Re: [Exim] ldap lookups with starttls

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: Douglas Gray Stephens, Tabor J. Wells
CC: exim-users
Temat: Re: [Exim] ldap lookups with starttls
On Tue, 8 Jan 2002, Douglas Gray Stephens wrote:

> So given that exim has does not keep the LDAP session open, then there
> no way to decide when to switch from "sniffable" ldap to starttls
> ("unsniffable").
>
> In this case I agree that the current ldaps should be sufficient.
>
> Does (or should) exim check the credentials for the encrypted session


Probably not. It just calls the relevant LDAP function.


On Tue, 8 Jan 2002, Tabor J. Wells wrote:

> STARTTLS seems to be the way many services are going towards to implement
> SSL rather than dedicating an alternate port. I think the best thing to do
> would be to support both to allow sites which can't/don't want to run LDAP
> SSL on an alternate port, could still do lookups in an encrypted fashion.


Aha! That provides me with a bit of information I had not realized.
Namely, the difference between the two is whether an alternate port is
used or not. (I should have realized. It's the same with SMTP.)

OK, I'll take a look at the starttls part of the patch.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.