[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: stupid ldap question..(ssl/tls) (summary)



I originally asked the list:

> I am trying to verify that I have openldap working properly with
tsl/ssl support.
> If I am able to perform an ldapsearch from a remote client, using
> an "ldaps://foo.bar/" uri and it works, does this in fact mean I 
> can have confidence in the sanctity of my openldap ssl/tsl
installation?
> Thanks for any cluelight shined.

Here are the answers I received: 
######################################################################
Dave Lewney (D.M.Lewney <at> sussex <dot> ac <dot> uk responded:

Sounds like it's OK. You can also try out the following: 
 
/path/to/openssl s_client -connect foo.bar:636
 
The main thing to get right is that the value of CN in foo.bar's
certificate is "foo.bar" .
 
Dave   
######################################################################

This was very useful. 

Drew Raines also responded with an affirmation that a successful
ldapsearch "is a giant step in the right direction"  :)

Thanks!

Len



-- 
Len Rose
len@netsys.com
http://www.netsys.com