[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: force use of start_tls: how?

Andreas Hasenack writes:
> I realized by now it can't be done at the protocol level. But it could
> be done by the client library. Not as a "mandatory" option, but an
> initial default.  That would be sufficient for me.

Yes, a "TLS on/off" ldap.conf option.  We'd also need an anti-"-Z"
command line option too to turn it off.  Also it would be useful if the
-Z (and "TLS on") options were ignored when using 'ldaps:' URLs.