#220 EXTERNAL should not be advertised unless useful
Closed: wontfix 4 years ago Opened 9 years ago by rmeggins.

https://bugzilla.redhat.com/show_bug.cgi?id=221229

Description of problem:
The EXTERNAL SASL mech should only be advertised to clients if the server has a
useful mapping to attach it to.  For example, if SSL client certificate
matching
is configured, or if ldapi:// support is implemented, and getpeername() is
available.

Version-Release number of selected component (if applicable):
Fedora DS 1.0.4

How reproducible:
Every time

Steps to Reproduce:
1. Setup a default install of fedora DS
2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection
3. Notice that EXTERNAL is listed

Actual results:
supportedsaslmechanisms: EXTERNAL
...

Expected results:
This should not appear

Additional info:

Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct
behaviour.

batch update moving tickets to future

set default ticket origin to Community

Added initial screened field value.

Metadata Update from @rmeggins:
- Issue set to the milestone: FUTURE

4 years ago

Pretty sure we now always advertise external no matter what as it's part of the ldap spec somewhere. I'm going to close this as a result.

Metadata Update from @firstyear:
- Custom field component reset (from Security - SASL)
- Custom field reviewstatus reset (from Needs Review)
- Issue close_status updated to: invalid
- Issue status updated to: Closed (was: Open)

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/220

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: invalid)

a year ago

Login to comment on this ticket.

Metadata