[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.1.21-2 Simple Bind over TLS still sending ClearText (Box is client to itself)
Christmas is exactly 5 months away and your provider is "snowman", so maybe
there's a chance the feature will be there by Christmas. You never know
:-). Positive vibes, man, positive vibes ...
Cheers,
Kent Soper
Stephen Frost
<sfrost@snowman.net> To: Kent Soper/Austin/IBM@IBMUS
Sent by: cc: openldap-software@OpenLDAP.org
owner-openldap-software@O Subject: Re: OpenLDAP 2.1.21-2 Simple Bind over TLS still sending ClearText (Box is
penLDAP.org client to itself)
07/25/2003 12:59 PM
* Kent Soper (dksoper@us.ibm.com) wrote:
> First of all, the "ssl start_tls" in your ldap.conf doesn't do anything.
> Therefore everything is in the clear without "-ZZ" flag. It's a PAM
> directive that goes into a PAM ldap.conf. That one has bitten a lot of
> people, me included. No way to start TLS from within your OpenLDAP conf
> file. I hope someone disagrees with me here because I would like to use
> that feature.
I wholeheartedly agree but I don't think it's going to happen from the
impression I've been given by the OpenLDAP people. From what I
understand the problem is that StartTLS is a command in LDAP and the
developers don't feel it's appropriate for the library to be sending
commands. My opinion on this is that the library can and should send
commands immediately after connection even as the library if asked to.
I'd be happy to hear if I've misinterpreted or misunderstood.
Stephen