Craig White wrote: >> I'm running openldap on my desktop, >> and can access it fine from my laptop. >> But I'd like to use TLS encryption >> (as the desktop ldap is open to the world). >> >> Unfortunately I find the openldap documentation >> very difficult to follow. ... > short answer, use ldaps - even though it is deprecated. Well, thanks very much for your response. I'll try ldaps, as you suggest. I couldn't tell, from the documentation, what the difference is between ldap + TLS and ldaps, except that they seem to use different ports. > self signed certs? add TLS_REQCERT to /etc/openldap/ldap.conf > and /etc/ldap.conf (openldap client apps use the one in /etc/openldap > folder, everything else uses the one is /etc directory) I hadn't realized there was a second ldap.conf . That's just about par for the course ... > this is old, obsolete but very useful > > http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html Thanks, I had seen that but ignored it after the rather prissy warning, "This independently authored paper is considered to have obsolete status". But with your recommendation I'll study it closely. Reading openldap documentation is like driving through fog. At least one has some sense of progress, which is more than I can say for reading sendmail docs.
