Re: [squid-users] squid_ldap_group + TLS

From: Tim Bernhardson <TBERNHAR@dont-contact.us>
Date: Thu, 16 Jan 2003 12:18:14 -0800

Dieter:

The problem is that some companies (Novell for one) have not switched to LDAPv3 yet...And I havn't yet seen anything about plans to convert/upgrade.

Tim Bernhardson
Senior Technical Engineer
Certified Citrix Metaframe Administrator
Certified CyberGuard Administrator
Certified AIX 4.3 System Administrator
Sun-Maid Growers of California
7273 Murray Drive, Ste 18
Stockton, CA 95210

tbernhar@sunmaid.com

>>> Dieter Kluenter <dieter@dkluenter.de> 01/16/03 11:32AM >>>
Am Mit, 2003-01-15 um 20.33 schrieb Henrik Nordstrom:
> Dieter Kluenter wrote:
>
> > while reading the source code of squid_ldap_group I found hints for an
> > option -Z start_tls, is that an undocumented feature or is TLS not
> > working yet?
>
> If is just that I forgot to update the manpage when merging the TLS
> support from squid_ldap_auth. It should work if your binary accepts the
> option.
>
> > I would prefer TLS based connections to my directory server, as I
> > allready realise with Samba and Sendmail.
>
> Try it, and then report back here if it works or not.

Got squid_ldap_group working with TLS and openldap-2.1.3
but squid_ldap_auth complaints "unknown option "Z".
>
> In the pipeline there is also a patch waiting to get processed which
> adds support for ldaps:// connections using some OpenLDAP specific LDAP
> API extensions..

ldaps:// is a holdover from LDAPv2 and not compatible to LDAPv3
STARTTLS, see documentation of openldap.2.1.x

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com 
http://www.schevolution.com/tour 
Received on Thu Jan 16 2003 - 13:18:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:42 MST