[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6190) back-meta tls start only works when set before any target specification

To: openldap-its@OpenLDAP.org
Subject: (ITS#6190) back-meta tls start only works when set before any target specification
From: stephan.duehr@dass-it.de
Date: Tue, 30 Jun 2009 18:12:06 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Stephan Duehr
Version: 2.4.16
OS: SLES 10 SP2
URL: 
Submission from: (NULL) (84.44.166.251)


I specified tls start below each target specification and did not find any
STARTTLS in the targets log, running at loglevel 256.

man slapd-meta says:
       tls {[try-]start|[try-]propagate}
	      execute the StartTLS extended operation when the	connection  is
	      initialized;  only works if the URI directive protocol scheme is
	      not ldaps://.  propagate issues the StartTLS operation  only  if
	      the  original  connection  did.	The  try- prefix instructs the
	      proxy to continue operations if the StartTLS  operation  failed;
	      its  use	is  highly  deprecated.   If  set  before  any	target
	      specification, it affects all targets, unless overridden by  any
	      per-target directive.

So it should work when set for a target.

I verified the behavior by removing start tls before any target specfication
and setting it below each target, which resulted in not STARTTLS being sent
again.

Prev by Date: Re: (ITS#6084) ppolicy should allow scheduled password expiration
Index(es):
- Chronological
- Thread