for download as detailed on
our download page:

and should soon be available on all official mirrors:

This is a maintenance release and is made available for
general use.  Users of OpenLDAP 2.1 are encouraged
to upgrade at their convenience.

Enjoy!  Kurt

OpenLDAP 2.1.15 Release
    Fixed slapd saslauthz null backend crash
    Fixed libldap IPv6 SASL host bug (ITS#2347)
    Fixed liblber 64bit len/tag bug (ITS#2344)
    Fixed liblutil getpeereid replacement function (ITS#2333)
    Fixed slapd illegal schema crash (ITS#2342)
    Updated slaptools default backend (ITS#2343)
    Updated liblber ber_get_stringbv handling
    Removed lint
    Build Environment
        Updated NT build environment w/ slurpd support
        Updated test suite
        Misc man page updates

MD5 (openldap-2.1.15.tgz) = 9ee10af6c3889c74306483521029b9a1