Quanah Gibson-Mount pushed to branch OPENLDAP_REL_ENG_2_5 at openldap / OpenLDAP
Commits: f4bfb5e0 by Emily Backes at 2020-03-20T19:08:22+00:00 ITS#7074 - change olcDatabaseDummy initialization for windows
- - - - - 23af2c36 by Kurt Zeilenga at 2020-03-26T18:45:00+00:00 ITS#8675 - Fix tools to not continue on TLS error
The spec says that upon StartTLS 'success', both TLS communications is established on the octet following the Start TLS response (and the request)... and that once one starts TLS communications, one can never go back to LDAP without TLS. So if there's a TLS failure (whether as part of TLS nego or later), LDAP communications cannot be continued (without TLS).
Only ignoring LDAP errors (rc > 0) ensures that if TLS negotiation fails, we don't attempt to send LDAP operations without TLS.
- - - - - 57b7003a by Sergei Trofimovich at 2020-03-26T22:06:41+00:00 thr_posix.c: fix implicit function declaration for 'pthread_setconcurrency'
thr_posix.c: In function 'ldap_pvt_thread_set_concurrency': thr_posix.c:96:9: error: implicit declaration of function 'pthread_setconcurrency' return pthread_setconcurrency( n ); ^~~~~~~~~~~~~~~~~~~~~~ pthread_setcanceltype
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
- - - - - d86caaca by Ryan Tandy at 2020-03-29T10:00:45-07:00 ITS#8837 Fix pw-pbkdf2 manpage name to get it installed
- - - - - a5b8a41c by Quanah Gibson-Mount at 2020-04-01T19:40:27+00:00 ITS#9003
Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy
- - - - - 52fad51d by Peter Marschall at 2020-04-01T22:29:10+00:00 ITS#8628 - contrib/passwd/pbkdf2: new Makefile variables SSL_LIB & SSL_INC
- - - - - 7732cb27 by Ryan Tandy at 2020-04-02T15:52:31+00:00 ITS#9086 Add debug logging for more GnuTLS errors
- - - - - 822ed8c1 by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 saslauthz cleanups (no functional change)
- give authid-rewrite's argument a name - tidy saslauthz.c whitespace (mixed spaces/tabs) - always declare slap_sasl_regexp_destroy: fixes an implicit declaration warning when configured without librewrite - delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this code is never compiled - make slap_sasl_regexp_rewrite_config static - omit sasl_regexp unused fields when built with librewrite
- - - - - c4db9061 by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 olcAuthzRegexp insert/delete support
- - - - - 1d562a7a by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 olcAuthIDRewrite insert/delete support
- - - - - 2b01b8dd by Ryan Tandy at 2020-04-02T09:10:51-07:00 ITS#6035 Create test script
- - - - - 05e07805 by Quanah Gibson-Mount at 2020-04-02T16:28:58+00:00 ITS#6035 - regenerate configure
- - - - - bd7675b5 by Quanah Gibson-Mount at 2020-04-02T16:35:14+00:00 Merge remote-tracking branch 'origin/master' into OPENLDAP_REL_ENG_2_5
- - - - - da58a21a by Quanah Gibson-Mount at 2020-04-02T16:35:41+00:00 ITS#9194 - regenerate configure
- - - - -
19 changed files:
- clients/tools/common.c - configure - configure.in - contrib/slapd-modules/passwd/pbkdf2/Makefile - contrib/slapd-modules/passwd/pbkdf2/slapo-pw-pbkdf2.5 → contrib/slapd-modules/passwd/pbkdf2/slapd-pw-pbkdf2.5 - doc/man/man5/slapd-ldap.5 - libraries/libldap/tls_g.c - libraries/libldap_r/thr_posix.c - servers/slapd/back-ldap/chain.c - servers/slapd/back-meta/config.c - servers/slapd/bconfig.c - servers/slapd/overlays/pcache.c - servers/slapd/overlays/rwm.c - servers/slapd/overlays/translucent.c - servers/slapd/proto-slap.h - servers/slapd/saslauthz.c - tests/run.in - tests/scripts/defines.sh - + tests/scripts/test076-authid-rewrite
View it on GitLab: https://git.openldap.org/openldap/openldap/-/compare/8eb5d579d73832ab82dc77e...