openldap-bugs September 2020

openldap-bugs@openldap.org

4 participants
300 discussions

[Issue 8610] ldaps not usable with DNS SRV
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8610 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |--- -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8498] slapadd complains about missing attrs
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8498 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8476] slapo-constraint: info per constraint_attribute
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8476 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8341] Matching rules for 'namingContexts'
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8341 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/173 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8747] LDAP load balancer daemon (lloadd)
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8747 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |blocker -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5813] limits with empty dn mostly do not work
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=5813 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- hallvard(a)OpenLDAP.org writes: > limits.c 1.83 -> 1.84 > More ITS#5734: Handle empty o_req_ndn. (...) This gets somewhat inconsistent: dn.this.<subtree or exact>="" now matches target DN "". However, to preserve backwards compatibility, dn.<subtree or exact>="" does not match anonymous binding. OTOH, limits dn.<anything>=* becomes limits *, again preserving backwards compatibility. However dn.<onelevel or children>=* should not match empty target DN/anonymous connections. Should we leave it as it is? Or change the old behavior? And if so, does an anonymous connection have a DN so it should match "", or not? Or we could make them errors to avoid admins seeing unexpected behavior for a config which slapd accepts. These cases seem fairly useless, but could arise from something like an auto-generated config files when the admin inputs suffix "". -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5813] limits with empty dn mostly do not work
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=5813 --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Putting email discussion in for posterity: Hallvard B Furuseth wrote: hallvard(a)OpenLDAP.org writes: limits.c 1.83 -> 1.84 More ITS#5734: Handle empty o_req_ndn. (...) This gets somewhat inconsistent: dn.this.<subtree or exact>="" now matches target DN "". However, to preserve backwards compatibility, dn.<subtree or exact>="" does not match anonymous binding. OTOH, limits dn.<anything>=* becomes limits *, again preserving backwards compatibility. However dn.<onelevel or children>=* should not match empty target DN/anonymous connections. Should we leave it as it is? Or change the old behavior? And if so, does an anonymous connection have a DN so it should match "", or not? "" is a valid DN, but not a valid entry name (AFAIK). That's why we use it for anonymous. ACLs and limits use the notion of DN to indicate two different things: the target and the user. Of course, although "" is a valid target, it is not a valid user (or, it indicates the empty user, and thus anonymous). I'm not sure I entirely got the point and whether this helps or not, but the semantics should be clear. Or we could make them errors to avoid admins seeing unexpected behavior for a config which slapd accepts. These cases seem fairly useless, but could arise from something like an auto-generated config files when the admin inputs suffix "". In any case, I'd prefer the original behavior be preserved as much as possible, and I'd prefer to avoid introducing pitfalls that easily trick admins (and wannabe admins) in persevering making the same errors over and over. p. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5813] limits with empty dn mostly do not work
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=5813 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 5813] limits with empty dn mostly do not work
by openldap-its＠openldap.org 22 Sep '20

22 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=5813 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |--- Keywords|OL_2_5_REQ | Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #2 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Invalid, binding as a zero length DN is anonymous -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 21 Sep '20

21 Sep '20

https://bugs.openldap.org/show_bug.cgi?id=8485 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.6.0 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs September 2020