[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
about TLS and Openldap ...
Hi,
I get my Openldap-2.0.18 working with TLS-Support. I'm using LDAP, PHP
4.0.6, GQ 4.0.1 (I think), pam_ldap and nss_ldap (newest versions) as
"clients" - all compiled with TLS/SSL-support.
But now I'm a little bit concerned about security, because when starting
slapd with
/usr/local/openldap/libexec/slapd -h "ldap:/// ldaps:///" -d 127 -f
/usr/local/openldap/etc/openldap/slapd.conf
the log output shows, that TLS is used in all communications, but some
of the packages I see are in clear text. These lines start with
"ldap_read" or "ber_dump" instead of "tls_read"/"tls_write" .
Unfortunately these packages also include password information.
Have I done something wrong (pherhaps configuration)? Or is this not the
real "net traffic" but just Openldap internal communication, that can't
be seen by others?
Openldap (as far as I understand it) only supports TLS connection
without client certificate. Does this mean only "one way" of
communication is encrypted?
Please give me some advice.
Greetings
Susanne