[Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy protocol v2"

12 Jun 2023


      https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #17 from sean@teletech.com.au ---
This is looking much more complex than what I first envisioned. When I first
lodged this report I thought it was the ssf that governed the EXTERNAL
mechanism and that getting it to work would be as simple as plugging in an ssf
for the proxy. I see now that won't work. the authid is what is needed.
Coming back to
...
What is preventing you from exposing slapd to your clients directly?
If there was a simple qualification check that was applied to the authid
immediately after it was created, and the connection closed immediately if it
failed, I would happily do away with the proxy.
Something like
olcAuthzQualifyRegExp: <match> [ACCEPT|REJECT]
This seemed like a much bigger ask at the time. Now I'm not so sure.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy protocol v2"