Thanks Anton, I can saw that ldapsearch from mozilla lib supports both "-ZZ" with its variant "-ZZZ" and it worked, so I was sure StartTLS is supported.
What I was really asking is whether mozilla lib can do TLSv1 since the doc says "The Mozilla LDAP C SDK only supports SSL 3.0, and ..". As you said that doc is out-of-dated, and I assume you are referring the out-of-dated WRT to StartTLS. So far, I don't know how to force the mozilla ldap client tool, such as ldapsearch, to use the TLSv1 when connection, and not sure whether it is server config issue or client side issue. I am doing some pre-investigation before upgrade our ldap tool using mozilla ldap api to enable ssl. On Feb 17, 5:06 pm, Anton Bobrov <[email protected]> wrote: > On 17/02/2010 23:39, huican wrote: > > > As I read the Mozilla LDAP C SDK Programmer's Guide at: > >http://www.mozilla.org/directory/csdk-docs/ssl.htm#how_ssl_works_with..., > > It says: "The Mozilla LDAP C SDK only supports SSL 3.0 and does not > > support the Start Transport Layer Security (TLS) Operation." > > the docs are outdated in this regard, LDAP StartTLS extended > operation is supported, see > > http://mxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/include/ld...http://mxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/clients/to... > > > Does it means the current ldap c-sdk not supporting TLSv1? > > If it is the case, is there any milestone to support TLSv1? > > you are mixing up TLSv1 standard with LDAP StartTLS extended > operation. both are supported. for more details see > > https://developer.mozilla.org/en/Glossary#TLShttp://www.ietf.org/rfc/rfc2830.txt > > the rest of your questions related to openldap > server configiration should be directed to an > appropriate openldap mailing list/s. Thanks _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
