[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: OpenLdap/SASL/TLS ...
re: DNS, FQDNs - that's what a "hosts" file is good for.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
dreamwvr@dreamwvr.com
> On Wed, Feb 19, 2003 at 01:24:04PM -0600, Celso G. Lima wrote:
> > What is the best way to get all the traffic between an
> openldap server and
> > an openldap client encrypted?
> > If this involves using SASL, does it have to be configured
> with kerberos? if
> > it does not require kerberos, how do I get it working?
> FWIW. You simply can have it start a instance of ldaps if you like
> ising the ldaps:// or use the TLSv1 starttls switch in the slapd.conf
> (I have not tried this syntax for this yet.) To have non SSL enabled
> ldap clients access SSLed LDAP you can use stunnel in client mode.
> This does not require Kerberos. However how one gets SASL to
> authenticate
> using Kerberos I am trying to get working now. Related to this
> is how does one work in ldaps mode with SASL from a non connected
> system. IOW I would like to work from my mobile simulating the
> ldaps server locally. The problem is that the FQDN is needed to be
> the same via DNS as is being requested. Is there a way to disable
> this check or workaround it. That way one could work on ldaps
> implementation and testing. Then merge diffs over to the development
> server. Later committing this to the production LDAP server.
> Well any insights appreciated.
>
> Best Regards,
> dreamwvr@dreamwvr.com
>
> --
> /* Security is a work in progress - dreamwvr */
> #
> # Note: To begin Journey type man afterboot,man help,man hier[.]
> #
> // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
>