[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5039) Support config for start_tls in ldap.conf

To: openldap-its@OpenLDAP.org
Subject: (ITS#5039) Support config for start_tls in ldap.conf
From: ahasenack@terra.com.br
Date: Wed, 4 Jul 2007 17:35:31 GMT

Full_Name: Andreas Hasenack
Version: 2.3.36
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.140.247.98)


This is an enhancement request.

It would be helpfull if there were some configuration option for
/etc/openldap/ldap.conf to mimic the -ZZ command line, that is, behave as if the
user added -ZZ to it. Perhaps something along the lines of the sasl secprops, or
the server's "security" keyword.

My scenario is that it doesn't matter if I block clear text communication with
the ldap server via ACL or security: if the client initiates a simple bind
operation in clear text, the password is exposed even if the server rejects the
operation.

The point here is to avoid accidents, like leaving out the -ZZ option when doing
command line operations. It would be like an initial default. It also saves
typing, of course ;)

I can easily workaround this with shell aliases, or wrapper scripts, of course.
That's why this is an enhancement request.

Prev by Date: Re: (ITS#5037) slapd-bdb filterindex.c: out of order if statement in filter
Next by Date: Re: (ITS#5032) cannot build on x86_64, needs newer libtool
Index(es):
- Chronological
- Thread