On Fri, 2007-11-30 at 16:07 -0600, Anthony Messina wrote: > On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote: > > Craig White wrote: > > >> I'm running openldap on my desktop, > > >> and can access it fine from my laptop. > > >> But I'd like to use TLS encryption > > >> (as the desktop ldap is open to the world). > > >> > > >> Unfortunately I find the openldap documentation > > >> very difficult to follow. > > > > ... > > > > > short answer, use ldaps - even though it is deprecated. > > > > Well, thanks very much for your response. > > I'll try ldaps, as you suggest. > > I couldn't tell, from the documentation, > > what the difference is between ldap + TLS and ldaps, > > except that they seem to use different ports. > > ldaps is ldap over ssl, port 636: this would be similar to using https:// > instead of http:// > > ldap + tls is ldap using the start_tls mechanism, port 389 ---- yes, more common these days to use URI than HOST designations. uri ldaps://some.fqdn:636 similar to uri ldap://some.fqdn:389 ssl start_tls be sure that your self-signed certs, dns, system all use the same host names Craig
