[exim] How do I specify LDAPS x509 options?

Góra strony
Delete this message
Reply to this message
Autor: Ferenc Wagner
Data:  
Dla: exim-users
Temat: [exim] How do I specify LDAPS x509 options?
Hi,

Our LDAP server requires SSL connections, so I use the ldaps:// schema
in the LDAP lookup URI. However, I also have to specify the CA
certificates and the certificate policy in my /etc/ldap/ldap.conf, like:

TLS_CACERT    /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT    demand


However, I really don't like the configuration separated this way: what
if I needed different TLS_CACERT or TLS_REQCERT options in Exim than in
other places? Being unable to include these options in my Exim config
feels like a shortcoming. Specification chapter 9, section 17 (LDAP
authentication and control information) enumerates several options which
can be set, but the above two are not in that bunch. Is there a good
reason for this, were they omitted by mistake or do I overlook something?
--
Thanks,
Feri.