LDAP referrals and StartTLS
Daniel Fisher
dfisher at vt.edu
Tue Jan 6 22:11:20 EST 2015
On Tue, Jan 6, 2015 at 5:13 PM, Wessel, Keith <kwessel at illinois.edu> wrote:
> Absolutely. I had our AD admin look and, sure enough, we're seeing a
> simple auth over an unencrypted channel just after the initial query. The
> initial query is working properly, doing a simple auth over the
> StartTLS-encrypted channel.
>
> Seems like a bug, probably in the edu.vt.ldap library. Where should I
> report it?
>
It's more of a feature request. You can file it here:
https://github.com/vt-middleware/ldaptive
The problem is that startTLS isn't something that is communicated in the
continuation reference, so you'd have to follow the referral manually to do
what you want.
There is no functionality in vt-ldap to do that and it's more likely to get
added for IDP 3.x.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150106/9b0a48bf/attachment.html
More information about the users
mailing list