[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL coding and openLDAP



At 02:52 PM 6/11/2001, phil@bolthole.com wrote:
>On Mon, Jun 11, 2001 at 10:35:20AM -0700, Kurt D. Zeilenga wrote:
>> ...
>> If you want to do Start TLS [RFC 2830], yes.  If you
>> want to do LDAP over SSL, no.  For LDAP over SSL,
>> you need to use ldap_initialize() (instead of ldap_init()).
>> See any of the client applications in clients/tools
>> for examples.
>
>what is the difference? Why would you choose one over the other?

They both provide the same basic security services in different
ways.  LDAP over SSL is not standard track and requires use of
a second port.  StartTLS is standard track and uses one
port.

I prefer to use standard track mechanisms.  However, the OpenLDAP
API makes it fairly easy to support both.  All OpenLDAP client
tools do and can be used as implementation examples.

Kurt