On 4/14/2023 2:11 AM, Ondřej Kuzník
wrote:
AFAIK
that's correct, some of what you're asking for depends on the
errno, some of it is in TLS code and very little, if anything, is
currently preserved for that kind of use.
Thanks.
A
pretty comprehensive walk of the codebase might be needed to cover
the lot?
Alas, yes. But if there's a pretty general mechanism at the
OpenLDAP layer, then OpenLDAP can pass through whatever the lower
layer says... and if the lower layer says something useless, then
the buck can be passed to them.
But even being able to say "it's a TLS problem" or "it's a Kerberos
problem" would be helpful.
Given
you've already considered a usecase and some of the requirements
users might have on this kind of feature, you're welcome to
propose one yourself. If it's ready for inclusion in 2.7, that's
where it could go. We can assist where you're unsure of the
codebase and eventually review.
I'll work on that. No specific schedule. This is not an urgent
matter, just something that keeps popping up over and over.
If
you want to go that route, let's move the planning into -devel.
Will do.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris