10:11 a.m.
Pending commits I think look good for RE24:
7759 avoid assert in parse_passwdpolicy_control
7753 (fix test suite to use $MAKE
7761 (bail out of search if config is pausing)
7762 shortcut null rdns
6758 rewrite code for contrib:wrap_slap_ops (Hallvard says good for RE24).
Pierangelo did a fix to deref, looks minor and good for RE24
7773 - Pierangelo also did one for constraint that looks good for RE24
and I assume I should sync mdb.master to main/re25/re24
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
12:40 p.m.
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
> Pending commits I think look good for RE24:
I'm in need to have ITS#7683 available. I've tested it with OpenSSL but not
with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be happy to see
it released in in 2.4.39.
Any chance to get ITS#7683 into 2.4.39?
Ciao, Michael.
12:49 p.m.
--On Thursday, January 09, 2014 9:40 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Michael Ströder wrote:
> Quanah Gibson-Mount wrote:
>> Pending commits I think look good for RE24:
>
> I'm in need to have ITS#7683 available. I've tested it with OpenSSL but
> not with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be
> happy to see it released in in 2.4.39.
Any chance to get ITS#7683 into 2.4.39?
7683 makes a change to the way in which stats logging behaves. As there
are many scripts that parse the stats loglevel, making such a change would
have a negative impact on numerous people's installations. This sort of
change really should wait for OpenLDAP 2.5.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
2:18 a.m.
Quanah Gibson-Mount wrote:
--On Thursday, January 09, 2014 9:40 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
> Michael Ströder wrote:
>> Quanah Gibson-Mount wrote:
>>> Pending commits I think look good for RE24:
>>
>> I'm in need to have ITS#7683 available. I've tested it with OpenSSL but
>> not with GnuTLS and MozNSS yet. But if it's not too intrusive I'd be
>> happy to see it released in in 2.4.39.
>
> Any chance to get ITS#7683 into 2.4.39?
7683 makes a change to the way in which stats logging behaves. As there are
many scripts that parse the stats loglevel, making such a change would have a
negative impact on numerous people's installations. This sort of change
really should wait for OpenLDAP 2.5.
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
Forward Secrecy.
In the light of recent news regarding NSA etc. I think this should not wait
for 2.5 just because some script writers would have to make minimal changes to
their stat scripts.
Ciao, Michael.
11:31 a.m.
--On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
Forward Secrecy.
Hi Michael,
The change does not apply cleanly and results in a substantial number of
merge issues. Given this, it will not be merged into the RE24 branch. It
will be part of 2.5.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
12:06 p.m.
Quanah Gibson-Mount wrote:
--On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
>
> Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
> Forward Secrecy.
The change does not apply cleanly and results in a substantial number of merge
issues. Given this, it will not be merged into the RE24 branch. It will be
part of 2.5.
I can't believe that the OpenLDAP project wants to postpone such a important
feature for another year or two (until 2.5 stable release). Today all mail and
HTTP servers can log the TLS cipher negotiated for a connection. It's a really
urgent feature to centrally examine existing client configurations.
Ciao, Michael.
12:25 p.m.
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
> --On Friday, January 10, 2014 11:18 AM +0100 Michael Ströder
> <michael(a)stroeder.com> wrote:
>>
>> Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
>> Forward Secrecy.
>
> The change does not apply cleanly and results in a substantial number of merge
> issues. Given this, it will not be merged into the RE24 branch. It will be
> part of 2.5.
I can't believe that the OpenLDAP project wants to postpone such a important
feature for another year or two (until 2.5 stable release). Today all mail and
HTTP servers can log the TLS cipher negotiated for a connection. It's a really
urgent feature to centrally examine existing client configurations.
2.4 is in feature freeze. We tried to accomodate your request, despite the
freeze, but the code changes are too extensive. The idea here is to quit
making any major upheavals in the 2.4 branch, not keep adding them in perpetuity.
Examining client configuration really isn't even relevant. If you want to
ensure that a secure cipher is negotiated, then configure a narrower set of
supported ciphers. This is hardly as critical a feature as you make it out to be.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3359
days inactive
3365
days old
7 comments
3 participants
participants (3)
-
Howard Chu -
Michael Ströder -
Quanah Gibson-Mount