[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
- To: openldap-devel@openldap.org
- Subject: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
- From: Michael Ströder <michael@stroeder.com>
- Date: Sun, 21 Jul 2019 12:46:13 +0200
- Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= mQENBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAG0J01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPokBNwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIuQENBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAGJAR8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
- In-reply-to: <0C3796D3A54046CB8CFFC6A5@[192.168.1.39]>
- Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
- References: <CAJoHRijg72LHC5EQT0p=ppyykvd69ik-8Ons0fdd3e7fRp1R5Q@mail.gmail.com> <20190720114150.6lcvw2vqkt7wqkty@mistotebe.net> <CAJoHRiicDsYCh55WtS16VN0h0iPz7rh_oSfutih9caEja1+3Vg@mail.gmail.com> <7D4E63B6BD40CD3B388DAC82@[192.168.1.39]> <20190720183144.GB6508@kiwi.nardis.ca> <800783fa-0f03-66eb-0136-ebb7e871e09d@symas.com> <C001FB8C78DB1EF7FD9B5E1D@[192.168.1.39]> <dfbf878e-9220-d9ff-11c8-f45d27607fde@symas.com> <0C3796D3A54046CB8CFFC6A5@[192.168.1.39]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
On 7/21/19 4:32 AM, Quanah Gibson-Mount wrote:
> You missed the point. It wasn't about syncrepl vs back-ldap, it was
> about whether or not *anything* used in slapd should ever pull in data
> from ldap.conf.
From my understanding up to now ldap.conf was used in back-ldap and
people make use of it. Aside from whether this was a doc or
implementation bug you should seriously consider whether it's worth the
trouble to change back-ldap's behaviour within 2.4.x release series.
Personally I'm in the camp of explicitly specifying (possibly different)
trust anchors for every aspect. Especially since we all should use a
decent config management today it's really easy. So I'd like to propose
a change for 2.5.x that nothing within slapd uses ldap.conf
(LDAPNOINIT=1 for all of slapd's internal stuff).
Also I don't want to use system-wide trust stores by default without
explicitly being configured. But that's another issue.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature