[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3507) patch to allow start TLS by back-ldap
ando@sys-net.it wrote:
>Feature enhancement: allow back-ldap to use starttls (see discussion on -devel:
><http://www.openldap.org/lists/openldap-devel/200501/msg00057.html>).
>
>This may be particularly useful in conjunction with remote servers that do not
>listen on ldaps:// or when chasing referrals with schema ldap:// via the chain
>overlay.
>
>
New version of the patch:
<http://www.sys-net.it/~ando/Download/backldap_start_tls-2.patch>, that
includes various fixes to the chain overlay, also discussed in
<http://www.openldap.org/lists/openldap-devel/200501/msg00077.html>.
Possible future developments are outlined in a comment:
/*
* TODO: add checks on who can chain what operations; e.g.:
* a) what identities are authorized
* b) what request DN (e.g. only chain requests rooted at <DN>)
* c) what referral URIs
* d) what protocol scheme (e.g. only ldaps://)
* e) what ssf
*/
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497