[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: force use of start_tls: how?

To: Andreas Hasenack <ahasenack@terra.com.br>
Subject: Re: force use of start_tls: how?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 4 Jul 2007 19:18:55 +0200
Cc: openldap-software@openldap.org
In-reply-to: <20070704163011.GA7137@mandriva.com.br>
References: <20070704144022.GH4688@mandriva.com.br> <hbf.20070704tva0@bombur.uio.no> <20070704163011.GA7137@mandriva.com.br>

Andreas Hasenack writes:
>> URI		ldaps://fully.qualified.server-hostname/
>> TLS_CACERT	<file with the CA-certificate which signed the server cert>
>> TLS_REQCERT	demand
>
> The only problem is that I really want start_tls, and not ldaps (which
> is deprecated, right?).

Don't know.  It's nonstandard, anyway.  But I doubt it'll go away
anytime soon.  I can't find an ldap.conf statement to match '-ZZ'
either.

Note that if you do use 'URI ldaps://' in ldap.conf, you'll still be
able to use ldap:// on the command line if your server listens to it
after all.  But that's all I can think of.

-- 
Regards,
Hallvard

References:
- force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>

Prev by Date: Re: cmusaslsecretPLAIN attribute
Next by Date: Re: reference to other entry - question
Index(es):
- Chronological
- Thread