Re: How to get detailed connection error information?

2023-04-13 Thread Bastian Tweddell
On 13Apr23 17:33+, Jordan Brown wrote: > On 4/13/2023 9:28 AM, Quanah Gibson-Mount wrote: > > --On Thursday, April 13, 2023 5:22 PM + Jordan Brown > > wrote: > >> How can I get detailed information about connection errors - host not > >> found, timed out, connection refused, various TLS er

Re: How to get detailed connection error information?

2023-04-13 Thread Jordan Brown
On 4/13/2023 10:36 AM, Quanah Gibson-Mount wrote: > > > --On Thursday, April 13, 2023 6:33 PM + Jordan Brown > wrote: > >> I'm already dumping that.  But it is not very detailed.  I believe >> that's what ldapsearch is dumping; here's some sample output in various >> error cases: > > Those are

Re: pcache not working with dirx

2023-04-13 Thread A. Schulze
Am 13.04.23 um 18:17 schrieb Quanah Gibson-Mount: --On Wednesday, April 12, 2023 11:31 AM +0200 "A. Schulze" wrote: One upstream server is DirX, No idea what DIRX is. Hi Quannah, Sorry for assuming things that may be unclear for others. DirX is an X500 Server that is also accessib

Re: Argon2-Support or secure hashing

2023-04-13 Thread Andreas Hasenack
Hi, On Thu, Apr 13, 2023 at 2:32 PM Braiam wrote: > On Thu, Apr 13, 2023 at 12:19 PM Quanah Gibson-Mount > wrote: > > This is an annoying bit about the Debian/Ubuntu builds as > > they strip that information out of the binary. > > I was curious about that, and Debian doesn't strip that informa

Re: How to get detailed connection error information?

2023-04-13 Thread Quanah Gibson-Mount
--On Thursday, April 13, 2023 6:33 PM + Jordan Brown wrote: I'm already dumping that.  But it is not very detailed.  I believe that's what ldapsearch is dumping; here's some sample output in various error cases: Those are the result codes that are provided to the client per RFC. Fee

Re: Argon2-Support or secure hashing

2023-04-13 Thread Quanah Gibson-Mount
--On Thursday, April 13, 2023 2:05 PM -0400 Braiam wrote: On Thu, Apr 13, 2023 at 12:19 PM Quanah Gibson-Mount wrote: This is an annoying bit about the Debian/Ubuntu builds as they strip that information out of the binary. I was curious about that, and Debian doesn't strip that informa

Re: How to get detailed connection error information?

2023-04-13 Thread Jordan Brown
On 4/13/2023 9:28 AM, Quanah Gibson-Mount wrote: > --On Thursday, April 13, 2023 5:22 PM + Jordan Brown > wrote: >> How can I get detailed information about connection errors - host not >> found, timed out, connection refused, various TLS errors, et cetera? >

Re: Argon2-Support or secure hashing

2023-04-13 Thread Braiam
On Thu, Apr 13, 2023 at 12:19 PM Quanah Gibson-Mount wrote: > This is an annoying bit about the Debian/Ubuntu builds as > they strip that information out of the binary. I was curious about that, and Debian doesn't strip that information[1]: ldapadd -V ldapadd: @(#) $OpenLDAP: ldapmodify 2.5.13+d

Re: How to get detailed connection error information?

2023-04-13 Thread Jordan Brown
On 4/13/2023 9:20 AM, Quanah Gibson-Mount wrote: > --On Tuesday, April 11, 2023 3:54 AM + Jordan Brown > wrote: >> How can I get detailed information about connection errors - host not >> found, timed out, connection refused, various TLS errors, et cetera? > Generally, use stats level logging

Re: How to get detailed connection error information?

2023-04-13 Thread Quanah Gibson-Mount
--On Thursday, April 13, 2023 5:22 PM + Jordan Brown wrote: On 4/13/2023 9:20 AM, Quanah Gibson-Mount wrote: --On Tuesday, April 11, 2023 3:54 AM + Jordan Brown wrote: How can I get detailed information about connection errors - host not found, timed out, connection refused, v

Re: How to get detailed connection error information?

2023-04-13 Thread Quanah Gibson-Mount
--On Tuesday, April 11, 2023 3:54 AM + Jordan Brown wrote: How can I get detailed information about connection errors - host not found, timed out, connection refused, various TLS errors, et cetera? Generally, use stats level logging and then parse the logs for them. --Quanah

Re: Argon2-Support or secure hashing

2023-04-13 Thread Quanah Gibson-Mount
--On Tuesday, April 11, 2023 9:17 PM + Lukas Adrian Kron wrote: As there is no other secure usable password hashing installed the LDAP Server is right now insecure and I cannot move it to production You've not really provided any information on how you're configuring it, or if the O

Re: pcache not working with dirx

2023-04-13 Thread Quanah Gibson-Mount
--On Wednesday, April 12, 2023 11:31 AM +0200 "A. Schulze" wrote: One upstream server is DirX, No idea what DIRX is. One glitch I found in the Documentation at https://www.openldap.org/doc/admin26/guide.html#The%20Proxy%20Cache%20Eng ine Under "12.9.2.4. Example for slapd.conf" the is

Re: meaning of bind_ssf

2023-04-13 Thread Quanah Gibson-Mount
--On Thursday, April 13, 2023 10:31 AM +0200 Stefan Kania wrote: Because the SSF of GSSAPI is hard coded to be 56.  With MIT kerberos they eventually fixed this, but it's still not fixed in Heimdal (last I checked, but haven't checked the status of that bug report in a while). Once that is

Re: meaning of bind_ssf

2023-04-13 Thread Stefan Kania
Am 12.04.23 um 23:39 schrieb Quanah Gibson-Mount: --On Wednesday, April 12, 2023 3:16 PM +0200 Stefan Kania wrote: Hi to all, when I connect to openldap, with simple-bind I see: --- mech=SIMPLE bind_ssf=0 ssf=256 So there is no security factor for a SIMPLE bind mechanism.  The