[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)
Phil Dibowitz wrote:
The server is setup with its SSL and TLS certs.
IF I put 'ssl start_tls' in ldap.conf on the clients, I can see the
traffic on port 389 and it's in _plain text_. At some point the client
should issue 'start_tls' and from then on it should be encrypted. But
its not.
BUT IF I put "URI ldaps://ip.of.my.host/" in the ldap.conf on the
clients, and then I sniff 636 I see encrypted channel with no plain text
data (other than the SSL certificate being passed). And of course I see
no traffic on port 389.
I need to qualify this. I was slightly incorrect in my report. TLS
*DOES* seem to work for clients that are not the server.
TLS does *not* seem to work for the server being a client unto itself.
--
Phil Dibowitz phil@ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759