In <201009271934.40635.bgmilne at staff.telkomsa.net> Buchan Milne <bgmilne at staff.telkomsa.net> writes:
On Thursday, 23 September 2010 14:18:51 Henrik "St=C3=B8rner" wrote:
The major problem with this is that Xymon uses the OpenLDAP library to talk to the LDAP server (the LDAP protocol itself is a bit too complex for Xymon to do on its own). And OpenLDAP only supports the RFC-way of doing SSL.
This isn't true. Almost all LDAP client software (pam_ldap, nss_ldap, samba= ,=20 freeradius, ldapsearch etc., apache mod_ldap, etc., to name a few) using=20 OpenLDAP libldap (at least with OpenSSL, I'm not too familiar with=20 OpenLDAP+gnutls) supports original Netscape-style ldaps (which is usually o= n=20 port 636).
Okay, I haven't looked at OpenLDAP since I implemented the LDAP tests (quite some time ago). The SSL support then wasn't documented at all, so I had to go by some sample code included with the library. If that has changed and we can support port-636-ldaps somehow then sure - let's do it. We probably need to invent a different tag in bb-hosts for it, but that's a minor problem.
Regards, Henrik