[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with SASL and TLS

To: openldap-software@OpenLDAP.org
Subject: Re: Problems with SASL and TLS
From: Andrew Newman <anewman@pisoftware.com>
Date: Thu, 01 Mar 2001 13:31:22 +1000
References: <Pine.LNX.4.32.0102281257420.30072-100000@heyzeus.spack.org>
User-agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Adam Shand wrote:
>
> here are the relevant pieces of what i have in my slapd.conf:
>
> TLSCertificateFile      /etc/openldap/server.pem
> TLSCertificateKeyFile   /etc/openldap/server.pem
> TLSCACertificateFile    /etc/openldap/server.pem
>
> replogfile /etc/openldap/slurpd.replog
> replica host=192.168.1.2:389
>         binddn="cn=manager,dc=example,dc=net"
>         bindmethod=simple
>         credentials=mypasswd
>         tls=yes
>
> you should generate the key like this:
>
> # openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
>

It would seem that the problem was that I was expecting the SSL/TLS traffic to go over the 636 port not the same port as unencrypted traffic. I think this is due to the description in the FAQ of TLS/SSL. I think it's there that I went off on some weird tangent. Using ngrep I could determine that the traffic is indeed being encrypted.

Follow-Ups:
- Re: Problems with SASL and TLS
  - From: Adam Shand <larry@spack.org>

Next by Date: adding entry to multi-database server
Index(es):
- Chronological
- Thread