1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
State of the Nation: TLS support in GQ
--------------------------------------
At present, GQ includes extremely basic support for connecting to TLS-capable
LDAPv3 servers. This has been tested only w/ OpenLDAP v2.0.7 built with
OpenSSL 0.9.6, so YMMV.
The configure script determines if your LDAP libraries are capable of
supporting TLS by searching for the ``ldap_start_tls_s'' symbol in libldap.
It also attempts to add the correct libraries for TLS (SSL) support to the GQ
link-line.
Note: Since LDAP+TLS requires LDAPv3, GQ is currently hardwired to go into
LDAPv3 mode if you request that it use TLS. This may change in the future
as per-server LDAP version configuration will probably be added.
When building gq against OpenLDAP 2.1.x (tested with x == 2) TLS
support may not work if it did with 2.0.x. This might be a
configuration issue on the client side regarding the verification of
the server certificate, but this has not been investigated in
detail. Note that having something like
TLS_CACERT /path/to/cacert.pem
in ~/.ldaprc might help (tested locally).
|
