[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension



Volker Lendecke wrote:
> On Sun, Oct 05, 2008 at 07:35:16PM -0700, Howard Chu wrote:
>> We really ought to have a way to allow clients to make libldap use StartTLS 
>> without having to code their own calls into libldap for that purpose. I 
>> think it would be useful to allow specifying StartTLS in the extension 
>> field of the LDAP URL. Then at least it can be configured into ldap.conf 
>> forgotten about.
>>
>> The code for ldap_initialize() should look for the URL extension field, and 
>> act on it if StartTLS / 1.3.6.1.4.1.1466.20037 is present.
>>
>> Any comments?
> 
> Not that I have any word in LDAP development, but this
> sounds *very* useful :-)

Yes I also find it useful. Not sure whether it should be within
ldap_initialize() or just in the client apps though.

The first could be problematic if client applications just read the LDAP
URI from some configuration file and pass it as is to ldap_initialize()
and after that call ldap_start_tls() a second time based on different
configuration parameters.

Ciao, Michael.