On Sep 28, 2010, at 6:32 PM, Buchan Milne wrote:
Most people will expect "ldaps" to mean LDAP over SSL.. IMHO, we should either create a new tag for LDAP with STARTTLS, or use a bind extension in the existing ldap tag (IOW, keep it a quasi-valid LDAP URI).
Isn't that what I said? :) Of course, it carries a lot more weight coming from you.
AFAIK, there is no standard bind extension for starttls, but we could use something like:
ldap://hostname/????starttls
(or: ldap://ldap.mydomain.com/dc=mydomain,dc=com?uid?sub?"(uid=testuser)"?starttls )
That sounds fine for testing with a URI, but what about a “naked” tag? Currently, it's enough to just say “ldap” or “ldaps” to have the test run with defaults. Should we have one like “ldapt” or something? Or should we just require the long form with a URI to trigger this test?
-- Rob McBroom <http://www.skurfer.com/>