[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: =?utf-8?q?=5B389-users=5D?= Recent commits in stable 389ds branches - discussion
From: "Ivanov Andrey (M.)" <andrey.ivanov () polytechnique ! fr>
Date: 2021-12-03 11:29:31
Message-ID: 412478205.2148552.1638530971939.JavaMail.zimbra () zimbra ! polytechnique ! fr
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I'd like to discuss several recent (since a couple of months) commits in stable \
branches of 389ds. I will be talking about 1.4.4 [ \
https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 | \
https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4 ] since it's the one we \
are using in production, but i think it's the same for 1.4.3. These commits are \
welcome and go in the right direction, however the changes they produce are not \
something one expects when the server version changes in 4th digit (ex. 1.4.4.17 -> \
1.4.4.18). Here they are:
1) Some database files [presumable memory-mapped files that are ok to be lost at \
reboot] that were previously in /var/lib/dirsrv/slapd-instance/db/ are now moved to \
/dev/shm/slapd-instance/. This modification seems to work fine (and should increase \
performance), however there is an error message at server startup when /dev/shm is \
empty (for example, after each OS reboot) when the server needs to create the files: \
[03/Dec/2021:12:12:14.887200364 +0100] - ERR - bdb_version_write - Could not open \
file "/dev/shm/slapd-model/DBVERSION" for writing Netscape Portable Runtime -5950 \
(File not found.) After the next 389ds restart this ERR message does not appear, but \
it appears after each OS reboot (since /dev/shm is cleaned up after each reboot).
2) UNIX socket of the server was moved to /run/slapd-instance.socket, a new keyword \
in .inf file for dscreate ("ldapi") has appeared. Works fine, but it had an impact \
on our scripts that use ldapi socket path.
3) A new default plugin requirement, the plugin being written in Rust - probably its \
introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode). \
See my comment https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. \
Rust becomes a requirement for building the server, which is fine, but then it should \
be enabled by default in "./configure". Without it the server does not compile the \
new plugin and complains about it when starting: [01/Dec/2021:12:54:04.460194603 \
+0100] - ERR - symload_report_error - Could not open library \
"/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin \
PBKDF2
...
Thank you and keep up the good work, we use 389ds in production since 2007 and we are \
quite happy with it :)
Regards,
Andrey
[Attachment #5 (text/html)]
<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; \
color: #000000"><div>Hi,</div><div><br>I'd like to discuss several recent (since a \
couple of months) commits in stable branches of 389ds. I will be talking about 1.4.4 \
<a href="https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4">https://github.com/389ds/389-ds-base/tree/389-ds-base-1.4.4</a> \
since it's the one we are using in production, but i think it's the same for 1.4.3. \
These commits are welcome and go in the right direction, however the changes they \
produce are not something one expects when the server version changes in 4th digit \
(ex. 1.4.4.17 -> 1.4.4.18). Here they are:<br></div><div><br>1) Some database \
files [presumable memory-mapped files that are ok to be lost at reboot] that were \
previously in /var/lib/dirsrv/slapd-instance/db/ are now moved to \
/dev/shm/slapd-instance/. This modification seems to work fine (and should increase \
performance), however there is an error message at server startup when /dev/shm is \
empty (for example, after each OS reboot) when the server needs to create the \
files:</div><div>[03/Dec/2021:12:12:14.887200364 +0100] - ERR - bdb_version_write - \
Could not open file "/dev/shm/slapd-model/DBVERSION" for writing Netscape Portable \
Runtime -5950 (File not found.)<br></div><div>After the next 389ds restart this ERR \
message does not appear, but it appears after each OS reboot (since /dev/shm is \
cleaned up after each reboot).<br><br>2) UNIX socket of the server was moved to \
/run/slapd-instance.socket, a new keyword in .inf file for dscreate ("ldapi") has \
appeared.<br>Works fine, but it had an impact on our scripts that use ldapi socket \
path.<br><br>3) A new default plugin requirement, the plugin being written in Rust - \
probably its introduction is FIPS-related (Issue 3584 - Fix PBKDF2_SHA256 hashing in \
FIPS mode). See my comment \
https://github.com/389ds/389-ds-base/issues/5008#issuecomment-983759224. Rust becomes \
a requirement for building the server, which is fine, but then it should be enabled \
by default in "./configure". Without it the server does not compile the new plugin \
and complains about it when starting:<br>[01/Dec/2021:12:54:04.460194603 +0100] - ERR \
- symload_report_error - Could not open library \
"/Local/dirsrv/lib/dirsrv/plugins/libpwdchan-plugin.so" for plugin \
PBKDF2<br>...<br><br>Thank you and keep up the good work, we use 389ds in production \
since 2007 and we are quite happy with it :)<br><br></div><div>Regards,<br \
data-mce-bogus="1"></div><div>Andrey<br data-mce-bogus="1"></div></div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic