[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3507) patch to allow start TLS by back-ldap

ando@sys-net.it wrote:

>Feature enhancement: allow back-ldap to use starttls (see discussion on -devel:
>This may be particularly useful in conjunction with remote servers that do not
>listen on ldaps:// or when chasing referrals with schema ldap:// via the chain

New version of the patch: 
<http://www.sys-net.it/~ando/Download/backldap_start_tls-2.patch>, that 
includes various fixes to the chain overlay, also discussed in 
Possible future developments are outlined in a comment:

         * TODO: add checks on who can chain what operations; e.g.:
         *   a) what identities are authorized
         *   b) what request DN (e.g. only chain requests rooted at <DN>)
         *   c) what referral URIs
         *   d) what protocol scheme (e.g. only ldaps://)
         *   e) what ssf


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497