[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-bugs
Subject: Re: [Issue 10065] slapd needs a config option for the ssf of an external security proxy using "proxy
From: Howard Chu <hyc () symas ! com>
Date: 2023-06-12 15:05:55
Message-ID: 19f8ca20-44c8-0049-92ec-c1798948a9bc () symas ! com
[Download RAW message or body]
openldap-its@openldap.org wrote:
> https://bugs.openldap.org/show_bug.cgi?id=10065
>
> --- Comment #6 from Quanah Gibson-Mount <quanah@openldap.org> ---
> Ok, I was incorrect about SASL/EXTERNAL although I swear I was told at one
> point it doesn't require cyrus-sasl (which IMHO would be rather nice).
>
> Generally, the gist here is that it would be useful for the SASL SSF to be
> propagated through to the end slapd server when haproxy protocol v2 is enabled.
>
> I'd also note we use SASL/PLAIN at my current job, so Howard's definitely
> incorrect.
>
By default, slapd disallows use of SASL/PLAIN. So either your current job
isn't using OpenLDAP, or you've explicitly weakened its security properties
in your config.
Regardless, support of SASL/PLAIN is certainly not a priority.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic