[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: tls
On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:
> in slapd.conf piece:
> TLSCipherSuite HIGH:MEDIUM:+SSLv3
> TLSCACertificateFile /usr/local/ssl/misc/demoCA/cacert.pem
> TLSCertificateFile /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
> TLSCertificateKeyFile /usr/local/ssl/misc/demoCA/private/wolfkey.pem
> TLSVerifyClient demand
>
> start slpad server on -h ldap:///
>
> Server starting and I can connecting to him through 389 port.
> Why I can connect to this server? My client on other host does not know
> about tls.
TLS is an option in the LDAP protocol. A 'normal' LDAP connection can
be upgraded with TLS to apply encryption and/or authentication, but it
is quite possible to use the connection without either.
If you want to *require* encryption you need to add security strength
factors to slapd.conf - see the 'security' section of the slapd.conf
manpage.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
- Follow-Ups:
- Re: tls
- From: Mark <mark@rusautogaz.ru>
- References:
- tls
- From: Mark <mark@rusautogaz.ru>