Re: Question about ldap_init, ldap_initialize, start_tls, LDAP_OPT_X_TLS_ALLOW and TLS/SSL

[Howard Chu <hyc@symas.com>]

Markus Moeller wrote:
> But it is allowed to be set in ldap.conf,

That doesn't necessarily mean anything. Lots of things can be set in ldap.conf 
that don't mean anything at all, since the parser ignores any keywords it 
doesn't recognize.

What evidence do you have that this particular setting actually does anything? 
A quick scan of the source code proves that it actually does nothing.

> so why can't or shouldn't I be 
> able to set it in my client without the pain of checking all the different 
> config files ldap.conf, .ldaprc, ldaprc ... I'd like to be able to control 
> my client options without the use of config files.

Go ahead and do that then. But don't waste time with options that don't 
actually have any meaning.
> Regards
> Markus
>
> ----- Original Message ----- 
> From: "Howard Chu" <hyc@symas.com>
> To: "Markus Moeller" <huaraz@moeller.plus.com>
> Cc: <openldap-software@openldap.org>
> Sent: Tuesday, June 19, 2007 12:01 AM
> Subject: Re: Question about ldap_init, ldap_initialize, start_tls, 
> LDAP_OPT_X_TLS_ALLOW and TLS/SSL
>
>
> > Markus Moeller wrote:
> > > Does anybody have some sample code of how to use  LDAP_OPT_X_TLS_ALLOW in 
> > > a client program with ldap_start_tls_s ?
> > >  Is it a bug if it doesn't work ?
> > The LDAP_OPT_X_TLS option is incompatible with ldap_start_tls. You cannot 
> > use both together. In general, the LDAP_OPT_X_TLS option is deprecated and 
> > should not be used at all.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/