Project

General

Profile

Bug #3214

ldapclient man page does not document tls:none setting

Added by Paul Henson about 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
manpage - manual pages
Start date:
2012-09-20
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

Way back when we first deployed Solaris 10 and I was configuring the LDAP naming services integration, there didn't appear to be any way to connect with an anonymous bind using SSL, the authentication options were either "none" (anonymous bind over insecure channel) or "tls:simple" (authenticated bind over encrypted channel). The necessity of authenticating in order to see the required data is completely orthogonal to the desire to validate the server and make sure the right one is actually talking to you :), so I opened a support ticket. The response was basically "we don't support that, we'll open an RFE, go away" <sigh>, and despite my attempts to get it classified as a security issue it went into limbo...

So I went to add a new authentication type "tls:none" to illumos, and to my great surprise actually found it already there, but undocumented. I made a tiny update to the ldapclient man page to include it, and am creating this issue to have an issue # to submit with it to RTI.


Files

illumos-gate.patch (738 Bytes) illumos-gate.patch patch to ldapclient man page Paul Henson, 2012-09-20 11:45 PM
#1

Updated by Rich Lowe about 8 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

Resolved in r13831 commit:df991d875843

Also available in: Atom PDF