Re: Mysteries of openldap

On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote:
Craig White wrote:
I'm running openldap on my desktop,
and can access it fine from my laptop.
But I'd like to use TLS encryption
(as the desktop ldap is open to the world).

Unfortunately I find the openldap documentation
very difficult to follow.

...

short answer, use ldaps - even though it is deprecated.

Well, thanks very much for your response.
I'll try ldaps, as you suggest.
I couldn't tell, from the documentation,
what the difference is between ldap + TLS and ldaps,
except that they seem to use different ports.

ldaps is ldap over ssl, port 636: this would be similar to using https://
instead of http://

ldap + tls is ldap using the start_tls mechanism, port 389

self signed certs? add TLS_REQCERT to /etc/openldap/ldap.conf
and /etc/ldap.conf (openldap client apps use the one in /etc/openldap
folder, everything else uses the one is /etc directory)

I hadn't realized there was a second ldap.conf .
That's just about par for the course ...

this is old, obsolete but very useful

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html

Thanks, I had seen that but ignored it after the rather prissy warning,
"This independently authored paper is considered to have obsolete status".
But with your recommendation I'll study it closely.

Reading openldap documentation is like driving through fog.
At least one has some sense of progress,
which is more than I can say for reading sendmail docs.



--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

Attachment: signature.asc
Description: This is a digitally signed message part.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: kmail/kaddressbook + openldap, again, sorry
    ... but when I try to enable TLS security it fails. ... I get the message "LDAP server returned the error: ... The simplest explanation would be that kaddressbook was compiled ...
    (Fedora)
  • RHEL4, LDAP, TLS
    ... I have an LDAP server (running RHEL3 AS) using OpenLDAP setup to use ssl ... I have about 20 machines authenticating users via LDAP using ... I discovered that if I turn off "Use TLS" using ...
    (RedHat)
  • Re: [SLE] SuSE 9.1, OpenLDAP fine as user ldap, OpenLDAP/TLS only works as user root
    ... > I'm trying to get OpenLDAP/TLS working on SuSE 9.1. ... > OpenLDAP without TLS working running as user and group ldap. ...
    (SuSE)
  • Re: Mysteries of openldap
    ... But I'd like to use TLS encryption ... (as the desktop ldap is open to the world). ... Reading openldap documentation is like driving through fog. ...
    (Fedora)
  • LDAP/TLS with Solaris 8
    ... when configuring Solaris 8 LDAP clients to use TLS encryption. ... ldapclient appears to don't have options to support TLS at ... Does Solaris 8 supports LDAP w/ tls? ... Do I really need to install OpenLDAP ...
    (SunManagers)