[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3507) patch to allow start TLS by back-ldap

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3507) patch to allow start TLS by back-ldap
From: ando@sys-net.it
Date: Sun, 23 Jan 2005 23:03:49 GMT

ando@sys-net.it wrote:

>Feature enhancement: allow back-ldap to use starttls (see discussion on -devel:
><http://www.openldap.org/lists/openldap-devel/200501/msg00057.html>).
>
>This may be particularly useful in conjunction with remote servers that do not
>listen on ldaps:// or when chasing referrals with schema ldap:// via the chain
>overlay.
>  
>

New version of the patch: 
<http://www.sys-net.it/~ando/Download/backldap_start_tls-2.patch>, that 
includes various fixes to the chain overlay, also discussed in 
<http://www.openldap.org/lists/openldap-devel/200501/msg00077.html>.  
Possible future developments are outlined in a comment:

        /*
         * TODO: add checks on who can chain what operations; e.g.:
         *   a) what identities are authorized
         *   b) what request DN (e.g. only chain requests rooted at <DN>)
         *   c) what referral URIs
         *   d) what protocol scheme (e.g. only ldaps://)
         *   e) what ssf
         */

p.




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: (ITS#3509) ipv6 addr for ftp.openldap.org gives Connection Refused
Next by Date: (ITS#3510) ACL evaluation short-circuit would be nice
Index(es):
- Chronological
- Thread