From jesse at braintreepayments.com Tue Jul 12 19:15:08 2016 From: jesse at braintreepayments.com (Jesse Hathaway) Date: Tue, 12 Jul 2016 14:15:08 -0500 Subject: [Pkg-openldap-devel] Packaging of 2.4.44 Message-ID: Is anyone intending to package 2.4.44, as it has been out since February? Thanks for maintaining OpenLDAP! -------------- next part -------------- An HTML attachment was scrubbed... URL: From ryan at nardis.ca Tue Jul 12 19:38:27 2016 From: ryan at nardis.ca (Ryan Tandy) Date: Tue, 12 Jul 2016 12:38:27 -0700 Subject: [Pkg-openldap-devel] Packaging of 2.4.44 In-Reply-To: References: Message-ID: <20160712193827.GA793@comet> On Tue, Jul 12, 2016 at 02:15:08PM -0500, Jesse Hathaway wrote: >Is anyone intending to package 2.4.44, as it has been out since February? It's been in-progress in the git repository for a while; lacking tuits on my part to get it finalized and uploaded. Last update was here: http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/2016-June/006723.html If you are comfortable building packages from git and have a test setup available, I'd welcome any feedback on the current state in git master, especially wrt upgrading from earlier versions, with or without the ppolicy overlay active. Sorry for the long delay on this. From dblack at dblacksystems.net Sun Jul 31 00:34:59 2016 From: dblack at dblacksystems.net (dean) Date: Sat, 30 Jul 2016 19:34:59 -0500 Subject: [Pkg-openldap-devel] Bug#807922: slapd: Unable to use olcTLSVerifyClient In-Reply-To: <20151214140522.3706.74281.reportbug@debian.moi.fr> References: <20151214140522.3706.74281.reportbug@debian.moi.fr> <20151214140522.3706.74281.reportbug@debian.moi.fr> Message-ID: <579D47B3.7060400@dblacksystems.net> >> At the moment, I think this behaviour is intentional and by design. >> >>> First, I would note that this only happens when you haven't performed >>> the minimal TLS configuration yet: It's not by design. If it is, someone needs the Kay Sievers treatment. 1) As I told you a few weeks ago, OpenLDAP build is broke. 2) GnuTLS sucks the royal spoon. 3) "Upstream" stops at Debian. 4) There are even broken password settings (in another bug report, called "a minor bug" )... LAST BUT NOT LEAST, COMPOUNDING THE PROBLEMS -- there are even mismatches between various packages: 1) NSSWITCH. 2) PAM 3) OpenLDAP. libnss_ldap.secret ldap.secret pam_ldap.secret. NUTS. That's why I build my own OpenLDAP... and I have flawless programs and scripts to do it. However, every version of Debian seems to break my code. Sievers Situation. I build my own, now. But, Now I've even got to redo LIBNSS AND PAM, TOO!!! Before long, I'll have my own distro???? Ridiculous. As I also said before, testing is imperative. I'll withhold my "Torvald's response." On Mon, 14 Dec 2015 15:05:22 +0100 Obspm wrote: > Package: slapd > Version: 2.4.40+dfsg-1+deb8u1 > Severity: important > > > Hi everyone. > > >From a fresh install (the server is a virtual machine with VirtualBox), after basic configuration of slapd, without any configuration other than those make by apt-get, with no special data I can add this piece of ldif > > dn: cn=config > changeType: modify > add: olcTLSVerifyClient > olcTLSVerifyClient: never > - > > I always got a > > root at debian:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f toto.ldif > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > modifying entry "cn=config" > ldap_modify: Server is unwilling to perform (53) > > and the debug file containt (with LogLevel:1) > > Dec 14 15:04:12 debian slapd[3597]: slap_listener_activate(11): > Dec 14 15:04:12 debian slapd[3597]: >>> slap_listener(ldapi:///) > Dec 14 15:04:12 debian slapd[3597]: connection_get(13): got connid=1031 > Dec 14 15:04:12 debian slapd[3597]: connection_read(13): checking for input on id=1031 > Dec 14 15:04:12 debian slapd[3597]: op tag 0x60, time 1450101852 > Dec 14 15:04:12 debian slapd[3597]: conn=1031 op=0 do_bind > Dec 14 15:04:12 debian slapd[3597]: >>> dnPrettyNormal: <> > Dec 14 15:04:12 debian slapd[3597]: <<< dnPrettyNormal: <>, <> > Dec 14 15:04:12 debian slapd[3597]: do_bind: dn () SASL mech EXTERNAL > Dec 14 15:04:12 debian slapd[3597]: ==>slap_sasl2dn: converting SASL name gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN > Dec 14 15:04:12 debian slapd[3597]: <==slap_sasl2dn: Converted SASL name to > Dec 14 15:04:12 debian slapd[3597]: SASL Authorize [conn=1031]: proxy authorization allowed authzDN="" > Dec 14 15:04:12 debian slapd[3597]: send_ldap_sasl: err=0 len=-1 > Dec 14 15:04:12 debian slapd[3597]: do_bind: SASL/EXTERNAL bind: dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" sasl_ssf=0 > Dec 14 15:04:12 debian slapd[3597]: send_ldap_response: msgid=1 tag=97 err=0 > Dec 14 15:04:12 debian slapd[3597]: <== slap_sasl_bind: rc=0 > Dec 14 15:04:12 debian slapd[3597]: connection_get(13): got connid=1031 > Dec 14 15:04:12 debian slapd[3597]: connection_read(13): checking for input on id=1031 > Dec 14 15:04:12 debian slapd[3597]: op tag 0x66, time 1450101852 > Dec 14 15:04:12 debian slapd[3597]: conn=1031 op=1 do_modify > Dec 14 15:04:12 debian slapd[3597]: >>> dnPrettyNormal: > Dec 14 15:04:12 debian slapd[3597]: <<< dnPrettyNormal: , > Dec 14 15:04:12 debian slapd[3597]: oc_check_required entry (cn=config), objectClass "olcGlobal" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "objectClass" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "cn" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcArgsFile" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcPidFile" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcToolThreads" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "structuralObjectClass" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "entryUUID" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "creatorsName" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "createTimestamp" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcConnMaxPending" > Dec 14 15:04:12 debian slapd[3597]: oc_check_allowed type "olcLogLevel" -------------- next part -------------- An HTML attachment was scrubbed... URL: