[xymon] bug in ldaptest.c
Buchan Milne
bgmilne at staff.telkomsa.net
Wed Sep 29 17:19:50 CEST 2010
On Wednesday, 29 September 2010 13:21:10 Rob McBroom wrote:
> On Sep 28, 2010, at 6:32 PM, Buchan Milne wrote:
> > Most people will expect "ldaps" to mean LDAP over SSL.. IMHO, we should
> > either create a new tag for LDAP with STARTTLS, or use a bind extension
> > in the existing ldap tag (IOW, keep it a quasi-valid LDAP URI).
>
> Isn't that what I said? :) Of course, it carries a lot more weight coming
> from you.
>
> > AFAIK, there is no standard bind extension for starttls, but we could use
> > something like:
> >
> > ldap://hostname/????starttls
> >
> > (or:
> > ldap://ldap.mydomain.com/dc=mydomain,dc=com?uid?sub?"(uid=testuser)"?star
> > ttls )
>
> That sounds fine for testing with a URI, but what about a “naked” tag?
> Currently, it's enough to just say “ldap” or “ldaps” to have the test run
> with defaults.
Sure, if all you want to do is test that the port is open. What would you want
to occur for an 'ldap' tag regarding STARTTLS?
> Should we have one like “ldapt” or something?
What would it do? Check if port 389 is open (just like 'ldap')? Anything else?
> Or should we
> just require the long form with a URI to trigger this test?
ldap://hostname/????starttls
?
or ldap:///????starttls
?
Regards,
Buchan
More information about the Xymon
mailing list