[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback

To: dwhite@olp.net (Dan White)
Subject: Re: ldaprc with ldaps:// and ldap:// fallback
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Fri, 25 Jun 2010 05:29:10 +0200
Cc: Dieter Kluenter <dieter@dkluenter.de>, openldap-technical@openldap.org
In-reply-to: <20100624215339.GA6715@dan.olp.net>
User-agent: MacSOUP/2.7 (unregistered for 1252 days)

Dan White <dwhite@olp.net> wrote:

> Try:
> 
> TLS_REQCERT: try
> 
> In this case, EXTERNAL should only be offered after successful TLS
> negotiation, or over a unix domain socket.
> 
> If TLS negotiation fails, then a SASL bind won't work without selecting
> another mechanism.

But Idap.conf(5) says "The  server  certificate  is requested. If no
certificate is provided, the  session  proceeds  normally. ", which
suggests that the TLS negociation may succeed without a server
certificate being sent. Is that wrong?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: ldaprc with ldaps:// and ldap:// fallback
  - From: Dan White <dwhite@olp.net>

References:
- Re: ldaprc with ldaps:// and ldap:// fallback
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: Windows 7 users's authentication with openldap ?
Next by Date: Re: Overlays and OpenLDAP multi-threading model
Index(es):
- Chronological
- Thread