[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL



Markus Moeller wrote:
But it is allowed to be set in ldap.conf,

That doesn't necessarily mean anything. Lots of things can be set in ldap.conf that don't mean anything at all, since the parser ignores any keywords it doesn't recognize.


What evidence do you have that this particular setting actually does anything? A quick scan of the source code proves that it actually does nothing.

so why can't or shouldn't I be able to set it in my client without the pain of checking all the different config files ldap.conf, .ldaprc, ldaprc ... I'd like to be able to control my client options without the use of config files.

Go ahead and do that then. But don't waste time with options that don't actually have any meaning.

Regards Markus

----- Original Message ----- From: "Howard Chu" <hyc@symas.com>
To: "Markus Moeller" <huaraz@moeller.plus.com>
Cc: <openldap-software@openldap.org>
Sent: Tuesday, June 19, 2007 12:01 AM
Subject: Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL



Markus Moeller wrote:
Does anybody have some sample code of how to use LDAP_OPT_X_TLS_ALLOW in a client program with ldap_start_tls_s ?
Is it a bug if it doesn't work ?
The LDAP_OPT_X_TLS option is incompatible with ldap_start_tls. You cannot use both together. In general, the LDAP_OPT_X_TLS option is deprecated and should not be used at all.

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/