Quanah Gibson-Mount wrote:
--On Tuesday, December 08, 2009 3:44 PM +0100 Ralf Haferkamp
<rha...@suse.de> wrote:
Am Dienstag 08 Dezember 2009 13:50:21 schrieb Hallvard B Furuseth:
h...@openldap.org writes:
ITS#6419 also init for ldaps:// URIs
Does it work for ldapi:// as well? (And should it?) I seem to
remember StartTLS does work for ldapi, though I don't know what
a sensible host name in the server cert would be in that case.
If StartTLS works for ldapi:// (I never tried it). The ITS#6419 should
work in the ldapi:// case as a "start_tls=critical|yes" would need to be
present in the bindconf. That will trigger tls initialization as well.
Have a look at the previous config.c commit (1.509) for details.
[zim...@freelancer ~]$ ldapsearch -x -ZZ -H ldapi:///
# extended LDIF
Of course it works. The more interesting question is what would ldapwhoami
report, if you did a SASL/EXTERNAL Bind, and what ssf does slapd use as a
result...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
