Full_Name: Michael Str.der Version: HEAD OS: URL: Submission from: (NULL) (79.223.42.126)

1. It would be nice if back-sock listeners could receive more details of an LDAP request:

1.1 TLS client peer certificate would allow to distinguish between a normal bind-DN and the system from which the LDAP request was sent. - either subject-DN like used in authz-regexp configuration directive - issuer-DN+serial like to be used with certificateExactMatch

1.2. Request controls - either as base64-decoded BER (and the listener has to decode it) similar to what RFC 2849 specifys - in some suitable string representation (hard to define)

2. It would be nice if back-sock listeners could return extended response controls to slapd which returns it to the LDAP client. Should be an extra line "control:" with base64-encoded BER value similar to what RFC 2849 specifys