[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls

To: Mark <mark@rusautogaz.ru>
Subject: Re: tls
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Thu, 13 Nov 2003 17:42:36 +0000
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3FB3751A.9090705@rusautogaz.ru>
References: <3FB3751A.9090705@rusautogaz.ru>
User-agent: Mutt/1.4.1i

On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:

> in slapd.conf piece:
> TLSCipherSuite  HIGH:MEDIUM:+SSLv3
> TLSCACertificateFile    /usr/local/ssl/misc/demoCA/cacert.pem
> TLSCertificateFile      /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
> TLSCertificateKeyFile   /usr/local/ssl/misc/demoCA/private/wolfkey.pem
> TLSVerifyClient demand
> 
> start slpad server on -h ldap:///
> 
> Server starting and I can connecting to him through 389 port.
> Why I can connect to this server? My client on other host does not know  
> about tls.

TLS is an option in the LDAP protocol. A 'normal' LDAP connection can
be upgraded with TLS to apply encryption and/or authentication, but it
is quite possible to use the connection without either.

If you want to *require* encryption you need to add security strength
factors to slapd.conf - see the 'security' section of the slapd.conf
manpage.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- Re: tls
  - From: Mark <mark@rusautogaz.ru>

References:
- tls
  - From: Mark <mark@rusautogaz.ru>

Prev by Date: Re: Problems with openldap-2.1.22 slowing down over time.
Next by Date: Re: Problems with openldap-2.1.22 slowing down over time.
Index(es):
- Chronological
- Thread