[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)



Kurt D. Zeilenga wrote:
At 03:53 PM 2/8/2003, Phil Dibowitz wrote:

IF I put 'ssl start_tls' in ldap.conf


OpenLDAP's ldap.conf(5) doesn't recognize 'ssl start_tls'...



Ah. Well, that would certainly make sense since it's not in the man page, despite being told it was an undocumented feature here on the list.


But putting that aside, it doesn't really answer my question...

Because all clients that aren't the same box as the server can use SSL with the server via nss_ldap and pam_ldap (when 'ssl start_tls' is in the /etc/openldap.conf) file... BUT when I do this in the server, the server can no longer be a client unto itself.

--
Phil Dibowitz                             phil@ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/     http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 - Benjamin Franklin, 1759