[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#6642

To: openldap-its@OpenLDAP.org
Subject: ITS#6642
From: masarati@aero.polimi.it
Date: Wed, 8 Sep 2010 15:36:15 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

The problem is slightly different: the tls_* parameters of idassert are
ignored unless TLS is started for other reasons.  I believe back-meta
needs to automatically start TLS for those connections created by idassert
when idassert requires TLS for authentication.  You can work this around
by setting

tls start

this forces TLS to be started on all connections (tls try-start will fall
back to non-TLS if it cannot be started).

I note that there is an asymmetry between back-ldap and back-meta: the
former allows to configure specific tls_* parameters for the "tls"
statement.

However, also back-ldap seems to require the "tls" statement to honor
EXTERNAL TLS-based idassert.

p.

Prev by Date: (ITS#6643) back-meta silently retries anonymously in case of idassert with auth method not supported
Next by Date: Re: (ITS#6638) ldapseach segfault on OSX
Index(es):
- Chronological
- Thread