[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: HEADS UP: TLS "hard"

To: Stephen Frost <sfrost@snowman.net>
Subject: Re: HEADS UP: TLS "hard"
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 22 May 2003 10:34:03 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <20030522155155.GH8524@ns.snowman.net>
References: <Pine.LNX.4.53.0305221148230.27048@robin.uvm.edu> <5.2.0.9.0.20030521151324.02a427f0@127.0.0.1> <20030522133830.GG8524@ns.snowman.net> <Pine.LNX.4.53.0305221148230.27048@robin.uvm.edu>

The main problem with here is that ldap.conf is a defaulting
mechanism which should have no effect unless the application
asks for default behavior.  Most applications are actually
don't ask for default behavior, they ask for specific behavior.
They generally don't expect the library to be issuing LDAP
operations without their knowledge.

Kurt

At 08:51 AM 5/22/2003, Stephen Frost wrote:
>* Frank Swasey (Frank.Swasey@uvm.edu) wrote:
>> Is there some reason you do not want to use URI ldaps:// in your 
>> ldap.conf file?  That accomplishes the desired activity of making the 
>> connection be secure (by default).
>
>It'd require having another port open on my server and allowing
>connections to it through the firewall and ldaps should be dieing off
>anyway now that there is proper TLS support in the protocol.  I also
>wasn't sure if that did everything TLS does..
>
>        Stephen

Follow-Ups:
- Re: HEADS UP: TLS "hard"
  - From: Stephen Frost <sfrost@snowman.net>

References:
- Re: HEADS UP: TLS "hard"
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- HEADS UP: TLS "hard"
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: HEADS UP: TLS "hard"
  - From: Stephen Frost <sfrost@snowman.net>
- Re: HEADS UP: TLS "hard"
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: -lpthread problem?
Next by Date: Re: HEADS UP: TLS "hard"
Index(es):
- Chronological
- Thread