[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3411) sasl-regexp and LDAPs URI



quanah@stanford.edu wrote:

>Full_Name: Quanah Gibson-Mount
>Version: 2.2.19
>OS: Solaris 8
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (171.66.182.82)
>
>
>There was a change in functionality in OpenLDAP 2.2.19 where "ldaps:///" with a
>sasl-regexp no longer works.  Other than taking out my test environment for a
>few hours, I think that slapd should throw a complaint if it encounters that
>invalid syntax in a configuration file, instead of appearing to run normally.  
>The slapd.conf man page may want to note that LDAP URI's with "ldaps:///" are
>not valid in the sasl-regexp section as well.  Since plenty of places on google
>refer to LDAP URI's using ldaps (there's even CPAN perl module for it), people
>are likely not to understand it isn't a valid syntax.
>  
>

That is an overpedantic check I was going to suggest for 2.3 because 
from postings I note that people are sometimes using fancy protocols in 
authz-regexp, and this could be misleading in the sense that the 
requested protocol has security implications which have plainly ignored 
by slapd.  There is no security issue, though, because all operations 
occur internally.

In any case by no means the change was intended for 2.2.  Sorry about 
that.  I suggest it's reverted, pending the consideration of its 
opportunity for 2.3 as well.

p.



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497