Are there any plans to support TLS 1.3?
The 0-RTT feature could be a significant performance gain in case LDAP
applications open a new TLS connection each time they check a password
with a bind request.
The slapo-ppolicy overlay has a parameter for loading an external module
for doing additional password checks. One example of this would be the LTB
project's PPM (password policy module) extension.
However, we currently have no method in OpenLDAP for supporting
configuration for such a module via cn=config. Using this module, we can
see two basic issues:
a) There needs to be a way to load schema for the module for whatever its
configuration items are
b) There needs to be a way to use so that it can have multiple policies
(similar to ppolicy) so that you can have different password checking
policies. Something like: pwdCheckModule <modulepath> <policyDN>. In this
way, you could have multiple password policies with different password
Additionally, we currently do not have a standard on a naming convention
for manual pages, etc, for such an item. I would propose slapm-<name> (m
for module), such as "slapm-ppm.5"
Thoughts etc welcome.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: