- openldap-bugs - openldap.org

[Bug 8528] Incorrect results on replace op for olcAccess
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8528 --- Comment #4 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #3) > Not saying it's a bad idea, but the interactions with a delete mod might be > a little confusing: Well, that's why I limited the scope of this bug purely to replace ops where the entire structure is getting replaced. For add/delete, it must not re-order anything. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9182] slapd crash with invalid pcache config
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9182 --- Comment #9 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit 2d87a1c7b5417223de888d9dec1cd93f1aefdf06 Author: Howard Chu <hyc(a)openldap.org> Date: Wed Mar 11 19:17:10 2020 +0000 ITS#9182 pcache: fix private DB init -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8639] Remove support for LANMAN
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8639 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- commit d34d2c39457ac1d8b1896c17611e247f87abba55 Author: Ryan Tandy <ryan(a)nardis.ca> Date: Fri Feb 28 13:18:48 2020 -0800 ITS#8639 Delete LM hash support from smbk5pwd commit 0de74408f2f33e252a71aa9dd39b71fb8b888dd1 Author: Ryan Tandy <ryan(a)nardis.ca> Date: Fri Feb 28 12:13:50 2020 -0800 ITS#8639 Regenerate configure and portable.hin commit 6f5cc45f93c8c4f15b258c63db3d5da8995a4904 Author: Andrew Lawrence <andrew.lawrence(a)siemens.com> Date: Fri Feb 9 23:32:28 2018 +0000 ITS#8639 remove LANMAN hashed passwords -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6035] slapd requires restart after modifying olcAuthzRegexp
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6035 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Keywords|has_patch, IPR_OK, | |OL_2_5_REQ, | |openldap-scratch | Status|IN_PROGRESS |RESOLVED --- Comment #10 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 822ed8c1 by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 saslauthz cleanups (no functional change) - give authid-rewrite's argument a name - tidy saslauthz.c whitespace (mixed spaces/tabs) - always declare slap_sasl_regexp_destroy: fixes an implicit declaration warning when configured without librewrite - delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this code is never compiled - make slap_sasl_regexp_rewrite_config static - omit sasl_regexp unused fields when built with librewrite • c4db9061 by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 olcAuthzRegexp insert/delete support • 1d562a7a by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 olcAuthIDRewrite insert/delete support • 2b01b8dd by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 Create test script -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9086] Add debug logging for GnuTLS configuration errors
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9086 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED --- Comment #3 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 7732cb27 by Ryan Tandy at 2020-04-02T15:52:31+00:00 ITS#9086 Add debug logging for more GnuTLS errors -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9046] slapo-constraint: Regex Constraint Overlay Error
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9046 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8935] slapo-ppolicy requires rewrite
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8935 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8935] slapo-ppolicy requires rewrite
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8935 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Keywords|OL_2_5_REQ | Status|UNCONFIRMED |RESOLVED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** This bug has been marked as a duplicate of bug 9156 *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9156] latest ppolicy draft support
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9156 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |quanah(a)openldap.org --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- *** Bug 8935 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7738] RFE slapo-constraint: List non-unique attrs in diagnostic message
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7738 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6084] ppolicy should allow scheduled password expiration
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6084 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8628] man pages & Makefile updates for contrib
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8628 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST Keywords|OL_2_5_REQ | --- Comment #18 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 52fad51d by Peter Marschall at 2020-04-01T22:29:10+00:00 ITS#8628 - contrib/passwd/pbkdf2: new Makefile variables SSL_LIB & SSL_INC -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 6084] ppolicy should allow scheduled password expiration
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=6084 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |DUPLICATE --- Comment #7 from Ondřej Kuzník <ondra(a)mistotebe.net> --- ppolicy draft 10 has a way to set a password validity and is implemented now. *** This bug has been marked as a duplicate of bug 9156 *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9156] latest ppolicy draft support
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9156 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |guillomovitch(a)gmail.com --- Comment #6 from Ondřej Kuzník <ondra(a)mistotebe.net> --- *** Bug 6084 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7738] RFE slapo-constraint: List non-unique attrs in diagnostic message
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7738 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- *** This bug has been marked as a duplicate of bug 8866 *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8866] RFE: slapo-constraint to return filter used in diagnostic message
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8866 --- Comment #14 from Ondřej Kuzník <ondra(a)mistotebe.net> --- *** Bug 7738 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9046] slapo-constraint: Regex Constraint Overlay Error
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9046 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #1 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Hi, if you want to enforce any kind of policy on passwords, the constraint overlay is not the one you want to use: passwords might be hashed along the way (as seen in response to PASSMOD extended operation). Have a look at ppolicy and its password checking modules for this. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8935] slapo-ppolicy requires rewrite
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8935 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9156 --- Comment #6 from Ondřej Kuzník <ondra(a)mistotebe.net> --- In master, ppolicy now carries the schema internally. We still need to document the upgrade procedure for 2.5. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9156] latest ppolicy draft support
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9156 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8935 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9098 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.4.50 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9098] assert fails in meta_back_search in some cases after reconnect
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

1 0

[Bug 8628] man pages & Makefile updates for contrib
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8628 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |quanah(a)openldap.org Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS --- Comment #17 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/19 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9057] Makefile:291: recipe for target 'mdb-yes' failed
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9057 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | Status|RESOLVED |VERIFIED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8837] fix pw-pbkdf2 manpage name to get it installed
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8837 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8456] slapacl segfaults with mdb if object does not exists
by openldap-its＠openldap.org 02 Apr '20

02 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8456 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Keywords|OL_2_5_REQ | -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8376] Use getaddrinfo to resolve FQDN
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8376 --- Comment #14 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Hello Christian, 2 issues have been found with your proposed patch. See comment#13 for the first issue, and https://git.openldap.org/openldap/openldap/-/merge_requests/14#note_58 for the second issue. Regards, Quanah -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8511 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs(a)openldap.org |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8511 --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- https://git.openldap.org/openldap/openldap/-/merge_requests/18 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8511 --- Comment #6 from Quanah Gibson-Mount <quanah(a)openldap.org> --- (In reply to Ondřej Kuzník from comment #5) > Can't see the patch anywhere, could you create a merge request for this? Yeah, I need to rebase it. ;) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9196] New: Problem using ldapsearch across forests with trust
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9196 Bug ID: 9196 Summary: Problem using ldapsearch across forests with trust Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: client tools Assignee: bugs(a)openldap.org Reporter: kleber.s.carvalho(a)avanade.com Target Milestone: --- Created attachment 695 --> https://bugs.openldap.org/attachment.cgi?id=695&action=edit Problem using ldapsearch across forests with trust Hello, We are in a project where the client has an application developed in Java that has a library developed by the client himself that uses the openldap tool to authenticate users that exist in the minca.com domain. However, this company is undergoing a drastic business change and this minca.com domain that belongs only in one forest must have a one-way trust relationship with another forest called klabs.com and its respective domains children (subtree), the general drawing can be checked in the file 1_forest_trust.pdf. The trust relationship between the two forests was successfully carried out as can be seen in the files 2_trust_minca.JPG and 3_trust_klabs.JPG A user named minca was created in the minca.com domain, that is, minca(a)minca.com according to files 4_mincauser_1.JPG and 4_mincauser_2.JPG (to observe the SID). Meanwhile, in the domain child.klabs.com, the group CHILDADMINS was created and the user minca from the forest minca.com was successfully added according to file 5_childadminsgroup.JPG. First, we performed a valid test by performing authentication and a simple query directly to the minca.com domain, with the command: ldapsearch -H 'LDAP: //minca.com: 3268' -D 'cn = Administrator, cn = users, dc = minca, dc = with' -w Avanade @ 2020! -b 'cn = users, dc = minca, dc = com' According to the 6_openldap_direct_sucess.JPG file, it is possible to observe that the result became what was expected. However, when performing this procedure and authenticating the user minca(a)minca.com in the child.klabs.com domain using the ldapsearch tool, the result was an error according to file 7_openldaperror_indirectaccess.JPG stating invalid credentials In addition, searching the internet, we verified that the LDAP call should be LDAP: //child.klabs.com/dc=minca,dc=com, however, ldapsearch returned PARSE LDAP URI (s) error, as per file 8_openldaperror_parse.JPG. However, a .net application was created to perform this same function and it worked, as per file 9_dotNetApp_success.JPG After that, we tried to understand if the openldap tool would be able to perform the same action on the same tree (subtree) and we obtained the expected success result according to the file 10_openldap_subtree_success.JPG So, we tried to list the members of the CHILDADMINS group that are in the child.klabs.com domain and have as a member a user from the minca.com forest, using the command: ldapsearch -H 'LDAP: //child.klabs.com: 3268' -D 'cn = Administrator, cn = users, dc = child, dc = klabs, dc = with' -w Avanade @ 2020! -b 'cn = CHILDADMINS, cn = users, dc = child, dc = klabs, dc = com' and it was observed that openldap I find the user in question bringing his SID according to the figure 11_openldap_GroupMemberOf_SSID.JPG and, afterwards with a treatment in the openldap tool itself through the command: ldapsearch -H 'LDAP: //child.klabs.com: 3268' -D 'cn = Administrator, cn = users, dc = child, dc = klabs, dc = with' -w Avanade @ 2020! -b "cn = ForeignSecurityPrincipals, dc = child, dc = klabs, dc = com" "CN = S-1-5-21-1644185942-511557352-3723172775-1107" msDS-PrincipalName We managed to get the PrincipalName property of the user the figure 12_openldap_SSID_to_PrincipalName.JPG Finally, the conclusion we are reaching is that the openldap tool does not work directly between forests, but only on the same tree. We would like to know if this understanding is correct or if this is really a bug in the tool. Well, I tried to detail the situation as much as possible, please help us understand this. Thank you very much for your attention. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 7706] Update lastbind behavior to allow specific attribute restrictions
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=7706 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|RFE: contrib/slapo-lastbind |Update lastbind behavior to |extension |allow specific attribute | |restrictions -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9003] Update slapd-ldap(5) idassert-authzfrom for policy difference
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=9003 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |TEST Keywords|has_patch, IPR_OK, | |OL_2_5_REQ, | |openldap-scratch | --- Comment #5 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • a5b8a41c by Quanah Gibson-Mount at 2020-04-01T19:40:27+00:00 ITS#9003 Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8628] man pages & Makefile updates for contrib
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8628 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8205 --- Comment #16 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Everything except attachment 671 is already applied as part of https://bugs.openldap.org/show_bug.cgi?id=8205 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8205] [PATCH] man pages in contrib
by openldap-its＠openldap.org 01 Apr '20

01 Apr '20

https://bugs.openldap.org/show_bug.cgi?id=8205 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8628 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8485 --- Comment #11 from ahnolds(a)gmail.com <ahnolds(a)gmail.com> --- (In reply to Howard Chu from comment #10) > (In reply to Michael Ströder from comment #9) > > I concur that lacking support for encrypted private keys is a real > > deficiency! > > > > In general OpenLDAP should aim to reach more flexibility for the TLS > > configuration, e.g. like Apache httpd. Encrypted private keys for both > > server and client side is one aspect of that. > > We have never needed to add explicit support, since OpenSSL prompted for > a passphrase itself, when needed. > > https://www.openldap.org/lists/openldap-software/200210/msg00718.html It prompts for the passphrase on the controlling terminal, which is only helpful for command-line based applications. For any application run through a GUI/web server/etc, there won't be any way for the user to enter the passphrase as is. And in fact, the call to use the key will hang (forever IIRC) waiting for a passphrase to be typed on the terminal. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8485 --- Comment #10 from Howard Chu <hyc(a)symas.com> --- (In reply to Michael Ströder from comment #9) > I concur that lacking support for encrypted private keys is a real > deficiency! > > In general OpenLDAP should aim to reach more flexibility for the TLS > configuration, e.g. like Apache httpd. Encrypted private keys for both > server and client side is one aspect of that. We have never needed to add explicit support, since OpenSSL prompted for a passphrase itself, when needed. https://www.openldap.org/lists/openldap-software/200210/msg00718.html -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8485 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=7221 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 7221] Support private keys in PKCS #8 in slapd when linked with gnutls
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=7221 Ryan Tandy <ryan(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8485 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8446] Various bug fixes for the async-meta backend
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8446 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8734 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8734] Fixes for multiple back-asyncmeta issues
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8734 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=8446 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8446] Various bug fixes for the async-meta backend
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8446 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8446] Various bug fixes for the async-meta backend
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8446 --- Comment #10 from nivanova(a)symas.com <nivanova(a)symas.com> --- This ITS is no longer relevant, since a lot of changes were made to the design and implementation, and all changes were already submitted as ITS#8734. asyncmeta in master is currently up-to-date. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8485 --- Comment #9 from Michael Ströder <michael(a)stroeder.com> --- I concur that lacking support for encrypted private keys is a real deficiency! In general OpenLDAP should aim to reach more flexibility for the TLS configuration, e.g. like Apache httpd. Encrypted private keys for both server and client side is one aspect of that. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8485] [PATCH] Adding support for encrypted server private keys
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8485 --- Comment #8 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Do I understand it correctly that libldap doesn't currently support using encrypted keys at all, not even for client certificates? If that is so, there are scenarios where supporting that does improve security (e.g. interactive tools). -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8528] Incorrect results on replace op for olcAccess
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8528 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Not saying it's a bad idea, but the interactions with a delete mod might be a little confusing: changetype: modify delete: olcAccess olcAccess: {2}to dn.exact="cn=2" by * none olcAccess: {1}to dn.exact="cn=1" by * none olcAccess: {0}to dn.exact="cn=0" by * none I think the above might fail if sorted. Worse still if you sent this modify request (I think we implement this?): changetype: modify delete: olcAccess olcAccess: {2} olcAccess: {1} olcAccess: {0} You would get the wrong values deleted if we do and you need to make 100% sure that you send this instead: changetype: modify delete: olcAccess olcAccess: {2} - delete: olcAccess olcAccess: {1} - delete: olcAccess olcAccess: {0} - Similar with adds. Would need to reread the draft, but I think the text also needs changing if we want to make this change. Question is whose job would it be to reorder the values? Frontend or later? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8511] Rename "mirrormode" to "multimaster", deprecate "mirrormode" parameter
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8511 --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Can't see the patch anywhere, could you create a merge request for this? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8479] overlay unique + mdb: loop and OOM kill, 2 URS as olcUniqueURI value
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8479 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|UNCONFIRMED |RESOLVED --- Comment #2 from Ondřej Kuzník <ondra(a)mistotebe.net> --- Probably the same issue as ITS#9077 *** This bug has been marked as a duplicate of bug 9077 *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 9077] slapo-unique spins its wheels on a non-trivial olcUniqueURI spec
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=9077 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |william.b.clay(a)acm.org --- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> --- *** Bug 8479 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8446] Various bug fixes for the async-meta backend
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8446 --- Comment #9 from Ondřej Kuzník <ondra(a)mistotebe.net> --- On Sun, Mar 22, 2020 at 11:08:09PM +0000, openldap-its(a)openldap.org wrote: > https://bugs.openldap.org/show_bug.cgi?id=8446 Hi Nadya, do you know if this is applied in master yet? Is this patch series still valid for current master? Thanks -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 8446] Various bug fixes for the async-meta backend
by openldap-its＠openldap.org 31 Mar '20

31 Mar '20

https://bugs.openldap.org/show_bug.cgi?id=8446 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|slapd |backends Keywords| |OL_2_5_REQ Target Milestone|--- |2.5.0 -- You are receiving this mail because: You are on the CC list for the bug.

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs