On Wednesday, 29 September 2010 13:21:10 Rob McBroom wrote:
On Sep 28, 2010, at 6:32 PM, Buchan Milne wrote:
Most people will expect "ldaps" to mean LDAP over SSL.. IMHO, we should either create a new tag for LDAP with STARTTLS, or use a bind extension in the existing ldap tag (IOW, keep it a quasi-valid LDAP URI).
Isn't that what I said? :) Of course, it carries a lot more weight coming from you.
AFAIK, there is no standard bind extension for starttls, but we could use something like:
ldap://hostname/????starttls
(or: ldap://ldap.mydomain.com/dc=mydomain,dc=com?uid?sub?"(uid=testuser)"?star ttls )
That sounds fine for testing with a URI, but what about a “naked” tag? Currently, it's enough to just say “ldap” or “ldaps” to have the test run with defaults.
Sure, if all you want to do is test that the port is open. What would you want to occur for an 'ldap' tag regarding STARTTLS?
Should we have one like “ldapt” or something?
What would it do? Check if port 389 is open (just like 'ldap')? Anything else?
Or should we just require the long form with a URI to trigger this test?
ldap://hostname/????starttls ? or ldap:///????starttls ?
Regards, Buchan