Re: [exim] LDAP lookup over SSL

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MRichard.Hall at <-
MMMAndreas Metzler at ->
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] LDAP lookup over SSL
On 10/19/05 1:10 AM, "Philip Hazel" <ph10@???> wrote:

> On Tue, 18 Oct 2005, John W. Baxter wrote:
>
>> OpenLDAP seems to provide support for ldaps: URLS using the port 636
>> mechanism. A look through Google (while dodging LDAPS, the Lego Design and
>> Programming System) leaves me dubious about support in OpenLDAP for
>> STARTTLS, although
>> man -S3 ldap
>> seems encouraging.
>>
>> Next question is what parts of this does Exim support in making LDAP
>> lookups. Presumably, the answer is revealed in the source.
>
> And in the documentation. :-) Grep for ldaps. Are you sure that there is
> a specification for STARTTLS in LDAP? I thought it was just an SMTP
> thing.
>

STARTTLS appears to be in LDAPv3 (with v3 deprecating v2). I noted
yesterday in my Google ramblings a suggestion to avoid ldaps since it never
had IETF recognition and to use the LDAPv3 capability instead.

OpenLDAP claims to implement v3 with support for most of v2.

It seems likely that ldaps will hang around for a long time, just as SSL
upon connection is sticking around in SMTP. The LDAP transition may happen
sooner, since the old way may not have the backing of Microsoft (or it may).

--John




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] unknown routing option or transport name /w manualrouteRe: [exim] unknown routing option or transport name /w manualroute->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)