[Date Prev][Date Next] [Chronological] [Thread] [Top]

about TLS and Openldap ...

To: openldap-software@OpenLDAP.org
Subject: about TLS and Openldap ...
From: Susanne Benkert <benkerts@emt.iis.fhg.de>
Date: Thu, 20 Dec 2001 11:26:04 +0100
References: <B0000688802@professeur3.enic.fr>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120

Hi,

I get my Openldap-2.0.18 working with TLS-Support. I'm using LDAP, PHP 4.0.6, GQ 4.0.1 (I think), pam_ldap and nss_ldap (newest versions) as "clients" - all compiled with TLS/SSL-support. But now I'm a little bit concerned about security, because when starting slapd with

/usr/local/openldap/libexec/slapd -h "ldap:/// ldaps:///" -d 127 -f /usr/local/openldap/etc/openldap/slapd.conf

the log output shows, that TLS is used in all communications, but some of the packages I see are in clear text. These lines start with "ldap_read" or "ber_dump" instead of "tls_read"/"tls_write" . Unfortunately these packages also include password information.

Have I done something wrong (pherhaps configuration)? Or is this not the real "net traffic" but just Openldap internal communication, that can't be seen by others?

Openldap (as far as I understand it) only supports TLS connection without client certificate. Does this mean only "one way" of communication is encrypted?

Please give me some advice.
Greetings
Susanne

Follow-Ups:
- Re: about TLS and Openldap ...
  - From: Waldemar Brodkorb <waldemar@thinknow.de>

References:
- SASL authentication and simple bind
  - From: Jacques Landru <landru@enic.fr>

Prev by Date: Re: how to tell version?
Next by Date: RE: configure - specify SleepyCat
Index(es):
- Chronological
- Thread