In <user-e04c2c27b8a9@xymon.invalid> Buchan Milne <user-9b139aff4dec@xymon.invalid> writes:
On Thursday, 23 September 2010 14:18:51 Henrik "St=C3=B8rner" wrote:
The major problem with this is that Xymon uses the OpenLDAP library
to talk to the LDAP server (the LDAP protocol itself is a bit too
complex for Xymon to do on its own). And OpenLDAP only supports the
RFC-way of doing SSL.
This isn't true. Almost all LDAP client software (pam_ldap, nss_ldap, samba=
,=20
freeradius, ldapsearch etc., apache mod_ldap, etc., to name a few) using=20
OpenLDAP libldap (at least with OpenSSL, I'm not too familiar with=20
OpenLDAP+gnutls) supports original Netscape-style ldaps (which is usually o=
n=20
port 636).
Okay, I haven't looked at OpenLDAP since I implemented the LDAP tests
(quite some time ago). The SSL support then wasn't documented at all,
so I had to go by some sample code included with the library. If that
has changed and we can support port-636-ldaps somehow then sure - let's
do it. We probably need to invent a different tag in bb-hosts for it,
but that's a minor problem.
Regards,
Henrik