https://bugs.openldap.org/show_bug.cgi?id=7335
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|2.6.2 |2.7.0
Assignee|hyc(a)openldap.org |bugs(a)openldap.org
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9256
Bug ID: 9256
Summary: The ACLs required for SASL binding are not fully
documented
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: kop(a)karlpinc.com
Target Milestone: ---
Created attachment 727
--> https://bugs.openldap.org/attachment.cgi?id=727&action=edit
Patch massaging the SASL binding requirement docs
While some ACL requirements for SASL binding are documented, some are not.
E.g, that olcAuthzRegexp requires =x on objectClass when direct DN mapping is
not documented. Other requirements can be reasoned out based on the existing
documentation, but this can be very difficult when unfamiliar with all the
moving parts and the places they are documented. E.g. knowing that
(objectClass=*) is the default filter, and that there's _always_ _some_ filter,
and connecting this with ACLs required to do search-based SASL mapping.
The attached patch brings all the SASL binding requirements together in one
place in the docs and makes everything explicit. The word "SASL" is included,
for those searching for that keyword.
I, Karl O. Pinc, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugs.openldap.org/show_bug.cgi?id=9731
Issue ID: 9731
Summary: startup messages still go to syslog when logfile-only
is on
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
When setting logfile-only on, slapd still logs its startup message to syslog:
Oct 29 21:07:47 u18test slapd[18534]: @(#) $OpenLDAP: slapd 2.6.0 (Oct 29 2021
05:12:17) $#012#011openldap
This is useful information to have consolidated into the specified logfile.
Note that:
617c62a3.16f03fdb 0x7f9325ed67c0 slapd starting
does make it to the logfile. However, it would be useful to have the build
date and version in the specified logfile.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=6097
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|2.6.2 |2.7.0
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8255
Quanah Gibson-Mount <quanah(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|IN_PROGRESS |RESOLVED
--- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
RE26:
• 59605f9f
by Ondřej Kuzník at 2022-02-28T17:36:11+00:00
ITS#8255 Clarify "sockresps result" behaviour
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8255
--- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> ---
head:
73e882c8
by Ondřej Kuzník at 2022-02-24T15:32:36+00:00
ITS#8255 Clarify "sockresps result" behaviour
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8753
--- Comment #14 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Mon, Feb 21, 2022 at 10:46:12AM +0000, openldap-its(a)openldap.org wrote:
> => The correct values for hashalgo should be described in the man-page.
Since this depends entirely on the crypto library at runtime, not sure
how we could do any better than saying "it depends", which is what I did
in that linked commit, now at
https://git.openldap.org/openldap/openldap/-/merge_requests/499
Can you suggest an alternate wording you think explains it better?
Thanks,
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8753
--- Comment #13 from Michael Ströder <michael(a)stroeder.com> ---
On 2/21/22 11:40, openldap-its(a)openldap.org wrote:
> See the (commented) lines in the test:
> https://code.stroeder.com/pymod/python-ldap0/src/branch/main/tests/test_lda…
Ok, I've looked into the tests for TLS_PEERKEY_HASHALG to make it work.
=> The correct values for hashalgo should be described in the man-page.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=8753
--- Comment #12 from Michael Ströder <michael(a)stroeder.com> ---
(In reply to Ondřej Kuzník from comment #11)
> It should be analogous to HTTP Public Key Pinning, that's why it's
> working with keys, not certificates.
Ah, ok.
For python-ldap0 tests I've used for generation the SHA-256 hash:
openssl rsa -in tests/tls/localhost.key -outform der -pubout | openssl dgst
-sha256 -binary | openssl enc -base64
But it does not work (with libldap 2.6.1):
ldap0.CONNECT_ERROR: {'result': -11, 'desc': b'Connect error', 'ctrls': [],
'info': b'error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed (self signed
certificate in certificate chain)'}
See the (commented) lines in the test:
https://code.stroeder.com/pymod/python-ldap0/src/branch/main/tests/test_lda…
Assuming I got this right:
https://code.stroeder.com/pymod/python-ldap0/commit/1ec4ad7ada7388835d5df8c…
--
You are receiving this mail because:
You are on the CC list for the issue.