Re: Mysteries of openldap



On Fri, 2007-11-30 at 16:07 -0600, Anthony Messina wrote:
On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote:
Craig White wrote:
I'm running openldap on my desktop,
and can access it fine from my laptop.
But I'd like to use TLS encryption
(as the desktop ldap is open to the world).

Unfortunately I find the openldap documentation
very difficult to follow.

...

short answer, use ldaps - even though it is deprecated.

Well, thanks very much for your response.
I'll try ldaps, as you suggest.
I couldn't tell, from the documentation,
what the difference is between ldap + TLS and ldaps,
except that they seem to use different ports.

ldaps is ldap over ssl, port 636: this would be similar to using https://
instead of http://

ldap + tls is ldap using the start_tls mechanism, port 389
----
yes, more common these days to use URI than HOST designations.

uri ldaps://some.fqdn:636

similar to

uri ldap://some.fqdn:389
ssl start_tls

be sure that your self-signed certs, dns, system all use the same host
names

Craig

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • Re: LDAP+TLS problems
    ... Without TLS everything connects just fine, ... Make sure your private key is readable by the "ldap" user. ... then the server expects the client to present a client certificate. ... the initially unencrypted connection. ...
    (Ubuntu)
  • Re: computer account change password with Windows 2008 domain
    ... Microsoft broke password changes via the LDAP protocol with SASL GSSAPI ... In Windows 2003, provided that you didn't try to ... layer when using TLS, even though you're not trying to. ... always negotiated a privacy layer even if you haven't. ...
    (comp.protocols.kerberos)
  • Re: Mysteries of openldap
    ... But I'd like to use TLS encryption ... (as the desktop ldap is open to the world). ... Reading openldap documentation is like driving through fog. ...
    (Fedora)
  • Re: kmail/kaddressbook + openldap, again, sorry
    ... but when I try to enable TLS security it fails. ... I get the message "LDAP server returned the error: ... The simplest explanation would be that kaddressbook was compiled ...
    (Fedora)
  • Re: [SLE] SuSE 9.1, OpenLDAP fine as user ldap, OpenLDAP/TLS only works as user root
    ... > I'm trying to get OpenLDAP/TLS working on SuSE 9.1. ... > OpenLDAP without TLS working running as user and group ldap. ...
    (SuSE)