[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: force use of start_tls: how?

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: force use of start_tls: how?
From: Howard Chu <hyc@symas.com>
Date: Thu, 05 Jul 2007 16:14:08 -0700
Cc: Andreas Hasenack <ahasenack@terra.com.br>, openldap-software@openldap.org
In-reply-to: <hbf.20070705k3ke@bombur.uio.no>
References: <20070704144022.GH4688@mandriva.com.br> <20070704163011.GA7137@mandriva.com.br> <Pine.BSO.4.64.0707041218420.32309@vanye.mho.net> <200707050740.44930.ahasenack@terra.com.br> <hbf.20070705k3ke@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a7pre) Gecko/2007070305 SeaMonkey/2.0a1pre

Hallvard B Furuseth wrote:

Andreas Hasenack writes:

I realized by now it can't be done at the protocol level. But it could
be done by the client library. Not as a "mandatory" option, but an
initial default.  That would be sufficient for me.


Yes, a "TLS on/off" ldap.conf option.  We'd also need an anti-"-Z"
command line option too to turn it off.  Also it would be useful if the
-Z (and "TLS on") options were ignored when using 'ldaps:' URLs.

Indeed, that's what the TLS keyword was for in ldap.conf, with its try / demand / hard options, but it was never fully implemented. And then it was removed... -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

References:
- force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: force use of start_tls: how?
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: force use of start_tls: how?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: after openldap install
Next by Date: Re: error after OS upgrade
Index(es):
- Chronological
- Thread