[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with tsl/ssl



Thank you for your fast reply.


Stig Venaas wrote:

> > I have already tried this on the LDAP-Server itself: ldapsearch -ZZ -d
> > 127 "cn=*" - but it seems, that only parts of the traffic are encypted.
> 
> What you see in clear text is perhaps just the server certificate?

I don't think so, because I can read my LDAP-entries in cleartext in the
debug output. But there is no error message which shows than somethimng
with TLS went wrong. *?*  


 
> I did as follows:
> 
> I created my own certificate for CA and then created a certificate
> for the LDAP server where CN in the certificate is the same as the
> FQDN of the LDAP server (ldap.testfirma.de or something). See how
> at http://www.raphinou.com/ldaps/LDAP-SSL.HOWTO

Nearly the same did I.
But I have (a quite stupid) question: What means the "FQDN" of the
Server? My server-root (base) of the ldap directory is
"ou=abteilung,ou=institut,o=organisation,c=de" and my server "host04".
Is the NQDN in this case "host04.abteilung.institut,organisation,de"? I
only used "host04" as Common Name in the Certificate. Could this be my
mistake?


Have a nice day.
Susanne