On 2012-06-19 at 17:19 +0200, Ferenc Wagner wrote: > Our LDAP server requires SSL connections, so I use the ldaps:// schema > in the LDAP lookup URI. However, I also have to specify the CA > certificates and the certificate policy in my /etc/ldap/ldap.conf, like: > > TLS_CACERT /etc/ssl/certs/ca-certificates.crt > TLS_REQCERT demand > > However, I really don't like the configuration separated this way: what > if I needed different TLS_CACERT or TLS_REQCERT options in Exim than in > other places? Being unable to include these options in my Exim config > feels like a shortcoming. Specification chapter 9, section 17 (LDAP > authentication and control information) enumerates several options which > can be set, but the above two are not in that bunch. Is there a good > reason for this, were they omitted by mistake or do I overlook something?
Those are tuning knobs for authentication and controls *within* an LDAP session; TLS control knobs are separate options, not part of the query. ----------------------------8< cut here >8------------------------------ 14.6 Data lookups [...] ldap_ca_cert_dir dir of CA certs to verify LDAP server's ldap_ca_cert_file file of CA certs to verify LDAP server's ldap_cert_file client cert file for LDAP ldap_cert_key client key file for LDAP ldap_cipher_suite TLS negotiation preference control ldap_default_servers used if no server in query ldap_require_cert action to take without LDAP server cert ldap_start_tls require TLS within LDAP ldap_version set protocol version ----------------------------8< cut here >8------------------------------ Each of those also has full documentation. Added in Exim 4.75, we're currently at Exim 4.80. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
