[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: multiple listener ports

> As Julio pointed out, using TLS/SSL with SASL does not require
> second port!  LDAP OVER SSL (LDAPv2 style ldaps) does.  Though
> I am not sure of the need to support LDAP OVER SSL (give
> TLS/SSL with SASL), adding such, I guess, is no big deal.
No argument here.

> Long term, I actually would prefer we treat the "port"
> directory as defining the "default" port for listening
> but actually use "host" to define the bind() arguments.
> port 389		# default LDAP port
> sslport 636		# default LDAP over SSL port
> host ldap:/// \	# listen on LDAP port in LDAP mode
> 	ldaps:///	# listen on LDAPS port in LDAP over SSL mode
Given this "host" directive you don't even need a "port" directive,
since you could say

host	ldap://localhost:389/

Also, rather than listing a lot of bindings with a single directive, I still
think it would make sense to list options for individual bindings, e.g.:

host	ldap://localhost/	timeout 60
host	ldap://external-ip/	timeout 300