view mod_lib_ldap/dev/slapd.conf @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 1f45cef9e5c7
children
line wrap: on
line source

include		/etc/openldap/schema/core.schema
# I needed the following two schema definitions for posixGroup; if you don't
# need it, don't include them
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
# needed for inetOrgPerson so I can test jpegPhoto
include         /etc/openldap/schema/inetorgperson.schema

pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
database	bdb
suffix		"dc=example,dc=com"
rootdn		"cn=Manager,dc=example,dc=com"
rootpw		prosody
directory	/var/lib/openldap/openldap-data
index	objectClass	eq