[Date Prev][Date Next]
Re: (ITS#3411) sasl-regexp and LDAPs URI
>Full_Name: Quanah Gibson-Mount
>OS: Solaris 8
>Submission from: (NULL) (18.104.22.168)
>There was a change in functionality in OpenLDAP 2.2.19 where "ldaps:///" with a
>sasl-regexp no longer works. Other than taking out my test environment for a
>few hours, I think that slapd should throw a complaint if it encounters that
>invalid syntax in a configuration file, instead of appearing to run normally.
>The slapd.conf man page may want to note that LDAP URI's with "ldaps:///" are
>not valid in the sasl-regexp section as well. Since plenty of places on google
>refer to LDAP URI's using ldaps (there's even CPAN perl module for it), people
>are likely not to understand it isn't a valid syntax.
That is an overpedantic check I was going to suggest for 2.3 because
from postings I note that people are sometimes using fancy protocols in
authz-regexp, and this could be misleading in the sense that the
requested protocol has security implications which have plainly ignored
by slapd. There is no security issue, though, because all operations
In any case by no means the change was intended for 2.2. Sorry about
that. I suggest it's reverted, pending the consideration of its
opportunity for 2.3 as well.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497