Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)

[Phil Dibowitz <phil@ipom.com>]

Kurt D. Zeilenga wrote:
> At 03:53 PM 2/8/2003, Phil Dibowitz wrote:
>
> > IF I put 'ssl start_tls' in ldap.conf 
>
>
> OpenLDAP's ldap.conf(5) doesn't recognize 'ssl start_tls'... 

Ah. Well, that would certainly make sense since it's not in the man 
page, despite being told it was an undocumented feature here on the list.

But putting that aside, it doesn't really answer my question...

Because all clients that aren't the same box as the server can use SSL 
with the server via nss_ldap and pam_ldap (when 'ssl start_tls' is in 
the /etc/openldap.conf) file... BUT when I do this in the server, the 
server can no longer be a client unto itself.

--
Phil Dibowitz                             phil@ipom.com
Freeware and Technical Pages              Insanity Palace of Metallica
http://home.earthlink.net/~jaymzh666/     http://www.ipom.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 - Benjamin Franklin, 1759