openldap-bugs

openldap-bugs@openldap.org

1 participants
20894 discussions

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

1 0

[Issue 9698] New: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend
by openldap-its＠openldap.org 20 Sep '21

20 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9698 Issue ID: 9698 Summary: per database olcSecurity: tls=0 does not override olcSecurity: tls=1 from the frontend Product: OpenLDAP Version: 2.5.7 Hardware: All OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- I have these databases: cn=config frontend,cn=config mdb/suffix o=A,cn=config mdb/suffix o=B,cn=confix slapd listens on port 389. I want to make sure, that • all requests to suffix o=A are served after STARTTLS, as these come from the wild internet. • all requests to suffix o=B do not have to utilize STARTTLS (ldaps), as these are local to the machine, and • if a request to the root DSE is made, without using STARTTLS, the client shall gets “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To enforce STARTTLS for suffix o=A I put there `olcSecurity: tls=1`. If I set dn: olcDatabase=frontend,cn=config olcAccess: to dn="" by tls_ssf=256 * read and the rootDSE is requested without STARTTLS, the result is just empty, rather than “ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required”. To get the “confidentiality required” for the root DSE I have to put dn: olcDatabase=frontend,cn=config olcSecurity: tls=1 or dn: cn=config olcSecurity: tls=1 It was unclear to me which one shall I use, but both serve the same purpose. Now, I want to enable no-STARTTLS to suffix o=B. I put there “olcSecurity: tls=0”. Irrespective, if only cn=config, or only olcDatabase=frontend,cn=config contain “olcSecurity: tls=1” the “olcSecurity: tls=0” in suffix o=B is not enacted. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Generally, it looks like this feature was implemented using slapd options and ignoring the slapd configured loglevel. This is problematic in that it: a) Breaks the longstanding expectation of being able to control logging via the loglevel/olcLogLevel settings in slapd.conf/cn=config b) Requires a restart to change the logging level c) Is going to be a multi-step issue on systemd based systems, as the debug level would need to be modified in the systemd overrides configuration file. I.e., one cannot simply do even a slapd restart to change the loglevel with this implementation. Generally expectation: a) loglevel continues to control logging b) it is possible to change the loglevel on the fly without restarting slapd c) It is not necessary to fiddle with the -d option to slapd to get logging. Setting -s 0 seems fine. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 17 Sep '21

17 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |--- Status|RESOLVED |CONFIRMED --- Comment #12 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Unable to get this to work in master. Set up a generic slapd with cn=config Did an ldapmodify to set the logging options: ldapmodify -x -H ldapi:/// -D cn=config -w secret dn: cn=config changetype: modify add: olcLogFile olcLogFile: /var/symas/slapd.log - add: olcLogFileOnly olcLogFileOnly: TRUE - add: olcLogFileRotate olcLogFileRotate: 12 10 1 modifying entry "cn=config" Logfile is created, but nothing is logged to it. Restarted slapd, still nothing logged to it. Explicitly set the loglevel to stats sync Still nothing logged to it. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9697] New: healthcare software development
by openldap-its＠openldap.org 16 Sep '21

16 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9697 Issue ID: 9697 Summary: healthcare software development Product: website Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: website Assignee: bugs(a)openldap.org Reporter: ritesh.patil732(a)gmail.com Target Milestone: --- https://mobisoftinfotech.com/industry/healthcare-software-development -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 6949] OpenLDAP Logging
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=6949 --- Comment #11 from Quanah Gibson-Mount <quanah(a)openldap.org> --- For reference, with the test008 config, timings for progs/slapd-tester -H ldap://:9011 -D cn=manager,dc=example,dc=com -w secret -d testdata -P progs -l 1000 -s0 -dnone 18.92 seconds -s0 -d256 23.37 seconds -s0 -d256 + rotate 27.00 seconds -s256 -dnone 45.33 seconds Logfile params were logfile testrun/logfile logfile-rotate 12 10 1 logfile-only true -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9464] New: Test suite file conf.sh tries to sed unused items
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9464 Issue ID: 9464 Summary: Test suite file conf.sh tries to sed unused items Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The conf.sh script tries to sed values that are not meant for replacement but instead are environment variables handled by run.in and defines.sh. This should be deleted from conf.sh -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 9694] New: Can Delta-sync’s changelog be based on a sessionlog?
by openldap-its＠openldap.org 15 Sep '21

15 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=9694 Issue ID: 9694 Summary: Can Delta-sync’s changelog be based on a sessionlog? Product: OpenLDAP Version: 2.5.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: dpa-openldap(a)aegee.org Target Milestone: --- In the replication terminology, the terms sessionlog and accesslog are used. sessionlog is created by the syncprov-overlay/syncprov-sessionlog directive; accesslog is created in first place by the accesslog overlay. Delta-syncrepl introduces an additional term: changelog. The example at https://www.openldap.org/devel/admin/replication.html#Delta-syncrepl%20Prov… uses accesslog for the changelog. The documentation is unclear, whether the changelog must be backed on accesslog-database, or it can be backed also on a sessionlog. (⇔Is delta-sync happy just with a sessionlog?) The documentation in slapo-syncprov(5) for syncprov-nopresent says “This value should only be set TRUE for a syncprov instance on top of a log database (such as one managed by the accesslog overlay).” Is sessionlog a log database? -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 7595] OpenLDAP lacks a ECDHE key generation callback
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=7595 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9687 -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7595] OpenLDAP lacks a ECDHE key generation callback
by openldap-its＠openldap.org 14 Sep '21

14 Sep '21

https://bugs.openldap.org/show_bug.cgi?id=7595 --- Comment #7 from Howard Chu <hyc(a)openldap.org> --- (In reply to Howard Chu from comment #1) > Some background info in this thread > http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA- > AES256-SHA384-td42229.html nabble.com seems to have reorganized their domains and the above URL is now broken. The same thread is available at https://www.mail-archive.com/openssl-users@openssl.org/msg69181.html > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ -- You are receiving this mail because: You are on the CC list for the issue.

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs