[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: force use of start_tls: how?

To: Andreas Hasenack <ahasenack@terra.com.br>
Subject: Re: force use of start_tls: how?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 5 Jul 2007 14:07:07 +0200
Cc: openldap-software@openldap.org
In-reply-to: <200707050740.44930.ahasenack@terra.com.br>
References: <20070704144022.GH4688@mandriva.com.br> <20070704163011.GA7137@mandriva.com.br> <Pine.BSO.4.64.0707041218420.32309@vanye.mho.net> <200707050740.44930.ahasenack@terra.com.br>

Andreas Hasenack writes:
> I realized by now it can't be done at the protocol level. But it could
> be done by the client library. Not as a "mandatory" option, but an
> initial default.  That would be sufficient for me.

Yes, a "TLS on/off" ldap.conf option.  We'd also need an anti-"-Z"
command line option too to turn it off.  Also it would be useful if the
-Z (and "TLS on") options were ignored when using 'ldaps:' URLs.

-- 
Regards,
Hallvard

Follow-Ups:
- Re: force use of start_tls: how?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: force use of start_tls: how?
  - From: Howard Chu <hyc@symas.com>

References:
- force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>

Prev by Date: Problem with mysql backend
Next by Date: Re: Lock is no longer valid / deferring operation
Index(es):
- Chronological
- Thread