New subject: [Issue 10502] feature proxyauthz should become default

12 May 2026


      https://bugs.openldap.org/show_bug.cgi?id=10502
Issue ID: 10502
           Summary: feature proxyauthz should become default
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: lloadd
          Assignee: bugs@openldap.org
          Reporter: ondra@mistotebe.net
  Target Milestone: ---
Most stock lloadd deployments are against OpenLDAP, but since "feature" keyword
doesn't allow "off-switches", proxyauthz has had to have been an "off by
default" thing. This is insecure and probably a footgun for many.
We'll have to introduce a new configuration option to do this, one that allows
for gentler evolution.
This also allows us to reject a bindconf+no_proxyauthz combinations if we force
the rare admins who genuinely need it (no proxyauthz support in upstreams) to
opt in explicitly.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10502] New: feature proxyauthz should become default