On Fri, Feb 27, 2009 at 09:35:39AM -0800, Quanah Gibson-Mount wrote:
> --On Wednesday, February 25, 2009 7:12 PM -0500 Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
>
>
>> Note, the OpenLDAP API design issue is resolved with OpenLDAP 2.4.
>>
>> With OpenLDAP 2.4 it is possible to set the TLS properties for
>> a particular LDAP connection (not just global properties), and to
>> associate a new OpenLDAP managed TLS context for the connection via the
>> new "LDAP_OPT_X_TLS_NEWCTX" option.
>>
>> Try this completely untested patch (it may not even compile, but it
>> looks promising):
>
>
> Victor,
>
> If you are unable to test this patch at this time, I can do some testing on
> my systems using OpenLDAP 2.4.15 & Postfix 2.5.6.
That would be great. My ability to test LDAP with TLS is very limited. I
have (only since this morning) access to one LDAP + TLS server. The
patch should support the ability to establish separate SSL verification,
CA list, cipher, ... requirements for different LDAP tables.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
