[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL revisited



At 04:15 PM 12/10/2003, Quanah Gibson-Mount wrote:


>--On Wednesday, December 10, 2003 6:11 PM -0500 Thomas Cramer <cramert@musc.edu> wrote:
>
>
>>In one of the emails from last month on this topic I saw some people
>>adding "tls=on" or "tls=hard" in their replica setting.  When I add that
>>I get the following when I edit and attribute:
>>Initializing session to godel.musc.edu:636
>>ber_get_next failed.
>>Warning: ldap_start_tls failed: Can't contact LDAP server (81)
>>Initializing session to godel.musc.edu:636
>>bind to godel.musc.edu:636 as cn=Manager,o=MUSC,c=US (simple)
>>ber_get_next failed.
>>Error: ldap_simple_bind_s for godel.musc.edu:636 failed: Can't contact
>>LDAP server
>
>TLS != SSL

TLS and SSL refer to the same protocol.  Just that without
qualification, they refer to different versions.

Regardless of whether you start TLS/SSL using ldaps:// or
StartTLS, the (successful) result is the same: a LDAP
session secured by some version of TLS/SSL.   The difference
is not TLS v SSL, but the mechanism used to signal that a
TLS/SSL protocol exchange is to be started.

Kurt