[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldaprc with ldaps:// and ldap:// fallback
Dan White <dwhite@olp.net> wrote:
> Try:
>
> TLS_REQCERT: try
>
> In this case, EXTERNAL should only be offered after successful TLS
> negotiation, or over a unix domain socket.
>
> If TLS negotiation fails, then a SASL bind won't work without selecting
> another mechanism.
But Idap.conf(5) says "The server certificate is requested. If no
certificate is provided, the session proceeds normally. ", which
suggests that the TLS negociation may succeed without a server
certificate being sent. Is that wrong?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org