On Wednesday, 29 September 2010 13:21:10 Rob McBroom wrote:
On Sep 28, 2010, at 6:32 PM, Buchan Milne wrote:
Most people will expect "ldaps" to mean LDAP over SSL.. IMHO, we should
either create a new tag for LDAP with STARTTLS, or use a bind extension
in the existing ldap tag (IOW, keep it a quasi-valid LDAP URI).
Isn't that what I said? :) Of course, it carries a lot more weight coming
from you.
AFAIK, there is no standard bind extension for starttls, but we could use
something like:
ldap://hostname/????starttls
(or:
ldap://ldap.mydomain.com/dc=mydomain,dc=com?uid?sub?"(uid=testuser)"?star
ttls )
That sounds fine for testing with a URI, but what about a “naked” tag?
Currently, it's enough to just say “ldap” or “ldaps” to have the test run
with defaults.
Sure, if all you want to do is test that the port is open. What would you want
to occur for an 'ldap' tag regarding STARTTLS?
Should we have one like “ldapt” or something?
What would it do? Check if port 389 is open (just like 'ldap')? Anything else?
Or should we
just require the long form with a URI to trigger this test?
ldap://hostname/????starttls
?
or ldap:///????starttls
?
Regards,
Buchan