[Pkg-openldap-devel] Bug#512693: Bug#512693: slapd - ldap proxy with tls enforces cert check even if disabled
Quanah Gibson-Mount
quanah at zimbra.com
Sun Jan 25 17:26:00 UTC 2009
--On Sunday, January 25, 2009 3:42 PM +0100 Bastian Blank
<waldi at debian.org> wrote:
> tags 512693 patch
> thanks
>
> Reason found. In ldap_back_prepare_conn the tls settings are applied via
> a bindconf_tls_set call _once_, while the settings are per connection.
> The attached patch changes this to apply the settings for each
> connection.
>
> There is similar code in servers/slapd/config.c, which may be changed
> also.
Upstream was unable to reproduce this issue, so I'm guessing it is already
fixed there. I would advise using the upstream code instead of patching it
with your own patch.
Secondly, the upstream back-ldap author noted that your configuration as
reported in the bug seemed invalid:
----- Upstream email -----
Could not reproduce (with today's HEAD and properly configured
client/server TLS).
I'd note that the client requests in the reported example use -W with -x
and no -D, so they should fail since binding with a password an no DN...
the bug report looks malformed.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list