[Date Prev][Date Next]
Re: Should slurpd also support LDAPS without start_tls?
At 08:26 AM 6/10/2003, Mark.Benson@propero.net wrote:
>Maybe the replica bit of slapd.conf should have a "ssl=yes" option as an
>alternative to "tls=yes" in which case it would do an ldaps:// style bind.
>I've made this mod in slurpd to test it out. The changes are very small.
Please note that the "s" in ldaps:// does not stand for SSL nor
does it necessarily imply use of SSL. ldaps:// is commonly used
to negotiate TLS over TCP at session start. StartTLS does generally
imply TLS, but most implementations also support fallback to SSL if
The "tls=" option implies Start TLS. It likely should be renamed
to "starttls=" (as previously suggested).
To add ldaps:// support (for TLS and SSL), it would be better to
do this via addition of a URI parameter that deprecated the