[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: stupid ldap question..(ssl/tls) (summary)
I originally asked the list:
> I am trying to verify that I have openldap working properly with
tsl/ssl support.
> If I am able to perform an ldapsearch from a remote client, using
> an "ldaps://foo.bar/" uri and it works, does this in fact mean I
> can have confidence in the sanctity of my openldap ssl/tsl
installation?
> Thanks for any cluelight shined.
Here are the answers I received:
######################################################################
Dave Lewney (D.M.Lewney <at> sussex <dot> ac <dot> uk responded:
Sounds like it's OK. You can also try out the following:
/path/to/openssl s_client -connect foo.bar:636
The main thing to get right is that the value of CN in foo.bar's
certificate is "foo.bar" .
Dave
######################################################################
This was very useful.
Drew Raines also responded with an affirmation that a successful
ldapsearch "is a giant step in the right direction" :)
Thanks!
Len
--
Len Rose
len@netsys.com
http://www.netsys.com