https://bugzilla.redhat.com/show_bug.cgi?id=221229
Description of problem: The EXTERNAL SASL mech should only be advertised to clients if the server has a useful mapping to attach it to. For example, if SSL client certificate matching is configured, or if ldapi:// support is implemented, and getpeername() is available. Version-Release number of selected component (if applicable): Fedora DS 1.0.4 How reproducible: Every time Steps to Reproduce: 1. Setup a default install of fedora DS 2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection 3. Notice that EXTERNAL is listed Actual results: supportedsaslmechanisms: EXTERNAL ... Expected results: This should not appear Additional info: Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct behaviour.
batch update moving tickets to future
set default ticket origin to Community
Added initial screened field value.
Metadata Update from @rmeggins: - Issue set to the milestone: FUTURE
Pretty sure we now always advertise external no matter what as it's part of the ldap spec somewhere. I'm going to close this as a result.
Metadata Update from @firstyear: - Custom field component reset (from Security - SASL) - Custom field reviewstatus reset (from Needs Review) - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/220
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: invalid)
Login to comment on this ticket.