Logged in as guest
Viewing Contrib/4092 Full headers
Major security issue: yes no
Notes: Notification:
Date: Sun, 16 Oct 2005 13:57:52 GMT From: b.candler@pobox.com To: openldap-its@OpenLDAP.org Subject: PATCH: back-shell additional connection information
Full_Name: Brian Candler Version: HEAD OS: FreeBSD 5.4-RELEASE URL: http://psg.com/~brian/software/openldap-backshell-conn.patch Submission from: (NULL) (212.74.113.67) This is an enhancement to add extra meta-attributes to requests sent to back-shell modules. They are: binddn: <currect connection bound DN> peername: <connection peer IP address> ssf: <connection SSF value> Note: the UNBIND command now sends the current bind DN twice, as 'binddn:' and 'dn:' Dropping the 'dn:' line would make things cleaner, at the slight risk of not being backwards-compatible (is there anything useful you can do in back-shell for an UNBIND request though??)
Date: Mon, 17 Oct 2005 10:20:13 -0700 To: b.candler@pobox.com From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Subject: Re: (ITS#4092) PATCH: back-shell additional connection information Cc: openldap-its@OpenLDAP.org
I note that patch does not contain a IPR statement as required by our contributing guidelines. Please add an appropriate statement to the top of the patch file. See <http://www.openldap.org/devel/contributing.html> for details. The changes would likely break some existing uses of back-shell. I think it would be good to only send additional fields when configured to do so. I would suggest adding an extensible configuration option so that if someone else desires to further extend back-shell with additional fields, they can share the same configuration mechanism. Something like: extensions binddn peername ssf would do. Regards, Kurt At 06:57 AM 10/16/2005, b.candler@pobox.com wrote: >Full_Name: Brian Candler >Version: HEAD >OS: FreeBSD 5.4-RELEASE >URL: http://psg.com/~brian/software/openldap-backshell-conn.patch >Submission from: (NULL) (212.74.113.67) > > >This is an enhancement to add extra meta-attributes to requests sent to >back-shell modules. They are: > >binddn: <currect connection bound DN> >peername: <connection peer IP address> >ssf: <connection SSF value> > >Note: the UNBIND command now sends the current bind DN twice, as 'binddn:' and >'dn:' >Dropping the 'dn:' line would make things cleaner, at the slight risk of not >being backwards-compatible (is there anything useful you can do in back-shell >for an UNBIND request though??)
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no> Date: Mon, 17 Oct 2005 20:15:32 +0200 To: openldap-its@openldap.org Cc: Brian Candler <B.Candler@pobox.com> Subject: Re: (ITS#4092) PATCH: back-shell additional connection information
Kurt@OpenLDAP.org writes: > The changes would likely break some existing uses of back-shell. > I think it would be good to only send additional fields when > configured to do so. After Brian's message about missing state info, I've been wondering if some common API for back-sock, back-shell and maybe even back-perl would be useful for "translating" between slapd info and backend info, including how to configure what to send. Would probably need some callbacks to the backend-specific details. -- Hallvard
Date: Wed, 19 Oct 2005 14:07:24 +0100 From: Brian Candler <B.Candler@pobox.com> To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Cc: openldap-its@OpenLDAP.org Subject: Re: (ITS#4092) PATCH: back-shell additional connection information
On Mon, Oct 17, 2005 at 10:20:13AM -0700, Kurt D. Zeilenga wrote: > I note that patch does not contain a IPR statement as required > by our contributing guidelines. Please add an appropriate > statement to the top of the patch file. See <http://www.openldap.org/devel/contributing.html> > for details. > > The changes would likely break some existing uses of back-shell. > I think it would be good to only send additional fields when > configured to do so. I would suggest adding an extensible > configuration option so that if someone else desires to further > extend back-shell with additional fields, they can share the > same configuration mechanism. Something like: > > extensions binddn peername ssf > > would do. Patch updated to fix both points. http://psg.com/~brian/software/openldap-backshell-conn.patch
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
