[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force client to use TLS



Kurt D. Zeilenga wrote:
At 12:28 PM 9/28/2006, Michael Häusler wrote:
In other words: Is there something I can put into ldap.conf, so
that I don't have to give the -Z switch to the commandline
utilities (e.g. a URI like ldap+tls://ldap.example.com)?

You can use an ldaps:// URI to enable use of LDAP over TLS, but there here is no ldap.conf(5) option to enable use of the LDAP StartTLS operation.

Thank you very much for your fast answer.

I am curious: is there a difference between StartTLS and LDAPS, that makes such an ldap.conf(5) option difficult? It seems to me that ldap.conf would be the natural place to configure the use of StartTLS. Imho, since LDAPS is deprecated, there is a need for such an option.

Best regards,
Michael