{"id":13756841,"url":"https://github.com/erthink/ReOpenLDAP","last_synced_at":"2025-05-10T04:31:07.594Z","repository":{"id":144353217,"uuid":"28969221","full_name":"erthink/ReOpenLDAP","owner":"erthink","description":"Production-ready replacement for OpenLDAP with robust multi-master replication (MegaFon).","archived":false,"fork":false,"pushed_at":"2025-04-29T10:33:15.000Z","size":27379,"stargazers_count":254,"open_issues_count":9,"forks_count":27,"subscribers_count":30,"default_branch":"master","last_synced_at":"2025-04-29T11:34:14.508Z","etag":null,"topics":["highload","ldap","ldap-library","ldap-server","megafon","openldap","replication","telco"],"latest_commit_sha":null,"homepage":"https://opennet.ru/57753-reopenldap","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/erthink.png","metadata":{"files":{"readme":"README","changelog":"CHANGES.OpenLDAP","contributing":"CONTRIBUTING","funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-01-08T14:21:20.000Z","updated_at":"2025-04-29T10:33:23.000Z","dependencies_parsed_at":"2025-04-29T11:39:33.350Z","dependency_job_id":null,"html_url":"https://github.com/erthink/ReOpenLDAP","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erthink%2FReOpenLDAP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erthink%2FReOpenLDAP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erthink%2FReOpenLDAP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/erthink%2FReOpenLDAP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/erthink","download_url":"https://codeload.github.com/erthink/ReOpenLDAP/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253365252,"owners_count":21897180,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["highload","ldap","ldap-library","ldap-server","megafon","openldap","replication","telco"],"created_at":"2024-08-03T11:00:55.294Z","updated_at":"2025-05-10T04:31:02.584Z","avatar_url":"https://github.com/erthink.png","language":"C","funding_links":[],"categories":["LDAP Implementations"],"sub_categories":[],"readme":"\u003c!-- Required extensions: pymdownx.betterem, pymdownx.tilde, pymdownx.emoji, pymdownx.tasklist, pymdownx.superfences --\u003e\n\nReOpenLDAP\n==========\n\nProduction-ready replacement for OpenLDAP on Linux:\n\n - A lot of bug fixing and code quality improvement.\n - A number of new features, most of which deal with highload and multi-master clustering.\n - Bundled with all known contributed extensions.\n - Clean build without warnings from modern compilers.\n - But only Linux supported, e.g no Windows, Mac OS, FreeBSD, Solaris or HP-UX.\n\n[![Build Status](https://travis-ci.org/leo-yuriev/ReOpenLDAP.svg?branch=master)](https://travis-ci.org/leo-yuriev/ReOpenLDAP)[![CircleCI](https://circleci.com/gh/leo-yuriev/ReOpenLDAP/tree/master.svg?style=svg)](https://circleci.com/gh/leo-yuriev/ReOpenLDAP/tree/master)\n\n##### ReOpenLDAP is currently running in telcos across Russia:\n * Several clusters in full mesh multi-master replication topology, mostly with four nodes as a two geographically distributed pairs.\n * Up to 100 million records and up to 100 GB of data on each node.\n * Up to 10K updates and up to 25K searches per second.\n\nNo other LDAP server can provide such level of performance nowadays\ndue to replication troubles, inadequate performance or high risk of a crash.\nTherefore ReopenLDAP also known as \"TelcoLDAP\" - the telco-oriented fork of OpenLDAP.\n\n\nFeatures and Change List\n------------------------\n\nBelow is a list of main new features of ReOpenLDAP, for a description ones please see the corresponding man pages after installation, i.e. `man --manpath=CONFIGURED_PREFIX/share/man slapd.conf`.\n\nFor latest news and changes please refer to the [NEWS.md](NEWS.md) and [ChangeLog](ChangeLog).\n\nList of changes emerged from OpenLDAP project could be seen in the [CHANGES.OpenLDAP](CHANGES.OpenLDAP).\n\n#### Added features:\n * multi-master replication is working properly and robustly (it seems no other LDAP server can do this)\n * `reopenldap [iddqd] [idkfa]`\n * `quorum { [vote-sids ...] [vote-rids ...] [auto-sids] [auto-rids] [require-sids ...] [require-rids ...] [all-links] }`\n * `quorum limit-concurrent-refresh`\n * `biglock { none | local | common }`\n * storage (mdb backend): dreamcatcher \u0026 oom-handler (ITS#7974), lifo \u0026 coalesce (ITS#7958)\n * `syncprov-showstatus { none | running | all }`\n * syncrepl's `requirecheckpresent` option\n * `keepalive \u003cidle\u003e:\u003cprobes\u003e:\u003cinterval\u003e` for incoming connections\n * built-in memory checker called 'Hipagut', including ls-malloc\n * support for OpenSSL 1.1.x, Mozilla NSS, GnuTLS and LibreSSL 2.5.x\n * ready for LTO (Link-Time Optimization) by GCC and clang.\n\n\nInstallation\n------------\n\nTraditional triade `./configure --prefix=YOUR_INSTALLATION_PREFIX YOUR_OPTIONS` \u0026\u0026 `make` \u0026\u0026 `make install`. However the `configure` will absent, in case you use development or a snapshot versions,\nso you need run the `./bootstrap` to build them.\n\nFor more information please see [INSTALL](INSTALL).\n\n\n`configure`'s options\n---------------------\n\nBelow is a main configure's options, to see full list please run `./configure --help`,\nfor instance both `--libexecdir=DIR` and `--sysconfdir=DIR` are provided.\n\n```\nFine tuning of the installation directories:\n  --bindir=DIR            user executables [EPREFIX/bin]\n  --sbindir=DIR           system admin executables [EPREFIX/sbin]\n  --libexecdir=DIR        program executables [EPREFIX/libexec]\n  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]\n  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]\n  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]\n  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]\n  --libdir=DIR            object code libraries [EPREFIX/lib]\n  --includedir=DIR        C header files [PREFIX/include]\n  --oldincludedir=DIR     C header files for non-gcc [/usr/include]\n  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]\n  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]\n  --infodir=DIR           info documentation [DATAROOTDIR/info]\n    ...\n\nOptional Features:\n    ...\n  --enable-debug          enable debug logging no|yes|extra [yes]\n  --enable-ci             enable Continuous Integration stuff no|yes [no]\n  --enable-syslog         enable syslog support [auto]\n  --enable-contrib        enable extra plugins and overlays no|yes|broken [no]\n  --enable-experimental   enable experimental and developing features no|yes [no]\n  --enable-check          enable internal checking and assertions no|yes|always|default [no]\n  --enable-hipagut        enable internal memory allocation debugger no|yes|always|extra [no]\n  --enable-proctitle      enable proctitle support [yes]\n  --enable-ipv6           enable IPv6 support [auto]\n  --enable-local          enable AF_LOCAL (AF_UNIX) socket support [auto]\n  --enable-deprecated     enable deprecated interfaces of libreldap no|yes [no]\n  --enable-valgrind       Whether to enable Valgrind on the unit tests\n    ...\n\nSLAPD (Standalone LDAP Daemon) Options:\n  --enable-slapd\t  enable building slapd [yes]\n    --enable-dynacl\t  enable run-time loadable ACL support (experimental) [no]\n    --enable-aci\t  enable per-object ACIs (experimental) no|yes|mod [no]\n    --enable-cleartext\t  enable cleartext passwords [yes]\n    --enable-crypt\t  enable crypt(3) passwords [no]\n    --enable-lmpasswd\t  enable LAN Manager passwords [no]\n    --enable-spasswd\t  enable (Cyrus) SASL password verification [no]\n    --enable-modules\t  enable dynamic module support [yes]\n    --enable-rewrite\t  enable DN rewriting in back-ldap and rwm overlay [auto]\n    --enable-rlookups\t  enable reverse lookups of client hostnames [no]\n    --enable-slapi        enable SLAPI support (experimental) [no]\n    --enable-slp          enable SLPv2 support [no]\n    --enable-wrappers\t  enable tcp wrapper support [no]\n\nSLAPD Backend Options:\n    --enable-backends\t  enable all stable/non-experimental backends no|yes|mod\n    --enable-mdb\t  enable MDBX database backend no|yes|mod [yes]\n    --enable-hdb\t  enable Hierarchical Berkeley DB backend (obsolete) no|yes|mod [no]\n    --enable-bdb\t  enable Berkeley DB backend (obsolete) no|yes|mod [no]\n    --enable-dnssrv\t  enable dnssrv backend (experimental) no|yes|mod [no]\n    --enable-ldap\t  enable ldap backend no|yes|mod [no]\n    --enable-meta\t  enable metadirectory backend no|yes|mod [no]\n    --enable-monitor\t  enable monitor backend no|yes|mod [yes]\n    --enable-ndb\t  enable MySQL NDB Cluster backend (experimental) no|yes|mod [no]\n    --enable-null\t  enable null backend no|yes|mod [no]\n    --enable-passwd\t  enable passwd backend no|yes|mod [no]\n    --enable-perl\t  enable perl backend no|yes|mod [no]\n    --enable-relay  \t  enable relay backend (experimental) no|yes|mod [yes]\n    --enable-shell\t  enable shell backend no|yes|mod [no]\n    --enable-sock\t  enable sock backend no|yes|mod [no]\n    --enable-sql\t  enable SQL backend (experimental and buggy) no|yes|mod [no]\n\nSLAPD Overlay Options:\n    --enable-overlays\t  enable all available overlays no|yes|mod\n    --enable-accesslog\t  In-Directory Access Logging overlay no|yes|mod [no]\n    --enable-auditlog\t  Audit Logging overlay no|yes|mod [no]\n    --enable-autoca\t  Automatic Certificate Authority overlay no|yes|mod [no]\n    --enable-collect\t  Collect overlay no|yes|mod [no]\n    --enable-constraint\t  Attribute Constraint overlay no|yes|mod [no]\n    --enable-dds  \t  Dynamic Directory Services overlay no|yes|mod [no]\n    --enable-deref\t  Dereference overlay no|yes|mod [no]\n    --enable-dyngroup\t  Dynamic Group overlay no|yes|mod [no]\n    --enable-dynlist\t  Dynamic List overlay no|yes|mod [no]\n    --enable-memberof\t  Reverse Group Membership overlay no|yes|mod [no]\n    --enable-ppolicy\t  Password Policy overlay no|yes|mod [no]\n    --enable-pcache\t  Proxy Cache overlay no|yes|mod [no]\n    --enable-refint\t  Referential Integrity overlay no|yes|mod [no]\n    --enable-retcode\t  Return Code testing overlay no|yes|mod [no]\n    --enable-rwm       \t  Rewrite/Remap overlay no|yes|mod [no]\n    --enable-seqmod\t  Sequential Modify overlay no|yes|mod [no]\n    --enable-sssvlv\t  ServerSideSort/VLV overlay no|yes|mod [no]\n    --enable-syncprov\t  Syncrepl Provider overlay no|yes|mod [yes]\n    --enable-translucent  Translucent Proxy overlay no|yes|mod [no]\n    --enable-unique       Attribute Uniqueness overlay no|yes|mod [no]\n    --enable-valsort      Value Sorting overlay no|yes|mod [no]\n\nOptional Packages:\n    ...\n  --with-cyrus-sasl\t  with Cyrus SASL support [auto]\n  --with-gssapi\t\t  with GSSAPI support [auto]\n  --with-fetch\t\t  with fetch(3) URL support [auto]\n  --with-tls\t\t  with TLS/SSL support auto|openssl|gnutls|moznss [auto]\n  --with-yielding-select  with implicitly yielding select [auto]\n  --with-mp               with multiple precision statistics auto|longlong|long|bignum|gmp [auto]\n  --with-odbc             with specific ODBC support iodbc|unixodbc|auto [auto]\n\nSome influential environment variables:\n  ...\n  EXTRA_CFLAGS\n              Extra build-time CFLAGS, e.g. -Wall -Werror. Alternatively, ones\n              can be specified or overridden by invocation 'make\n              EXTRA_CFLAGS=\"a b c\"'\n  KRB5_CFLAGS C compiler flags for KRB5, overriding pkg-config\n  KRB5_LIBS   linker flags for KRB5, overriding pkg-config\n  HEIMDAL_CFLAGS\n              C compiler flags for HEIMDAL, overriding pkg-config\n  HEIMDAL_LIBS\n              linker flags for HEIMDAL, overriding pkg-config\n  LIBSODIUM_CFLAGS\n              C compiler flags for LIBSODIUM, overriding pkg-config\n  LIBSODIUM_LIBS\n              linker flags for LIBSODIUM, overriding pkg-config\n  UUID_CFLAGS C compiler flags for UUID, overriding pkg-config\n  UUID_LIBS   linker flags for UUID, overriding pkg-config\n  OPENSSL_CFLAGS\n              C compiler flags for OPENSSL, overriding pkg-config\n  OPENSSL_LIBS\n              linker flags for OPENSSL, overriding pkg-config\n  GNUTLS_CFLAGS\n              C compiler flags for GNUTLS, overriding pkg-config\n  GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config\n  MOZNSS_CFLAGS\n              C compiler flags for MOZNSS, overriding pkg-config\n  MOZNSS_LIBS linker flags for MOZNSS, overriding pkg-config\n```\n\n--------------------------------------------------------------------------------\n\n#### This is the mirror of origin repository that was moved to [abf.io](https://abf.io/erthink/) because of discriminatory restrictions for the Russian Crimea.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferthink%2FReOpenLDAP","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ferthink%2FReOpenLDAP","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ferthink%2FReOpenLDAP/lists"}