nitnelave

Getting the password (hashes) from LDAP is not recommended, both in terms of security (you don't want to spread them everywhere and increase the attack surface) and compatibility (not every...

Out of curiosity, would something like https://github.com/lldap/lldap/issues/701 help? Otherwise, I propose another solution: make the healthcheck target configurable. That way you can choose yourself between options 2 or 3.

`ldap_host` is somewhat misnamed, it's the listen address. Healthcheck is hardcoded to listen to localhost.

Hey, thanks for your opinions on the matter! That gave me food for thought. Here's what I'm currently thinking: - I _really, really_ don't want to break people's config, especially...

Sorry, I'm just now having another look at the bug: there's nothing that cares about the file extension, it's not about .pem or .key or .crt. In both cases, I...

How do you configure it? How do you set the environment variables, or the values in the config file?

See the key reading code here: https://github.com/lldap/lldap/blob/6f905b1ca9cbf15a460510fe5ba5eba159cf9f90/server/src/infra/ldap_server.rs#L107-L149 Most importantly, all the functions trying to read a key are called with `&mut BufReader::new(File::open(&ldaps_options.cert_file)?)` as an argument: they don't receive the file...

Hmm, is there any relevant logging from sssd? Otherwise, I'd be curious to see a packet capture (with tcpdump) of the LDAP traffic to LLDAP

Sorry @vincentDcmps the link has expired, could you re-upload it if you still have it?

Alright, found the culprit: "controlType: 1.3.6.1.4.1.42.2.27.8.5.1 (passwordPolicy)". I'll talk with @FirstYear to see what we can do at the parsing level.