[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP with tsl/ssl



Title: RE: OpenLDAP with tsl/ssl

do you have ethereal or some other sniffer?  if that sees the traffic as invalid LDAP traffic or can decode it, then your data is covered by SSL...

-----Original Message-----
From: Susanne Benkert [mailto:benkerts@emt.iis.fhg.de]
Sent: Friday, November 30, 2001 10:28 AM
To: Stig Venaas
Cc: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP with tsl/ssl


Thank you for your fast reply.


Stig Venaas wrote:

> > I have already tried this on the LDAP-Server itself: ldapsearch -ZZ -d
> > 127 "cn=*" - but it seems, that only parts of the traffic are encypted.
>
> What you see in clear text is perhaps just the server certificate?

I don't think so, because I can read my LDAP-entries in cleartext in the
debug output. But there is no error message which shows than somethimng
with TLS went wrong. *?* 


 
> I did as follows:
>
> I created my own certificate for CA and then created a certificate
> for the LDAP server where CN in the certificate is the same as the
> FQDN of the LDAP server (ldap.testfirma.de or something). See how
> at http://www.raphinou.com/ldaps/LDAP-SSL.HOWTO

Nearly the same did I.
But I have (a quite stupid) question: What means the "FQDN" of the
Server? My server-root (base) of the ldap directory is
"ou=abteilung,ou=institut,o=organisation,c=de" and my server "host04".
Is the NQDN in this case "host04.abteilung.institut,organisation,de"? I
only used "host04" as Common Name in the Certificate. Could this be my
mistake?


Have a nice day.
Susanne