[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls



On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:

> in slapd.conf piece:
> TLSCipherSuite  HIGH:MEDIUM:+SSLv3
> TLSCACertificateFile    /usr/local/ssl/misc/demoCA/cacert.pem
> TLSCertificateFile      /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
> TLSCertificateKeyFile   /usr/local/ssl/misc/demoCA/private/wolfkey.pem
> TLSVerifyClient demand
> 
> start slpad server on -h ldap:///
> 
> Server starting and I can connecting to him through 389 port.
> Why I can connect to this server? My client on other host does not know  
> about tls.

TLS is an option in the LDAP protocol. A 'normal' LDAP connection can
be upgraded with TLS to apply encryption and/or authentication, but it
is quite possible to use the connection without either.

If you want to *require* encryption you need to add security strength
factors to slapd.conf - see the 'security' section of the slapd.conf
manpage.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------