[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6190) back-meta tls start only works when set before any target specification
Full_Name: Stephan Duehr
Version: 2.4.16
OS: SLES 10 SP2
URL:
Submission from: (NULL) (84.44.166.251)
I specified tls start below each target specification and did not find any
STARTTLS in the targets log, running at loglevel 256.
man slapd-meta says:
tls {[try-]start|[try-]propagate}
execute the StartTLS extended operation when the connection is
initialized; only works if the URI directive protocol scheme is
not ldaps://. propagate issues the StartTLS operation only if
the original connection did. The try- prefix instructs the
proxy to continue operations if the StartTLS operation failed;
its use is highly deprecated. If set before any target
specification, it affects all targets, unless overridden by any
per-target directive.
So it should work when set for a target.
I verified the behavior by removing start tls before any target specfication
and setting it below each target, which resulted in not STARTTLS being sent
again.