[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6419) bindconf parser doesn't apply tls-defaults as documented
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6419) bindconf parser doesn't apply tls-defaults as documented
- From: hyc@symas.com
- Date: Tue, 8 Dec 2009 10:53:41 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
rhafer@suse.de wrote:
> Am Montag 07 Dezember 2009 21:22:08 schrieb quanah@zimbra.com:
>> --On Monday, December 07, 2009 2:24 PM +0000 rhafer@suse.de wrote:
>>> ------------------------------------
>>> olcSyncrepl: {0}rid=1 provider="ldap://master/" searchbase="dc=test"
>>> type="refreshAndPersist" starttls=critical bindmethod="simple"
>>> binddn="uid=syncrepl,dc=test" credentials="XXXXXX"
>>> ------------------------------------
>>>
>>> Question is if this is a bug in the documentation or in the code. I think
>>> it's the latter.
>>
>> Howard believes this is fixed in head with servers/slapd/config.c 1.508 ->
>> 1.509. Can you please test and let us know the result?
> It solves the problem only partially. It still doesn't work when using
> "ldaps://" uris AFAICS.
The code was assuming that at least one of the other TLS config keywords would
also be used in these situations. Most of the time the slapd TLS config would
only be appropriate for server use, and would need to be overridden when
acting as a client.
Anyway, this is now fixed in HEAD.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/