Full_Name: Michael Keller
Version: 2.4.20
OS: SLES 11 SP1
URL:
ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (95.131.98.154)
I have configured slapd to accept only TLS connections with:
security ssf=1 update_ssf=112 simple_bind=64
A ldapsearch -x returns correctly a
"# search result
search: 2
result: 13 Confidentiality required
text: confidentiality required"
When using TLS_REQCERT=demand a
ldapsearch -x -Z still returns results, even if a bad certificate comes from the
server. See debug output below.
ldapsearch -x -Z
Works as designed. Read the description for the -Z flag again. Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp.