https://bugs.openldap.org/show_bug.cgi?id=6949
--- Comment #7 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
It seems this is limited to slapd main.c so a standalone lloadd keeps the
original logging configuration/code/format. Maybe the logging code could move
to a separate file so it can be shared between the two.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9655
Issue ID: 9655
Summary: Expose the SNI hostname to olcAccess
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: dpa-openldap(a)aegee.org
Target Milestone: ---
Since OpenLDAP now supports SNI, it apparently knows to which Host the client
has connected, when the server is reachable under many names.
• Expose the negotiated hostname to oclAccess and provide example how to limit
the namingContext on the root DSE based on the requested host
Rationale: HTTP servers offer the concept of virtual domains, where they serve
different content behind the same IP, based on the Host: header. I want to
offer public, anonymous LDAP access, but the returned results shall be
completely different, and depend on the contacted host. The statements in the
<WHO> field peername=<peername>, sockname=<sockname>, domain=<domain>, and
sockurl=<sockurl> are evaluated only based on the contacting system (do not
depend on the requested domain). (Maybe the “contacting sockurl” can do this,
but this is not very clear from the documentation). So they serve similar
purpose, but ignore SNI.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9654
Issue ID: 9654
Summary: Allow using both Elliptic curves and RSA certificate
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: dpa-openldap(a)aegee.org
Target Milestone: ---
sendmail and Cyrus IMAP allow to set two TLS server certificates -one RSA and
EC. When the client supports Elliptic curves, the smaller EC certificate is
used. Likewise it accepts two private keys, in case the private key is not
included in the certificate file. In sendmail and Cyrus IMAP, two certificates
are set in the same directive, separated with comma:
define(`confSERVER_CERT', `/etc/zzz/fullchain.pem,/etc/zzz/fullchain_ec.pem')
define(`confSERVER_KEY', `/etc/zzz/privkey.pem,/etc/zzz/privkey_ec.pem')
In Cyrus IMAP the code dealing with this for OpenSSL is at
https://github.com/cyrusimap/cyrus-imapd/blob/master/imap/tls.c#L453 : cf1/kf1
is the fist public/private key, cf2/kf2 are the second.
In sendmail the code is in sendmail/tls.c:inittls() - it calls
SSL_CTX_use_PrivateKey_file twice - once with keyfile and once with kf2
(keyfile 2).
• Extend OpenLDAP to accept several certificates (RSA/EC) - either per
permitting several (comma separated) values in
olcTLSCertificateFile/olcTLSCertificateKeyFile , or by allowing several
occurrences of the property.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9587
Issue ID: 9587
Summary: Admin guide: Need example partial replication
configuration
Product: OpenLDAP
Version: 2.5.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
The admin guide states:
Syncrepl supports partial, sparse, and fractional replications
but there are no example configurations for partial replication to draw from.
This needs to be added to the guide.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9156
--- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
Commits:
• c4d399c2
by Quanah Gibson-Mount at 2021-08-26T15:43:24+00:00
ITS#9156 - Remove ppolicy.schema from README
Also remove nadf.schema, that got removed some time long ago
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8862
--- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
(In reply to Quanah Gibson-Mount from comment #6)
> (In reply to dpa-openldap(a)aegee.org from comment #5)
> > For me “as large a value as possible…” sounds without “a” better.
>
> Then it would no longer be grammatically correct.
>
> "as large a value as possible" is correct.
An alternative way to phrase it would be
"as large of a value as possible", but both are correct statements.
"as large value as possible" is not a correct statement in any form in this
context.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8862
--- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
(In reply to dpa-openldap(a)aegee.org from comment #5)
> For me “as large a value as possible…” sounds without “a” better.
Then it would no longer be grammatically correct.
"as large a value as possible" is correct.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8862
--- Comment #5 from dpa-openldap(a)aegee.org <dpa-openldap(a)aegee.org> ---
For me “as large a value as possible…” sounds without “a” better.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8862
--- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
(In reply to dpa-openldap(a)aegee.org from comment #3)
> How about this sentence:
>
> > It is important to set this to as large a value as possible…
What about it? It's a correct statement.
--
You are receiving this mail because:
You are on the CC list for the issue.