[Date Prev][Date Next]
Re: ldaprc with ldaps:// and ldap:// fallback
Dan White <firstname.lastname@example.org> wrote:
> TLS_REQCERT: try
> In this case, EXTERNAL should only be offered after successful TLS
> negotiation, or over a unix domain socket.
> If TLS negotiation fails, then a SASL bind won't work without selecting
> another mechanism.
But Idap.conf(5) says "The server certificate is requested. If no
certificate is provided, the session proceeds normally. ", which
suggests that the TLS negociation may succeed without a server
certificate being sent. Is that wrong?