[Date Prev][Date Next]
RE: multiple listener ports
> As Julio pointed out, using TLS/SSL with SASL does not require
> second port! LDAP OVER SSL (LDAPv2 style ldaps) does. Though
> I am not sure of the need to support LDAP OVER SSL (give
> TLS/SSL with SASL), adding such, I guess, is no big deal.
No argument here.
> Long term, I actually would prefer we treat the "port"
> directory as defining the "default" port for listening
> but actually use "host" to define the bind() arguments.
> port 389 # default LDAP port
> sslport 636 # default LDAP over SSL port
> host ldap:/// \ # listen on LDAP port in LDAP mode
> ldaps:/// # listen on LDAPS port in LDAP over SSL mode
Given this "host" directive you don't even need a "port" directive,
since you could say
Also, rather than listing a lot of bindings with a single directive, I still
think it would make sense to list options for individual bindings, e.g.:
host ldap://localhost/ timeout 60
host ldap://external-ip/ timeout 300