David Arnold wrote:
However, for realoding rolled certs this is a bit unfortunante. Alternatively, would it be possible rather than using a SIGNAL to gracefully fall back to reload the TLS context once if the current certs appear expired?
I predict I'm not gonna be the last person with this issue...
I suggest writing an overlay for this, whose only function is to schedule a periodic task that does all of the refreshing you want to have happen.
Best Regards, David A.
On Fri, Aug 21, 2020 at 15:36, Quanah Gibson-Mount quanah@symas.com wrote:
--On Friday, August 21, 2020 5:53 PM -0500 David Arnold <dar@xoe.solutions mailto:dar@xoe.solutions> wrote:
Cool, I'm getting there! Unfortunately and for good reasons the creator of ae-dir.com has restricted modifying access for config (in order to tightly control runtime config state). SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authDid you actually add an authz-regexp to your config that maps this DN to the cn=config rootdn? Otherwise I'd expect it to fail. Not sure this is really an AEDir thing.
Furthermore, would this dummy change also reload the certificates that are configured for the syncrepls?No, you'd need to do a replace op on the olcSyncrepl attribute for that database as well. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com