I can see how ramping up diagnosis capabilities on a running piece of software is an outstanding feature, that unfortunately not a lot programs have out there.
David Arnold wrote:
> However, for realoding rolled certs this is a bit unfortunante. Alternatively, would it be possible rather than using
> a SIGNAL to gracefully fall back to reload the TLS context once if the current certs appear expired?
>
> I predict I'm not gonna be the last person with this issue...
I suggest writing an overlay for this, whose only function is to schedule a periodic task that does all of the
refreshing you want to have happen.
>
> Best Regards,
> David A.
>
> On Fri, Aug 21, 2020 at 15:36, Quanah Gibson-Mount <quanah@symas.com> wrote:
>> --On Friday, August 21, 2020 5:53 PM -0500 David Arnold <dar@xoe.solutions <mailto:dar@xoe.solutions>> wrote:
>>
>> Cool, I'm getting there! Unfortunately and for good reasons the creator of ae-dir.com has restricted modifying access for config (in order to tightly
>> control runtime config state).
>>
>> SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>>
>> Did you actually add an authz-regexp to your config that maps this DN to the cn=config rootdn? Otherwise I'd expect it to fail. Not sure this is really an
>> AEDir thing.
>>
>> Furthermore, would this dummy change also reload the certificates that are configured for the syncrepls?
>>
>> No, you'd need to do a replace op on the olcSyncrepl attribute for that database as well. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas
>> Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/