Re: small myldap.c patch

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Robert Brooks <robert.brooks [at] reporo.com>
To: Arthur de Jong <arthur [at] arthurdejong.org>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: small myldap.c patch
Date: Thu, 27 Aug 2015 13:20:07 -0700

Yes, I eventually came to this conclusion, at first the debugging and openldap logging had me scared :-s

Thanks for the responses.

Regards,

Rob

On Thu, Aug 27, 2015 at 1:14 PM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Thu, 2015-08-27 at 12:53 -0700, Robert Brooks wrote:
> My other question next question is, why aren't other tls options set
> in myldap.c, for example tls_ciphers, tls_cacert etc? I see them set
> in cfg.c...

Some options are set globally (ldap_set_option(NULL,...) in cfg.c and
some on the connection (ldap_set_option(ld,...) in myldap.c because
otherwise they are not always correctly picked up.

I think this also depends on which TLS library is used. The current
situation is a bit magical but at least it works ;)

Some background can be found here:
https://bugs.debian.org/525605

Kind regards,

--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org/ --

Robert Brooks
Head of Systems
Reporo

Tel: +1 (415) 758-2220

http://www.reporo.com
World's Largest & Most Lucrative Mobile Ad Network

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

small myldap.c patch, Robert Brooks
- Re: small myldap.c patch, Arthur de Jong
  - Re: small myldap.c patch, Robert Brooks
    - Re: small myldap.c patch, Arthur de Jong
      - Re: small myldap.c patch, Robert Brooks

Prev by Date: Re: small myldap.c patch
Next by Date: Is a search result necessary for a successful bind?
Previous by thread: Re: small myldap.c patch
Next by thread: Is a search result necessary for a successful bind?