[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS Certificate Generation section and Troubleshooting Checklist



<quote who="Howard Chu">
> Quanah Gibson-Mount wrote:
>> ----- "Gavin Henry" <ghenry@suretecsystems.com> wrote:
>>> Dear All,
>>>
>>> Should we merge the TLS cert generation seciton of the FAQ into
>>> TLS.sdf?
>>
>>
>> Sounds good to me.
>
> That really falls outside the purpose of the OpenLDAP Admin Guide, i.e., a
> guide to administering *OpenLDAP* software. We can reference the FAQ
> article,
> or a separately packaged HOWTO document, but IMO it does not belong in the
> Guide itself. Just as we talk about how Kerberos or SASL may be used, but
> don't
> discuss how to initialize and populate a KDC or SASL authentication DB.

This is why I asked, as I had a feeling it shouldn't, but it comes up so
many times. A link to the FAQ entry will be fine.

>
> At some point we'll have our own certificate-generating overlay, in which
> case
> it will be an actual piece of OpenLDAP software, and then it will be a
> legitimate topic for the Guide. I.e., I do feel that the lack of integral
> X.509
> support is something we need to address, and that the overall topic
> properly
> belongs under the OpenLDAP umbrella since it is a core element of the
> X.500
> spec. We just aren't there yet.

Would be very cool.

> --
>    -- Howard Chu
>    Chief Architect, Symas Corp.  http://www.symas.com
>    Director, Highland Sun        http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP     http://www.openldap.org/project/
>