On Thu, Nov 13, 2003 at 03:12:10PM +0300, Mark wrote:
in slapd.conf piece:
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile /usr/local/ssl/misc/demoCA/cacert.pem
TLSCertificateFile /usr/local/ssl/misc/demoCA/certs/wolfcert.pem
TLSCertificateKeyFile /usr/local/ssl/misc/demoCA/private/wolfkey.pem
TLSVerifyClient demand
start slpad server on -h ldap:///
Server starting and I can connecting to him through 389 port.
Why I can connect to this server? My client on other host does not know
about tls.
TLS is an option in the LDAP protocol. A 'normal' LDAP connection can
be upgraded with TLS to apply encryption and/or authentication, but it
is quite possible to use the connection without either.
If you want to *require* encryption you need to add security strength
factors to slapd.conf - see the 'security' section of the slapd.conf
manpage.