Pending commits I think look good for RE24:
7759 avoid assert in parse_passwdpolicy_control 7753 (fix test suite to use $MAKE 7761 (bail out of search if config is pausing) 7762 shortcut null rdns 6758 rewrite code for contrib:wrap_slap_ops (Hallvard says good for RE24). Pierangelo did a fix to deref, looks minor and good for RE24 7773 - Pierangelo also did one for constraint that looks good for RE24
and I assume I should sync mdb.master to main/re25/re24
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
Pending commits I think look good for RE24:
I'm in need to have ITS#7683 available. I've tested it with OpenSSL but not with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be happy to see it released in in 2.4.39.
Any chance to get ITS#7683 into 2.4.39?
Ciao, Michael.
--On Thursday, January 09, 2014 9:40 PM +0100 Michael Ströder michael@stroeder.com wrote:
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
Pending commits I think look good for RE24:
I'm in need to have ITS#7683 available. I've tested it with OpenSSL but not with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be happy to see it released in in 2.4.39.
Any chance to get ITS#7683 into 2.4.39?
7683 makes a change to the way in which stats logging behaves. As there are many scripts that parse the stats loglevel, making such a change would have a negative impact on numerous people's installations. This sort of change really should wait for OpenLDAP 2.5.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Thursday, January 09, 2014 9:40 PM +0100 Michael Ströder michael@stroeder.com wrote:
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
Pending commits I think look good for RE24:
I'm in need to have ITS#7683 available. I've tested it with OpenSSL but not with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be happy to see it released in in 2.4.39.
Any chance to get ITS#7683 into 2.4.39?
7683 makes a change to the way in which stats logging behaves. As there are many scripts that parse the stats loglevel, making such a change would have a negative impact on numerous people's installations. This sort of change really should wait for OpenLDAP 2.5.
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect Forward Secrecy.
In the light of recent news regarding NSA etc. I think this should not wait for 2.5 just because some script writers would have to make minimal changes to their stat scripts.
Ciao, Michael.
--On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder michael@stroeder.com wrote:
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect Forward Secrecy.
Hi Michael,
The change does not apply cleanly and results in a substantial number of merge issues. Given this, it will not be merged into the RE24 branch. It will be part of 2.5.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder michael@stroeder.com wrote:
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect Forward Secrecy.
The change does not apply cleanly and results in a substantial number of merge issues. Given this, it will not be merged into the RE24 branch. It will be part of 2.5.
I can't believe that the OpenLDAP project wants to postpone such a important feature for another year or two (until 2.5 stable release). Today all mail and HTTP servers can log the TLS cipher negotiated for a connection. It's a really urgent feature to centrally examine existing client configurations.
Ciao, Michael.
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
--On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder michael@stroeder.com wrote:
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect Forward Secrecy.
The change does not apply cleanly and results in a substantial number of merge issues. Given this, it will not be merged into the RE24 branch. It will be part of 2.5.
I can't believe that the OpenLDAP project wants to postpone such a important feature for another year or two (until 2.5 stable release). Today all mail and HTTP servers can log the TLS cipher negotiated for a connection. It's a really urgent feature to centrally examine existing client configurations.
2.4 is in feature freeze. We tried to accomodate your request, despite the freeze, but the code changes are too extensive. The idea here is to quit making any major upheavals in the 2.4 branch, not keep adding them in perpetuity.
Examining client configuration really isn't even relevant. If you want to ensure that a secure cipher is negotiated, then configure a narrower set of supported ciphers. This is hardly as critical a feature as you make it out to be.
-
Howard Chu -
Michael Ströder -
Quanah Gibson-Mount