Dieter:
The problem is that some companies (Novell for one) have not switched to LDAPv3 yet...And I havn't yet seen anything about plans to convert/upgrade.
Tim Bernhardson
Senior Technical Engineer
Certified Citrix Metaframe Administrator
Certified CyberGuard Administrator
Certified AIX 4.3 System Administrator
Sun-Maid Growers of California
7273 Murray Drive, Ste 18
Stockton, CA 95210
tbernhar@sunmaid.com
>>> Dieter Kluenter <dieter@dkluenter.de> 01/16/03 11:32AM >>>
Am Mit, 2003-01-15 um 20.33 schrieb Henrik Nordstrom:
> Dieter Kluenter wrote:
>
> > while reading the source code of squid_ldap_group I found hints for an
> > option -Z start_tls, is that an undocumented feature or is TLS not
> > working yet?
>
> If is just that I forgot to update the manpage when merging the TLS
> support from squid_ldap_auth. It should work if your binary accepts the
> option.
>
> > I would prefer TLS based connections to my directory server, as I
> > allready realise with Samba and Sendmail.
>
> Try it, and then report back here if it works or not.
Got squid_ldap_group working with TLS and openldap-2.1.3
but squid_ldap_auth complaints "unknown option "Z".
>
> In the pipeline there is also a patch waiting to get processed which
> adds support for ldaps:// connections using some OpenLDAP specific LDAP
> API extensions..
ldaps:// is a holdover from LDAPv2 and not compatible to LDAPv3
STARTTLS, see documentation of openldap.2.1.x
-Dieter
-- Dieter Kluenter | Systemberatung Tel:040.64861967 | Fax: 040.64891521 mailto: dkluenter@schevolution.com http://www.schevolution.com/tourReceived on Thu Jan 16 2003 - 13:18:51 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:42 MST