[389-users] Re: Disable LDAPv2

2021-02-09 Thread William Brown 


> On 10 Feb 2021, at 09:28, Mark Reynolds  wrote:
> 
> 
> On 2/8/21 6:45 PM, William Brown wrote:
>> 
>>> On 9 Feb 2021, at 08:39, Mark Reynolds  wrote:
>>> 
>>> 
>>> On 2/8/21 4:21 AM, Sahin, Erhan wrote:
 Hello everyone,
 
 is it possible to deactivate LDAPv2 completely on server side and only 
 allow LDAPv3?
>>> There is no way to do that at this time.  Just curious, what are your 
>>> reasons for wanting to deactivate it?
>> It's a reasonable point I guess, it's just more surface area that gets 
>> minimal testing. We should probably remove ldapv2 entirely TBH.
> 
> Apparently LDAP V2 was retried back in 2003 :-) 
> https://tools.ietf.org/html/rfc3494
> 
> If that's the case we could remove support for it (instead of adding a new 
> config setting).  We should open a ticket to investigate this...

https://github.com/389ds/389-ds-base/issues/4606




> 
> Mark
> 
>> 
>>> Mark
 Stay safe!
 
 Best regards
 
 
 ___
 389-users mailing list --
 389-users@lists.fedoraproject.org
 
 To unsubscribe send an email to
 389-users-le...@lists.fedoraproject.org
 
 Fedora Code of Conduct:
 https://docs.fedoraproject.org/en-US/project/code-of-conduct/
 
 List Guidelines:
 https://fedoraproject.org/wiki/Mailing_list_guidelines
 
 List Archives:
 https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>> -- 
>>> 
>>> 389 Directory Server Development Team
>>> 
>>> ___
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>>> Fedora Code of Conduct: 
>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: 
>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> —
>> Sincerely,
>> 
>> William Brown
>> 
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs, Australia
>> ___
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct: 
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: 
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> 
> -- 
> 
> 389 Directory Server Development Team

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Disable LDAPv2

2021-02-09 Thread Mark Reynolds 


On 2/8/21 6:45 PM, William Brown wrote:



On 9 Feb 2021, at 08:39, Mark Reynolds  wrote:


On 2/8/21 4:21 AM, Sahin, Erhan wrote:

Hello everyone,

is it possible to deactivate LDAPv2 completely on server side and only allow 
LDAPv3?

There is no way to do that at this time.  Just curious, what are your reasons 
for wanting to deactivate it?

It's a reasonable point I guess, it's just more surface area that gets minimal 
testing. We should probably remove ldapv2 entirely TBH.


Apparently LDAP V2 was retried back in 2003 :-) 
https://tools.ietf.org/html/rfc3494


If that's the case we could remove support for it (instead of adding a 
new config setting).  We should open a ticket to investigate this...


Mark




Mark

Stay safe!

Best regards


___
389-users mailing list --
389-users@lists.fedoraproject.org

To unsubscribe send an email to
389-users-le...@lists.fedoraproject.org

Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

--

389 Directory Server Development Team

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


--

389 Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Disable LDAPv2

2021-02-09 Thread Sahin, Erhan 
Hello Mark,


from a security point of view it would be less attack surface and in my case, 
everything supports LDAPv3.


Best regards,


Erhan


Von: Mark Reynolds 
Gesendet: Montag, 8. Februar 2021 23:39:26
An: General discussion list for the 389 Directory server project.; Sahin, Erhan
Cc: Both, Leif
Betreff: Re: [389-users] Disable LDAPv2

EXTERNAL SENDER: Do not click any links or open any attachments unless you 
trust the sender and know the content is safe.
EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe à 
moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez 
l'assurance que le contenu provient d'une source sûre.



On 2/8/21 4:21 AM, Sahin, Erhan wrote:

Hello everyone,


is it possible to deactivate LDAPv2 completely on server side and only allow 
LDAPv3?

There is no way to do that at this time.  Just curious, what are your reasons 
for wanting to deactivate it?


Mark


Stay safe!


Best regards



___
389-users mailing list -- 
389-users@lists.fedoraproject.org
To unsubscribe send an email to 
389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: 
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


--

389 Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org