'Re: [Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-bugs
Subject:    Re: [Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy
From:       Howard Chu <hyc () symas ! com>
Date:       2023-06-12 15:05:55
Message-ID: 19f8ca20-44c8-0049-92ec-c1798948a9bc () symas ! com
[Download RAW message or body]

openldap-its@openldap.org wrote:
> https://bugs.openldap.org/show_bug.cgi?id=10065
> 
> --- Comment #6 from Quanah Gibson-Mount <quanah@openldap.org> ---
> Ok, I was incorrect about SASL/EXTERNAL although I swear I was told at one
> point it doesn't require cyrus-sasl (which IMHO would be rather nice).
> 
> Generally, the gist here is that it would be useful for the SASL SSF to be
> propagated through to the end slapd server when haproxy protocol v2 is enabled.
> 
> I'd also note we use SASL/PLAIN at my current job, so Howard's definitely
> incorrect.
> 
By default, slapd disallows use of SASL/PLAIN. So either your current job
isn't using OpenLDAP, or you've explicitly weakened its security properties
in your config.

Regardless, support of SASL/PLAIN is certainly not a priority.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic