[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-ldap and StartTLS

To: reinhard.e.voglmaier@gsk.com
Subject: Re: back-ldap and StartTLS
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Fri, 21 Jan 2005 17:53:03 +0100 (CET)
Cc: "openldap-devel" <openldap-devel@OpenLDAP.org>
Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=iuNJceTrbi1yrcamUbHEe11xKjTT7eI0cykqsJNn6uLcx9thONBJ916Rj2RpME6mJ 6U1LXf6xfwwIKOV4Y6lpw==
Importance: Normal
In-reply-to: <OF23418C8A.BD811239-ONC1256F90.005A4F30-C1256F90.005A8441@sb.com>
References: <41EF8AC3.8020608@sys-net.it> <OF23418C8A.BD811239-ONC1256F90.005A4F30-C1256F90.005A8441@sb.com>
User-agent: SquirrelMail/1.4.3a-1

> I myself think this is the job of the frontend, isn't it ?  Should the
> backend be concerned with this, may be I miss something,so how ?

I mean: when contacting the remote server, back-ldap uses the URI provided
in slapd.conf.  If a URI of the type ldaps:// is used, fine.  If ldap://
is used instead, the backend must be instructed to call ldap_start_tls_s()
after initialization.  Currently, it's not.  I prepared a patch for this,
I'd submit it later, unless there's a reason for the current behavior, or
there's another means to start TLS that I'm overlooking at present.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- back-ldap and StartTLS
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: back-ldap and StartTLS
  - From: reinhard.e.voglmaier@gsk.com

Prev by Date: Re: back-ldap and StartTLS
Next by Date: Re: entryDN not allowed in compare
Index(es):
- Chronological
- Thread