lists.arthurdejong.org
RSS feed

Re: small myldap.c patch

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: small myldap.c patch



Yes, I eventually came to this conclusion, at first the debugging and openldap logging had me scared :-s

Thanks for the responses.

Regards,

Rob


On Thu, Aug 27, 2015 at 1:14 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Thu, 2015-08-27 at 12:53 -0700, Robert Brooks wrote:
> My other question next question is, why aren't other tls options set
> in myldap.c, for example tls_ciphers, tls_cacert etc? I see them set
> in cfg.c...

Some options are set globally (ldap_set_option(NULL,...) in cfg.c and
some on the connection (ldap_set_option(ld,...) in myldap.c because
otherwise they are not always correctly picked up.

I think this also depends on which TLS library is used. The current
situation is a bit magical but at least it works ;)

Some background can be found here:
  https://bugs.debian.org/525605

Kind regards,

--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org/ --



--
Robert Brooks
Head of Systems
Reporo

Tel: +1 (415) 758-2220

http://www.reporo.com
World's Largest & Most Lucrative Mobile Ad Network
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/