[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Starting TLS from configuration file
Kent Soper <dksoper@us.ibm.com> writes:
> I've been spinning wheels over how to start TLS in a configuration file. I
> would like to always force a TLS encypted connnection over ldap:// ports
> without any TLS code in my applications. Is this even possible with
> OpenLDAP 2.1.17?
>
> Any help would be appreciated.
>
> But when I remove ldap_start_tls_s() from the test and try to add various
> TLS directives to ldap.conf as has been suggested in this forum, I either
> do not see a TLS handhsake or I can't connect to the server.
>
> I've tried adding the following directives:
> security tls=128, ssf=128 // in slapd.conf
> ssl start_tls
> tls hard
> StartTLS
> Start_TLS
> start_tls
'ssl start_tls' is NOT an OpenLDAP directive but an PAM directive.
Don't forget that STARTTLS is client oriented, that is, the server
offers the ability but the client has to accept the servers
certificate and initiate an encrypted connection. In other words, a
client has to be enabled and configured to start a TLS connection. OpenLDAP
clients are configured by means of the flag -Z.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour