[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)



Phil Dibowitz wrote:
The server is setup with its SSL and TLS certs.

IF I put 'ssl start_tls' in ldap.conf on the clients, I can see the traffic on port 389 and it's in _plain text_. At some point the client should issue 'start_tls' and from then on it should be encrypted. But its not.

BUT IF I put "URI ldaps://ip.of.my.host/" in the ldap.conf on the clients, and then I sniff 636 I see encrypted channel with no plain text data (other than the SSL certificate being passed). And of course I see no traffic on port 389.


I need to qualify this. I was slightly incorrect in my report. TLS *DOES* seem to work for clients that are not the server.

TLS does *not* seem to work for the server being a client unto itself.

--
Phil Dibowitz                             phil@ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/     http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 - Benjamin Franklin, 1759