openldap-bugs February 2022

openldap-bugs@openldap.org

1 participants
102 discussions

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 19 Feb '22

19 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #10 from Michael Ströder <michael(a)stroeder.com> --- Is the key hash calculated over the raw public key? In which representation? Why not use the TLS server cert's finger-print? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 19 Feb '22

19 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #9 from Michael Ströder <michael(a)stroeder.com> --- (In reply to Michael Ströder from comment #8) > What are valid values or is the format of the <hashalg> field? It seems crypto(7) should be referenced by ldap_set_option(3) in case of OpenSSL? https://www.openssl.org/docs/manmaster/man7/crypto.html -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 19 Feb '22

19 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #8 from Michael Ströder <michael(a)stroeder.com> --- What are valid values or is the format of the <hashalg> field? -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9502] New: Implement TCP_USER_TIMEOUT in meta and asyncmeta
by openldap-its＠openldap.org 18 Feb '22

18 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=9502 Issue ID: 9502 Summary: Implement TCP_USER_TIMEOUT in meta and asyncmeta Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: nivanova(a)symas.com Target Milestone: --- Implement TCP_USER_TIMEOUT as an option to libldap and as a configuration option in back-meta and back-asyncmeta -- You are receiving this mail because: You are on the CC list for the issue.

1 9

[Bug 9189] New: Add GSSAPI channel-bindings support
by openldap-its＠openldap.org 18 Feb '22

18 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=9189 Bug ID: 9189 Summary: Add GSSAPI channel-bindings support Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: iboukris(a)gmail.com Target Milestone: --- Recently MS has announce they plan to enforce channel-bindings for LDAP over TLS (ADV190023). To support it on client side, we need to pass "tls-endpoint" bindings (RFC 5929) to the SASL plugin, and make use of that in GSSAPI. See also: https://github.com/cyrusimap/cyrus-sasl/pull/601 -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 18 Feb '22

18 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE25: • 680affe6 by Ondřej Kuzník at 2022-02-18T23:20:09+00:00 ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 18 Feb '22

18 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- RE26: • 394f6ad5 by Ondřej Kuzník at 2022-02-18T23:18:31+00:00 ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8753] Public key pinning support in libldap
by openldap-its＠openldap.org 18 Feb '22

18 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=8753 --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- head: • a2a2ebba by Ondřej Kuzník at 2022-02-14T20:32:29+00:00 ITS#8753 Document LDAP_OPT_X_TLS_PEERKEY_HASH -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9797] New: userPrincipalName doesn't work with OpenLDAP
by openldap-its＠openldap.org 06 Feb '22

06 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=9797 Issue ID: 9797 Summary: userPrincipalName doesn't work with OpenLDAP Product: OpenLDAP Version: 2.6.0 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: akshay.polji(a)gmail.com Target Milestone: --- Recently I was trying to perform a POC that included the Hashicorp vault. I tried to configure Hashicorp Vault LDAP login using OpenLDAP. However, I failed to do so as the Hashicorp vault was trying to query the OpenLDAP with filter="(?userPrincipalName=test1(a)example.com)" I got the query o/p as conn=1146 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= onn=1146 fd=12 closed (connection lost) Even though the ldapsearch worked for the same user. The problem seems to be the fact that OpenLDAP doesn't support "userPrincipalName" as the attribute. Wanted to understand if 'userPrincipalName' could be added? -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9000] memberOf value is lost when group DN is modified with only case change
by openldap-its＠openldap.org 04 Feb '22

04 Feb '22

https://bugs.openldap.org/show_bug.cgi?id=9000 --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to sebastien.chaumat from comment #7) > This bug is still present in 2.4.49 (ubuntu). The OpenLDAP 2.4 series is historic and out of support. The memberof overlay is deprecated in OpenLDAP 2.5 and later and the dynlist overlay should be used to provide memberOf support. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs February 2022