[xymon] bug in ldaptest.c

Rob McBroom mailinglist0 at skurfer.com
Wed Sep 29 14:21:10 CEST 2010


On Sep 28, 2010, at 6:32 PM, Buchan Milne wrote:

> Most people will expect "ldaps" to mean LDAP over SSL.. IMHO, we should either 
> create a new tag for LDAP with STARTTLS, or use a bind extension in the 
> existing ldap tag (IOW, keep it a quasi-valid LDAP URI).

Isn't that what I said? :) Of course, it carries a lot more weight coming from you.

> AFAIK, there is no standard bind extension for starttls, but we could use 
> something like:
> 
> ldap://hostname/????starttls
> 
> (or:
> ldap://ldap.mydomain.com/dc=mydomain,dc=com?uid?sub?"(uid=testuser)"?starttls
> )

That sounds fine for testing with a URI, but what about a “naked” tag? Currently, it's enough to just say “ldap” or “ldaps” to have the test run with defaults. Should we have one like “ldapt” or something? Or should we just require the long form with a URI to trigger this test?

-- 
Rob McBroom
<http://www.skurfer.com/>




More information about the Xymon mailing list