Volker Lendecke wrote: > On Sun, Oct 05, 2008 at 07:35:16PM -0700, Howard Chu wrote: >> We really ought to have a way to allow clients to make libldap use StartTLS >> without having to code their own calls into libldap for that purpose. I >> think it would be useful to allow specifying StartTLS in the extension >> field of the LDAP URL. Then at least it can be configured into ldap.conf >> forgotten about. >> >> The code for ldap_initialize() should look for the URL extension field, and >> act on it if StartTLS / 1.3.6.1.4.1.1466.20037 is present. >> >> Any comments? > > Not that I have any word in LDAP development, but this > sounds *very* useful :-)
Yes I also find it useful. Not sure whether it should be within ldap_initialize() or just in the client apps though. The first could be problematic if client applications just read the LDAP URI from some configuration file and pass it as is to ldap_initialize() and after that call ldap_start_tls() a second time based on different configuration parameters. Ciao, Michael.
