On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote: > Craig White wrote: > >> I'm running openldap on my desktop, > >> and can access it fine from my laptop. > >> But I'd like to use TLS encryption > >> (as the desktop ldap is open to the world). > >> > >> Unfortunately I find the openldap documentation > >> very difficult to follow. > > ... > > > short answer, use ldaps - even though it is deprecated. > > Well, thanks very much for your response. > I'll try ldaps, as you suggest. > I couldn't tell, from the documentation, > what the difference is between ldap + TLS and ldaps, > except that they seem to use different ports. ldaps is ldap over ssl, port 636: this would be similar to using https:// instead of http:// ldap + tls is ldap using the start_tls mechanism, port 389 > > self signed certs? add TLS_REQCERT to /etc/openldap/ldap.conf > > and /etc/ldap.conf (openldap client apps use the one in /etc/openldap > > folder, everything else uses the one is /etc directory) > > I hadn't realized there was a second ldap.conf . > That's just about par for the course ... > > > this is old, obsolete but very useful > > > > http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html > > Thanks, I had seen that but ignored it after the rather prissy warning, > "This independently authored paper is considered to have obsolete status". > But with your recommendation I'll study it closely. > > Reading openldap documentation is like driving through fog. > At least one has some sense of progress, > which is more than I can say for reading sendmail docs. -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
Attachment:
signature.asc
Description: This is a digitally signed message part.
