[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap.conf TLS

To: "Howard Chu" <hyc@highlandsun.com>
Subject: Re: ldap.conf TLS
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 16 Jun 2002 21:11:19 -0700
Cc: <openldap-devel@OpenLDAP.org>
In-reply-to: <NMEFLNHODBAOPDKNNJALKEDHDBAA.hyc@highlandsun.com>

At 08:54 PM 2002-06-16, Howard Chu wrote:
>Not to muddy the waters too much, but I note that the original intention of
>the "TLS" config keyword was to allow multiple degrees of configuration.

Was "TLS" ever meant to be exposed via ldap.conf?  I thought
that LDAP_OPT_X_TLS was meant to be used to enable ldaps://
programmatically.  That is, the only values of "TLS" which
make sense are "never" and "hard", e.g. ldap:// v ldaps://.

>At
>the time it was first implemented, there wasn't a lot of room for
>flexibility. Now that we have StartTLS, it's possible to implement the "Try"
>and "Demand" levels using StartTLS. Is it worth doing?

Start TLS shouldn't depend on LDAP_OPT_X_TLS.

>(Set to "Try" and a StartTLS request is sent at the beginning of a session;
>if it fails the session proceeds normally. Set to "Demand" and if the
>StartTLS fails the session fails.)

I rather not issue LDAP operations implicitly.

Follow-Ups:
- RE: ldap.conf TLS
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- ldap.conf TLS
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: ldap.conf TLS
Next by Date: Re: ldap.conf TLS
Index(es):
- Chronological
- Thread