[Date Prev][Date Next]
(ITS#5039) Support config for start_tls in ldap.conf
Full_Name: Andreas Hasenack
Submission from: (NULL) (126.96.36.199)
This is an enhancement request.
It would be helpfull if there were some configuration option for
/etc/openldap/ldap.conf to mimic the -ZZ command line, that is, behave as if the
user added -ZZ to it. Perhaps something along the lines of the sasl secprops, or
the server's "security" keyword.
My scenario is that it doesn't matter if I block clear text communication with
the ldap server via ACL or security: if the client initiates a simple bind
operation in clear text, the password is exposed even if the server rejects the
The point here is to avoid accidents, like leaving out the -ZZ option when doing
command line operations. It would be like an initial default. It also saves
typing, of course ;)
I can easily workaround this with shell aliases, or wrapper scripts, of course.
That's why this is an enhancement request.