[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force client to use TLS

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Force client to use TLS
From: Michael Häusler <michael@akatose.de>
Date: Thu, 28 Sep 2006 22:15:46 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <7.0.1.0.0.20060928124839.03ab8038@OpenLDAP.org>
References: <20060628220800.nbkvgnvpvipcs0w4@webmail2.iut-bm.univ-fcomte.fr> <200606291520.40692.bgmilne@staff.telkomsa.net> <44A3F0DF.7030602@digipen.edu> <20060630094807.wzlba2clyn8kgskw@webmail2.iut-bm.univ-fcomte.fr> <451C226D.1080203@akatose.de> <7.0.1.0.0.20060928124839.03ab8038@OpenLDAP.org>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Kurt D. Zeilenga wrote:

At 12:28 PM 9/28/2006, Michael Häusler wrote:

In other words: Is there something I can put into ldap.conf, so
that I don't have to give the -Z switch to the commandline
utilities (e.g. a URI like ldap+tls://ldap.example.com)?


You can use an ldaps:// URI to enable use of LDAP over TLS, but there
here is no ldap.conf(5) option to enable use of the LDAP StartTLS
operation.


Thank you very much for your fast answer.

I am curious: is there a difference between StartTLS and LDAPS, that makes such an ldap.conf(5) option difficult? It seems to me that ldap.conf would be the natural place to configure the use of StartTLS. Imho, since LDAPS is deprecated, there is a need for such an option.

Best regards,
Michael

Follow-Ups:
- Re: Force client to use TLS
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Force client to use TLS
  - From: Michael Häusler <michael@akatose.de>
- Re: Force client to use TLS
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Basic UID= question
Next by Date: Re: Force client to use TLS
Index(es):
- Chronological
- Thread