[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48

To: Quanah Gibson-Mount <quanah@symas.com>, openldap-devel@openldap.org
Subject: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
From: Howard Chu <hyc@symas.com>
Date: Sun, 21 Jul 2019 21:02:08 +0100
In-reply-to: <8C2495FF8CAD7D17C02188C9@[192.168.1.39]>
References: <CAJoHRijg72LHC5EQT0p=ppyykvd69ik-8Ons0fdd3e7fRp1R5Q@mail.gmail.com> <20190720114150.6lcvw2vqkt7wqkty@mistotebe.net> <CAJoHRiicDsYCh55WtS16VN0h0iPz7rh_oSfutih9caEja1+3Vg@mail.gmail.com> <7D4E63B6BD40CD3B388DAC82@[192.168.1.39]> <20190720183144.GB6508@kiwi.nardis.ca> <800783fa-0f03-66eb-0136-ebb7e871e09d@symas.com> <C001FB8C78DB1EF7FD9B5E1D@[192.168.1.39]> <dfbf878e-9220-d9ff-11c8-f45d27607fde@symas.com> <0C3796D3A54046CB8CFFC6A5@[192.168.1.39]> <f4b1b61a-ac76-ac8b-b6b1-bf82366456ee@symas.com> <8C2495FF8CAD7D17C02188C9@[192.168.1.39]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53

Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu <hyc@symas.com> wrote:
> 
>>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu <hyc@symas.com>
>>> wrote:
>>>
>>>> The behavior is supposed to be exactly as specified in the manpages.
>>>>
>>>
>> A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP
>> client.
> 
> 
> Now you are providing conflicting answers.  The man page for back-ldap makes zero reference to ldap.conf(5).  It only mentions slapd.conf(5).  The syncrepl
> section of slapd.conf(5)/slapd-config(5) only mention the network-timeout value being pulled in from ldap.conf(5).  So which is it? Do they follow the man page
> behaviors (which would mean no ldap.conf(5) for slapd-ldap, and only network-timeout for syncrepl), or do they violate the man page description?

As I already said: there is no reason for the syncrepl consumer and back-ldap to behave identically. The manpages are correct in each case.

> 
> 
> Generally, it seems to me we at the least have a documentation bug, in that back-ldap(5) and the syncrepl section of slapd.conf(5)/slapd-config(5) should note
> that they will rely on ldap.conf(5) in the absence of TLS (and possibly other paremters) if they are not found in slapd.conf(5).
> 
> Additionaly, what should we do about ITS#8427? It was clearly fixing a valid bug.  Do we revert it?  Do we fix the behavior so it fixes the bug reported, but
> does not introduce a regression?

It sounds like the behavior with OpenSSL is currently correct, and currently broken on GnuTLS.
> 
> And we need to know the answer to that and have a fix in rather quickly.
> 
> --Quanah
> 
> 
> -- 
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
> 
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>

References:
- back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ondřej Kuzník <ondra@mistotebe.net>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Nikos Voutsinas <nvoutsin@gmail.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Howard Chu <hyc@symas.com>
- Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
Next by Date: Re: back_ldap / TLS Issues with OPENLDAP_REL_ENG_2_4_48
Index(es):
- Chronological
- Thread