Re: small myldap.c patch

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Robert Brooks <robert.brooks [at] reporo.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: small myldap.c patch
Date: Thu, 27 Aug 2015 12:53:58 -0700

Hi Arthure,

that makes sense, I could not find LDAP_OPT_X_TLS in the ldap_set_option man page, so it looked odd!

My other question next question is, why aren't other tls options set in myldap.c, for example tls_ciphers, tls_cacert etc? I see them set in cfg.c...

Regards,

Rob

On Thu, Aug 27, 2015 at 12:41 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Wed, 2015-08-26 at 12:02 -0700, Robert Brooks wrote:
> I believe we are looking to set TLS_REQUIRE_CERT to hard here...

Hi,

Thanks for your patch but no, the setting of LDAP_OPT_X_TLS is
intentional. It is used to specify an ldaps:// connection (even if no
ldaps:// URL is specified and may be required for some LDAP libraries).

It is a bit weird that LDAP_OPT_X_TLS_HARD is used as a value for
LDAP_OPT_X_TLS but seems intentional:
http://www.openldap.org/lists/openldap-software/200202/msg00456.html

Kind regards,

--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org/ --

Robert Brooks
Head of Systems
Reporo

Tel: +1 (415) 758-2220

http://www.reporo.com
World's Largest & Most Lucrative Mobile Ad Network

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

small myldap.c patch, Robert Brooks
- Re: small myldap.c patch, Arthur de Jong
  - Re: small myldap.c patch, Robert Brooks

Prev by Date: Re: small myldap.c patch
Next by Date: Re: small myldap.c patch
Previous by thread: Re: small myldap.c patch
Next by thread: Re: small myldap.c patch