[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5039) Support config for start_tls in ldap.conf

Full_Name: Andreas Hasenack
Version: 2.3.36
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

This is an enhancement request.

It would be helpfull if there were some configuration option for
/etc/openldap/ldap.conf to mimic the -ZZ command line, that is, behave as if the
user added -ZZ to it. Perhaps something along the lines of the sasl secprops, or
the server's "security" keyword.

My scenario is that it doesn't matter if I block clear text communication with
the ldap server via ACL or security: if the client initiates a simple bind
operation in clear text, the password is exposed even if the server rejects the

The point here is to avoid accidents, like leaving out the -ZZ option when doing
command line operations. It would be like an initial default. It also saves
typing, of course ;)

I can easily workaround this with shell aliases, or wrapper scripts, of course.
That's why this is an enhancement request.