Re: Mysteries of openldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-11-30 at 16:07 -0600, Anthony Messina wrote:
> On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote:
> > Craig White wrote:
> > >> I'm running openldap on my desktop,
> > >> and can access it fine from my laptop.
> > >> But I'd like to use TLS encryption
> > >> (as the desktop ldap is open to the world).
> > >>
> > >> Unfortunately I find the openldap documentation
> > >> very difficult to follow.
> >
> > ...
> >
> > > short answer, use ldaps - even though it is deprecated.
> >
> > Well, thanks very much for your response.
> > I'll try ldaps, as you suggest.
> > I couldn't tell, from the documentation,
> > what the difference is between ldap + TLS and ldaps,
> > except that they seem to use different ports.
> 
> ldaps is ldap over ssl, port 636: this would be similar to using https:// 
> instead of http://
> 
> ldap + tls is ldap using the start_tls mechanism, port 389
----
yes, more common these days to use URI than HOST designations.

uri ldaps://some.fqdn:636

similar to

uri ldap://some.fqdn:389
ssl start_tls

be sure that your self-signed certs, dns, system all use the same host
names

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux