[Date Prev][Date Next]
Re: ldap.conf TLS
Now that we have StartTLS, it's possible to implement the "Try"
and "Demand" levels using StartTLS. Is it worth doing?
Isn't this what -Z and -ZZ do on the client-side already?
What would really be useful (for me :-) anyway) is the ability to demand
TLS on the server side. I'd like to allow connections to port 389, but
demand that clients STARTTLS before any requests are processed. (Even
better would be to allow anonymous requests without TLS, but require TLS
for authentication!) (I think a basic TLS requirement is already
possible with SASL auth using sasl_minimum_layer, but not outside of