[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS URL extension

To: Howard Chu <hyc@symas.com>
Subject: Re: StartTLS URL extension
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 06 Oct 2008 13:34:24 +0200
Cc: OpenLDAP-devel@openldap.org
In-reply-to: <E1KmiYZ-003VPH-Eu@intern.SerNet.DE>
References: <48E97964.6070300@symas.com> <E1KmiYZ-003VPH-Eu@intern.SerNet.DE>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 SeaMonkey/1.1.12

Volker Lendecke wrote:
> On Sun, Oct 05, 2008 at 07:35:16PM -0700, Howard Chu wrote:
>> We really ought to have a way to allow clients to make libldap use StartTLS 
>> without having to code their own calls into libldap for that purpose. I 
>> think it would be useful to allow specifying StartTLS in the extension 
>> field of the LDAP URL. Then at least it can be configured into ldap.conf 
>> forgotten about.
>>
>> The code for ldap_initialize() should look for the URL extension field, and 
>> act on it if StartTLS / 1.3.6.1.4.1.1466.20037 is present.
>>
>> Any comments?
> 
> Not that I have any word in LDAP development, but this
> sounds *very* useful :-)

Yes I also find it useful. Not sure whether it should be within
ldap_initialize() or just in the client apps though.

The first could be problematic if client applications just read the LDAP
URI from some configuration file and pass it as is to ldap_initialize()
and after that call ldap_start_tls() a second time based on different
configuration parameters.

Ciao, Michael.

Follow-Ups:
- Re: StartTLS URL extension
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- StartTLS URL extension
  - From: Howard Chu <hyc@symas.com>
- Re: StartTLS URL extension
  - From: Volker Lendecke <Volker.Lendecke@SerNet.DE>

Prev by Date: Re: StartTLS URL extension
Next by Date: Re: StartTLS URL extension
Index(es):
- Chronological
- Thread