https://bugs.openldap.org/show_bug.cgi?id=9438
Issue ID: 9438 Summary: Add remoteauth overlay to core Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: quanah@openldap.org Target Milestone: ---
Symas will contribute its remoteauth overlay for OpenLDAP 2.5 as a core overlay
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.2 Keywords| |OL_2_5_REQ
https://bugs.openldap.org/show_bug.cgi?id=9438
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- See MR!227, some of the code has been developed by non-project members, here is the IPR notice:
The attached files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch were developed by Symas Corporation. Symas Corporation has not assigned rights and/or interest in this work to any party.
I, Ondřej Kuzník, am authorized by Symas Corporation to release this work under the following terms.
The attached modifications to OpenLDAP Software are subject to the following notice:
Copyright 2010-2021 Symas Corporation Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License.
https://bugs.openldap.org/show_bug.cgi?id=9438
--- Comment #2 from Michael Ströder michael@stroeder.com --- Feature request for a new config parameter 'remoteauth_filter' used to specify when to forward the bind request.
Example and default:
remoteauth_filter "(!(userPassword=*))"
With such a parameter I could replace OATH-LDAP's bind_proxy with slapo-remoteauth by defining this filter:
remoteauth_filter "(&(objectClass=aeUser)(!(oathToken=*)))"
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.2 |2.5.3
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Michael Ströder from comment #2)
Feature request for a new config parameter 'remoteauth_filter' used to specify when to forward the bind request.
Example and default:
remoteauth_filter "(!(userPassword=*))"
With such a parameter I could replace OATH-LDAP's bind_proxy with slapo-remoteauth by defining this filter:
remoteauth_filter "(&(objectClass=aeUser)(!(oathToken=*)))"
Please file a separate bug for this.
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Keywords|OL_2_5_REQ | Target Milestone|2.5.3 |2.5.2
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org ---
Commits: • 0c2ba041 by Ondřej Kuzník at 2021-02-25T22:11:39+00:00 ITS#9438 Allow TLS implementation differences in config
• 34b95c52 by Ondřej Kuzník at 2021-02-25T22:11:39+00:00 ITS#9438 Add remoteauth overlay
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Ever confirmed|0 |1 Status|VERIFIED |CONFIRMED
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- Ancient version seems to have been incorrectly upstreamed.
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |ondra@mistotebe.net
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.2 |2.5.3
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Target Milestone|2.5.3 |2.5.2 Status|CONFIRMED |RESOLVED
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- Never mind, it just had a significant rewrite that threw me off.
https://bugs.openldap.org/show_bug.cgi?id=9438
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9438
--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 9c747074 by Ondřej Kuzník at 2022-09-01T10:09:27+01:00 ITS#9438 slapo-remoteauth: plug config leaks
RE26:
• 79e59bc3 by Ondřej Kuzník at 2022-09-12T20:42:59+00:00 ITS#9438 slapo-remoteauth: plug config leaks
RE25:
• f3325ae8 by Ondřej Kuzník at 2022-09-12T20:43:04+00:00 ITS#9438 slapo-remoteauth: plug config leaks
-
openldap-its@openldap.org