[Date Prev][Date Next]
Re: force use of start_tls: how?
On Jul 5, 2007, at 10:39 AM, Buchan Milne wrote:
IMHO, a non-working solution (e.g. where encryption can't be forced
client side) cannot be the only alternative for a feature supposedly
deprecated (ldaps, where it is possible).
It's not intended that there be a way to force use of ldaps:// or
ldap.conf(5) provides defaults, not as a policy statement mechanism.
defaults are intended only to be used when the user has not specified
wants to do. For instance, the URI is only used if the user doesn't
a -H (or -h) option.
If the user cannot override the default, it's not a default! Some
added that the user cannot override. These should be considered flawed.
As I'm sure I've noted many times before, if I had to do it over
again, there would
be no ldap.conf(5). The library should be dealing with program
defaults. The program
should be. The library should expect the program to provide all the
library needs to operate well. But I digress...
At a minimum, there should be some way to force start_tls for
utilities before claiming a feature is deprecated.
(Yes, this has been irritating me for a long time too ...).