Hi,
I'm looking to determine if clients connecting to my OpenLDAP directory are using obsolete protocols (such as SSL, TLS 1.0, etc). Are the connection details exposed in the SSF value of the connection, or exposed elsewhere the log?
Best,
Aaron
--- Aaron Bennett Manager of Systems Administration Clark University ITS
--On Thursday, November 21, 2019 6:44 PM +0000 Aaron Bennett abennett@clarku.edu wrote:
Hi,
I'm looking to determine if clients connecting to my OpenLDAP directory are using obsolete protocols (such as SSL, TLS 1.0, etc). Are the connection details exposed in the SSF value of the connection, or exposed elsewhere the log?
This is ITS#7683 https://www.openldap.org/its/index.cgi/?findid=7683
You can obtain a patch that can be applied to RE24 to add this functionality from https://github.com/Zimbra/packages/blob/develop/thirdparty/openldap/patches/ITS7683.patch
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Friday, November 22, 2019 12:15 PM To: Aaron Bennett abennett@clarku.edu; openldap-technical@openldap.org Subject: [EXT] Re: SSL / TLS 1.0 - exposed in SSF?
This is ITS#7683 https://www.openldap.org/its/index.cgi/?findid=7683
You can obtain a patch that can be applied to RE24 to add this functionality from https://github.com/Zimbra/packages/blob/develop/thirdparty/openldap/patches/...
Thank you, Quanah. Is that patch applicable beyond 2.4.40?
( this is what makes me think it's 2.4.40: only... )
--- openldap-2.4.40/servers/slapd/connection.c.orig 2014-11-13 17:07:32.258240498 -0600 +++ openldap-2.4.40/servers/slapd/connection.c 2014-11-13 17:09:17.778236982 -0600
Best,
Aaron
--- Aaron Bennett Manager of Systems Administration Clark University ITS
--On Friday, November 22, 2019 5:24 PM +0000 Aaron Bennett abennett@clarku.edu wrote:
Thank you, Quanah. Is that patch applicable beyond 2.4.40?
( this is what makes me think it's 2.4.40: only... )
--- openldap-2.4.40/servers/slapd/connection.c.orig 2014-11-13 17:07:32.258240498 -0600 +++ openldap-2.4.40/servers/slapd/connection.c 2014-11-13 17:09:17.778236982 -0600
That's simply the release the patch was generated against. It still worked at least as recently as OpenLDAP 2.4.46. ;)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Aaron Bennett -
Quanah Gibson-Mount