[Pkg-openldap-devel] Bug#512693: Bug#512693: slapd - ldap proxy with tls enforces cert check even if disabled
Bastian Blank
waldi at debian.org
Sun Jan 25 17:54:39 UTC 2009
On Sun, Jan 25, 2009 at 09:26:00AM -0800, Quanah Gibson-Mount wrote:
> Upstream was unable to reproduce this issue, so I'm guessing it is
> already fixed there. I would advise using the upstream code instead of
> patching it with your own patch.
This code is GnuTLS specific. I don't know where this code currently
comes from.
> I'd note that the client requests in the reported example use -W with -x
> and no -D, so they should fail since binding with a password an no DN...
Why? A quick check shows that libldap transforms this into a anonymous
bind without a password. But it also reads a config, which contains much
other informations:
| $ cat ~/.ldaprc
| URI ldaps://ldap.example.com
| BASE o=Example
| BINDDN cn=blank,ou=People,o=Example
| TLS_REQCERT allow
Bastian
--
Vulcans do not approve of violence.
-- Spock, "Journey to Babel", stardate 3842.4
More information about the Pkg-openldap-devel
mailing list