[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: HEADS UP: TLS "hard"

* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote:
> I've removed the TLS "hard" option as it doesn't behave as
> a default but as an override.  That is, if a user explicitly
> asks to connect to ldap://ldap.example.com/ with -ZZ but there
> is "TLS hard" set, the library will attempt SSL negotiation
> despite being explicitly directed to use a different mechanism.
> It's likely possible to rewrite init such that "TLS hard"
> only affects the URI generated by HOST/PORT ldap.conf options...

I'd like to be able to have ldapsearch do '-ZZ' by default through some
configuration in ldap.conf.  I think I've complained about the lack of
this ability on one of the lists before.  I recall looking through the
code and discovering that it was unfortunately more difficult than I
would have expected to do that.


Attachment: pgpdAgAI6cVPO.pgp
Description: PGP signature