[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: stupid ldap question..(ssl/tls) (summary)

To: openldap-software@OpenLDAP.org
Subject: Re: stupid ldap question..(ssl/tls) (summary)
From: "Len Rose" <len@netsys.com>
Date: Wed, 14 Nov 2001 11:00:21 -0500 (EST)

I originally asked the list:

> I am trying to verify that I have openldap working properly with
tsl/ssl support.
> If I am able to perform an ldapsearch from a remote client, using
> an "ldaps://foo.bar/" uri and it works, does this in fact mean I 
> can have confidence in the sanctity of my openldap ssl/tsl
installation?
> Thanks for any cluelight shined.

Here are the answers I received: 
######################################################################
Dave Lewney (D.M.Lewney <at> sussex <dot> ac <dot> uk responded:

Sounds like it's OK. You can also try out the following: 
 
/path/to/openssl s_client -connect foo.bar:636
 
The main thing to get right is that the value of CN in foo.bar's
certificate is "foo.bar" .
 
Dave   
######################################################################

This was very useful. 

Drew Raines also responded with an affirmation that a successful
ldapsearch "is a giant step in the right direction"  :)

Thanks!

Len



-- 
Len Rose
len@netsys.com
http://www.netsys.com

Prev by Date: Re: RFC [Samba/NIS + LDAP]
Next by Date: replication (sending to slave and have it update master)
Index(es):
- Chronological
- Thread