--On Sunday, July 21, 2019 10:54 PM +0200 Ondřej Kuzník
wrote:
On Sun, Jul 21, 2019 at 10:18:37AM -0700, Quanah Gibson-Mount wrote:
Now you are providing conflicting answers. The man page for back-ldap
makes zero reference to ldap.conf(5). It only mentions slapd.conf(5).
The syncrepl sectio
--On Sunday, July 21, 2019 11:16 PM +0100 Howard Chu wrote:
I take this back. Pretty sure we've had this debate before, haven't found
it in the list archive.
We explicitly create a fresh TLS context in slapd, to eliminate any
ldap.conf initialization defaults.
Ok, so it's GnuTLS that had bro
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:54 PM +0100 Howard Chu wrote:
>> Feel free to add a note to slapd.conf(5) / slapd-config(5) about TLS
>> defaults.
I take this back. Pretty sure we've had this debate before, haven't found it in
the list archive.
We explicitly create a
--On Sunday, July 21, 2019 10:54 PM +0100 Howard Chu wrote:
You claimed it was inconsistent because syncrepl refers to ldap.conf for
network timeout settings while back-ldap makes no reference to ldap.conf.
No, if you read my email, I was purely noting that again that the man pages
make no r
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 10:02 PM +0100 Howard Chu wrote:
>
>> As I already said: there is no reason for the syncrepl consumer and
>> back-ldap to behave identically. The manpages are correct in each case.
>
> I've never said they should behave identically, and I d
--On Sunday, July 21, 2019 10:02 PM +0100 Howard Chu wrote:
As I already said: there is no reason for the syncrepl consumer and
back-ldap to behave identically. The manpages are correct in each case.
I've never said they should behave identically, and I do not fathom why you
are so focussed
On Sun, Jul 21, 2019 at 10:18:37AM -0700, Quanah Gibson-Mount wrote:
Generally, it seems to me we at the least have a documentation bug, in
that back-ldap(5) and the syncrepl section of
slapd.conf(5)/slapd-config(5) should note that they will rely on
ldap.conf(5) in the absence of TLS (and poss
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu wrote:
>
>>> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu
>>> wrote:
>>>
The behavior is supposed to be exactly as specified in the manpages.
>>>
>> A syncrepl consumer is an LDAP client. A back-lda
On Sun, Jul 21, 2019 at 10:18:37AM -0700, Quanah Gibson-Mount wrote:
> Now you are providing conflicting answers. The man page for back-ldap makes
> zero reference to ldap.conf(5). It only mentions slapd.conf(5). The
> syncrepl section of slapd.conf(5)/slapd-config(5) only mention the
> network-
--On Sunday, July 21, 2019 3:37 PM +0100 Howard Chu wrote:
--On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu
wrote:
The behavior is supposed to be exactly as specified in the manpages.
A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP
client.
Now you are providin
On 7/21/19 3:37 PM, Howard Chu wrote:
A syncrepl consumer is an LDAP client. A back-ldap backend is an LDAP client.
Yes, of course.
But both behaved differently regarding usage of ldap.conf before 6f623df
(ITS#8427).
Quanah's question is:
Is it generally required that all slapd-internal LDA
Quanah Gibson-Mount wrote:
> --On Sunday, July 21, 2019 2:51 AM +0100 Howard Chu wrote:
>
>> The behavior is supposed to be exactly as specified in the manpages.
>>
>> There is no reason to expect back-ldap and syncrepl to be exactly alike;
>> they perform different functions.
>
> You missed the
On Sun, Jul 21, 2019 at 1:50 PM Michael Ströder
wrote:
> On 7/20/19 8:45 PM, Nikos Voutsinas wrote:
> > Weird... My build of OPENLDAP_REL_ENG_2_4_48 on Debian/Buster against
> > openssl was working, without using the olcTLSCACertificateFile.
>
> Why that happens is a good question.
>
> You probab
On 7/20/19 6:07 PM, Ryan Tandy wrote:
> On Sat, Jul 20, 2019 at 12:13:38PM +0200, Michael Ströder wrote:
>> The question is whether this is still revelavant with OpenSSL 3.0.0
>> moving to Apache-2.0 license [1]. [2] says APL-2.0 is not compatible
>> with GPLv2 though.
>
> Unfortunately that's cor
On 7/20/19 8:45 PM, Nikos Voutsinas wrote:
> Weird... My build of OPENLDAP_REL_ENG_2_4_48 on Debian/Buster against
> openssl was working, without using the olcTLSCACertificateFile.
Why that happens is a good question.
You probably have to dig a bit deeper and examine whether the OpenSSL
lib initi
On 7/21/19 4:32 AM, Quanah Gibson-Mount wrote:
> You missed the point. It wasn't about syncrepl vs back-ldap, it was
> about whether or not *anything* used in slapd should ever pull in data
> from ldap.conf.
From my understanding up to now ldap.conf was used in back-ldap and
people make use of it
16 matches
Mail list logo
