[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7744) [Patch] TLS_REQCERT section in ldap.conf is confusing

To: openldap-its@OpenLDAP.org
Subject: (ITS#7744) [Patch] TLS_REQCERT section in ldap.conf is confusing
From: jsynacek@redhat.com
Date: Wed, 13 Nov 2013 12:49:40 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jan Synacek
Version: master
OS: Linux - Fedora 19
URL: http://jsynacek.fedorapeople.org/openldap/jsynacek-20131113-0001-Fix-client-manpage.patch
Submission from: (NULL) (209.132.186.34)


Quoting ldap.conf(5):

TLS_REQCERT <level>
...
   try    The  server  certificate  is  requested. If no certificate is
provided, the session proceeds normally. If a bad certificate is provided, the
session is immediately terminated.

There is currently no way how to "provide no server certificate" and
successfully connect via a client (e.g. ldapsearch).

For additional discussion, see
http://www.openldap.org/lists/openldap-technical/201311/msg00099.html.

Prev by Date: Re: (ITS#7723) slapd crashes on multi core machines if a search request is *immediately* followed by an unbind
Next by Date: (ITS#7745) olcAuthzRegexp lowers cases substitution variables
Index(es):
- Chronological
- Thread