[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Disallow ldap operations without start_tls

To: Joshua Schaeffer <jschaeffer0922@gmail.com>, Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: Disallow ldap operations without start_tls
From: Howard Chu <hyc@symas.com>
Date: Tue, 16 Feb 2016 04:00:47 +0000
In-reply-to: <56C29B08.5060503@gmail.com>
References: <56C243ED.2070402@gmail.com> <56C27841.4060307@stroeder.com> <56C28575.3020701@symas.com> <56C29B08.5060503@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 SeaMonkey/2.42a1

Joshua Schaeffer wrote:

Michael Ströder wrote:


Simply use LDAPS (on separate port). It was never defined in a standard but
most
LDAP-enabled software supports it.


I did ended up doing this. I had an application that didn't support start_tls
on an ldap URI, but did support ldaps (or at least I couldn't find a way to
get it to issue start_tls).


In OpenLDAP's libldap just use a URL extension:

 ldap://host/????starttls

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Disallow ldap operations without start_tls
  - From: Joshua Schaeffer <jschaeffer0922@gmail.com>

References:
- Disallow ldap operations without start_tls
  - From: Joshua Schaeffer <jschaeffer0922@gmail.com>
- Re: Disallow ldap operations without start_tls
  - From: Michael Ströder <michael@stroeder.com>
- Re: Disallow ldap operations without start_tls
  - From: Howard Chu <hyc@symas.com>
- Re: Disallow ldap operations without start_tls
  - From: Joshua Schaeffer <jschaeffer0922@gmail.com>

Prev by Date: Re: Disallow ldap operations without start_tls
Next by Date: Re: Disallow ldap operations without start_tls
Index(es):
- Chronological
- Thread