[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback



Dan White <dwhite@olp.net> wrote:

> Try:
> 
> TLS_REQCERT: try
> 
> In this case, EXTERNAL should only be offered after successful TLS
> negotiation, or over a unix domain socket.
> 
> If TLS negotiation fails, then a SASL bind won't work without selecting
> another mechanism.

But Idap.conf(5) says "The  server  certificate  is requested. If no
certificate is provided, the  session  proceeds  normally. ", which
suggests that the TLS negociation may succeed without a server
certificate being sent. Is that wrong?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org