In <user-ab481b8898d2@xymon.invalid> Buchan Milne <user-9b139aff4dec@xymon.invalid> writes:
ldaps isn't a standardised (RFC) LDAP feature, whereas STARTTLS is. I assume this could be a reason why Henrik initially didn't implement ldaps support, instead using ldaps:// to indicate STARTTLS.
We can consider implementing real ldaps support, but then we would need a different way to request STARTTLS support in ldap:// URLs in bb-hosts.
The major problem with this is that Xymon uses the OpenLDAP library
to talk to the LDAP server (the LDAP protocol itself is a bit too
complex for Xymon to do on its own). And OpenLDAP only supports the
RFC-way of doing SSL.
Regards,
Henrik