[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Should slurpd also support LDAPS without start_tls?

At 08:26 AM 6/10/2003, Mark.Benson@propero.net wrote:
>Maybe the replica bit of slapd.conf should have a "ssl=yes" option as an
>alternative to "tls=yes" in which case it would do an ldaps:// style bind.
>I've made this mod in slurpd to test it out. The changes are very small. 

Please note that the "s" in ldaps:// does not stand for SSL nor
does it necessarily imply use of SSL.  ldaps:// is commonly used
to negotiate TLS over TCP at session start.  StartTLS does generally
imply TLS, but most implementations also support fallback to SSL if

The "tls=" option implies Start TLS.  It likely should be renamed
to "starttls=" (as previously suggested).

To add ldaps:// support (for TLS and SSL), it would be better to
do this via addition of a URI parameter that deprecated the
HOST parameter.

Patches welcomed.