[2026-03-21 19:40] "Omar Polo" <[email protected]> > Philipp <[email protected]> wrote: > > Hi > > > > here we go again ;-) > > > > For the update to debian stable a friend of me has tested table-ldap. > > He reported some problems and I looked at the code and found some issues. > > > > First the reported problem was a reconnecting bug. This is fixed by error > > on saved requests. I also added tcp keepalive to avoid disconnects. > > > > Then I found some out of bounds reads. They are caused by my commit which > > tried to keep the length of strings. I have reverted this and do some > > better ownership handling for the generated requests. > > > > Also I found some double free in ldap_lookup_entry(). > > > > There was a missing break in ldap_handle_response() > > > > I have also added better error messages. > > > > I have smoketested this changes, but not yet full tested everything. > > I plan to do more tests tomorrow. Patches are attached. > > Committed the changes, they made sense to me. Overall, a nice > improvement :)
Improvement is good, I would say getting it actuall to work. If I remember correct, I have never tested my old changes. Mostly because I was buisy getting the old version to work on the mailserver for which I started all this. > I have to say though that this is probably, code-wise, the worst table > we have at the moment. It's ofter quite convoluted, I wouldn't be so harsh with the code. First of all the starting point isn't that bad as it might look. Also the bugs I found now are mostly caused by my changes to an full nonblocking implementation. When the table_proc interface change to nonblocking we need similar changes for the mysql and psql tables. With ldap it's quite simple because it's async, but for mysql and psql we need some queue and can't go with fire and wait for response. > the aldap.c part > scares me, I find aldap quite readable the ber api is a bit strange, but with a bit time it's manageble to work with. > and we're missing some features as well. Most missing features are quite simple to implement. I haven't implement it mostly because I personal don't need it and no other user has requested it. Only K_AUTH needs some more code and a bit of thinking, because you can't just fire and forget bind requests. > Not your fault, the table is just what it is and you've helped in making > it suck less, which I appreciate a lot. > > > Philipp > > > > Ps: would be nice to have a release for table-ldap > > after I have fully tested this patches. > > makes sense, let me know when you prefer and we can tag 1.1 =) I have no done some tests (also with your patch) it needs one more litle patch to have a aldap workaround for search results without attributes. I hope I find next weekend a bit time to fix the parsing bug in aldap. Patch is attached. I have a testserver running which gets a bit more tests in the next days. After that I would say it's ready to go. Philipp
0001-use-configured-ldap-attributes-for-check.patch
Description: 0001-use-configured-ldap-attributes-for-check.patch
