Re: commit: ldap/servers/slapd config.c syncrepl.c

[Howard Chu <hyc@symas.com>]

Quanah Gibson-Mount wrote:
> --On Tuesday, December 08, 2009 3:44 PM +0100 Ralf Haferkamp
> <rhafer@suse.de>  wrote:
>
> > Am Dienstag 08 Dezember 2009 13:50:21 schrieb Hallvard B Furuseth:
> > > hyc@OpenLDAP.org writes:
> > > > ITS#6419 also init for ldaps:// URIs
> > >
> > > Does it work for ldapi:// as well?  (And should it?)  I seem to
> > > remember StartTLS does work for ldapi, though I don't know what
> > > a sensible host name in the server cert would be in that case.
> > If StartTLS works for ldapi:// (I never tried it). The ITS#6419 should
> > work in  the ldapi:// case as a "start_tls=critical|yes" would need to be
> > present in  the bindconf. That will trigger tls initialization as well.
> > Have a look at the  previous config.c  commit (1.509) for details.
>
>
> [zimbra@freelancer ~]$ ldapsearch -x -ZZ -H ldapi:///
> # extended LDIF

Of course it works. The more interesting question is what would ldapwhoami 
report, if you did a SASL/EXTERNAL Bind, and what ssf does slapd use as a 
result...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/