Volker Lendecke wrote:
On Sun, Oct 05, 2008 at 07:35:16PM -0700, Howard Chu wrote:
We really ought to have a way to allow clients to make libldap use StartTLS without having to code their own calls into libldap for that purpose. I think it would be useful to allow specifying StartTLS in the extension field of the LDAP URL. Then at least it can be configured into ldap.conf forgotten about.
The code for ldap_initialize() should look for the URL extension field, and act on it if StartTLS / 1.3.6.1.4.1.1466.20037 is present.
Any comments?
Not that I have any word in LDAP development, but this sounds *very* useful :-)
Yes I also find it useful. Not sure whether it should be within ldap_initialize() or just in the client apps though.
The first could be problematic if client applications just read the LDAP URI from some configuration file and pass it as is to ldap_initialize() and after that call ldap_start_tls() a second time based on different configuration parameters.
Ciao, Michael.