[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Re: Make /etc/default/slapd automatically configurable

[Andreas B. Mundt]
> We currently add the deprecated ldaps:/// protocoll here:
> SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
> It would be nice if we would not need ldaps and could only use
> TLS. This has to be checked.

I've checked, and we still need ldaps to be able to download the SSL
certificate from the LDAP server to the clients during the first boot.
If someone can come up with a way to extract it using TLS, I am all
for dropping ldaps.

> We use: 
> here, which might be there for traditional reasons.

Not quite sure why we add that one.  It was added 2006-01-13 with this
changelog entry:

  [ Andreas Schuldei ]
  * making slapd use ipv4 only in cf.ldapserver (for uml testframework, where
    long timeouts occure when probing for ipv6 stuff)

No idea if it can be dropped or not.

Happy hacking,
Petter Reinholdtsen

Reply to: