[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLdap/SASL/TLS ...



re: DNS, FQDNs - that's what a "hosts" file is good for.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
dreamwvr@dreamwvr.com

> On Wed, Feb 19, 2003 at 01:24:04PM -0600, Celso G. Lima wrote:
> > What is the best way to get all the traffic between an
> openldap server and
> > an openldap client encrypted?
> > If this involves using SASL, does it have to be configured
> with kerberos? if
> > it does not require kerberos, how do I get it working?
> FWIW. You simply can have it start a instance of ldaps if you like
> ising the ldaps:// or use the TLSv1 starttls switch in the slapd.conf
> (I have not tried this syntax for this yet.) To have non SSL enabled
> ldap clients access SSLed LDAP you can use stunnel in client mode.
> This does not require Kerberos. However how one gets SASL to
> authenticate
> using Kerberos I am trying to get working now. Related to this
> is how does one work in ldaps mode with SASL from a non connected
> system. IOW I would like to work from my mobile simulating the
> ldaps server locally. The problem is that the FQDN is needed to be
> the same via DNS as is being requested. Is there a way to disable
> this check or workaround it. That way one could work on ldaps
> implementation and testing. Then merge diffs over to the development
> server. Later committing this to the production LDAP server.
> Well any insights appreciated.
>
> Best Regards,
> dreamwvr@dreamwvr.com
>
> --
> /*  Security is a work in progress - dreamwvr                 */
> #
> # Note: To begin Journey type man afterboot,man help,man hier[.]
> #
> // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]
>