[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force client to use TLS

At 01:15 PM 9/28/2006, Michael Häusler wrote:
>I am curious: is there a difference between StartTLS and LDAPS, that makes such an ldap.conf(5) option difficult?

ldap.conf(5) was designed to provide defaults to be used only
when the user requested use of the default.  For instance, the
URI default is only used when the user requests the command
line to use the default (by not providing a -H option).  If
one were to add an option to ldap.conf(5) to provide a StartTLS
default, maybe "StartTLS [no|yes|auto|critical]", there should
to be command line flag that says "use the StartTLS default".

- Kurt