* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote: > I've removed the TLS "hard" option as it doesn't behave as > a default but as an override. That is, if a user explicitly > asks to connect to ldap://ldap.example.com/ with -ZZ but there > is "TLS hard" set, the library will attempt SSL negotiation > despite being explicitly directed to use a different mechanism. > > It's likely possible to rewrite init such that "TLS hard" > only affects the URI generated by HOST/PORT ldap.conf options... I'd like to be able to have ldapsearch do '-ZZ' by default through some configuration in ldap.conf. I think I've complained about the lack of this ability on one of the lists before. I recall looking through the code and discovering that it was unfortunately more difficult than I would have expected to do that. Stephen
Attachment:
pgpdAgAI6cVPO.pgp
Description: PGP signature