Subscribing for notification when an entry changes using SOAP
by anteneh assen
I need an application, which uses the directory server for storage, to be able to subscribe for notification when a specific kind entry/attribute/sub-tree is changed by another application(the application could be same kind of application or not). The application would use SOAP to send subscription request and receive the response. After the application has successfully subscribed for notification the DS should send a notification to the app using SOAP.
Is it possible to write code to implement this feature and if yes how hard would it be?
thank you
8 years
Please review (Take 2): [389 Project] #48784: Make the SSL version set to the client library configurable.
by Noriko Hosoi
https://fedorahosted.org/389/ticket/48784
https://fedorahosted.org/389/attachment/ticket/48784/0001-Ticket-48784-Ma...
git patch file (master) -- revised based upon the reviews by William
(Thanks!)
* Fixed a typo in an error message.
* Changed the return type of getSSLVersionRangeOL to void since there
is no need to check it.
Regarding the min value of SSL version range, please see the comments below.
On 04/06/2016 12:35 PM, 389 Project wrote:
> Comment (by nhosoi):
>
> The answer from the security team.
>
> On 04/04/2016 10:26 PM, Huzaifa Sidhpurwala wrote:
> > Currently, we are not aware of any attacks which are feasible against a
> > proper implementation of TLS 1.0 (openssl, nss, gnutls we ship). However
> > that being said, the safest option is always to use the highest version
> > available ie TLS 1.2 and fall back to lower versions only, if you cant
> > use 1.2.
> >
> >
> > The above is general advice in all cases. If you have a special case in
> > mind, let me know and we can discuss.
> >
> > My answer is based on the bits of information i got from the mail i was
> > copied on :)
>
> This is the access log snippet of the replication. As you see, even
> though the min value is TLS1.0 (or even setting to SSL3), the higherst
> available version is picked. So, we may not have to worry too much about
> it.
> {{{
> [..] conn=3 TLS1.2 128-bit AES-GCM; client CN=test.localdomain0,OU=389
> Directory Server; issuer CN=CAcert
> [..] conn=3 TLS1.2 client bound as uid=repl_mgr1,cn=config
> }}}
>
8 years