[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Turning off clear text - how 2 get tls only communications?



Jim,

Though Howard's post covers things well, I have a few addtional
comments.


At 04:41 PM 6/15/2004, Jim C. wrote:
>1. Is ldaps the same as tls?

No.

ldaps:// (secure ldap) is a non-standard mechanism for
initiating LDAP over TLS (SSL) upon TCP connect.

The standard track mechanism for using LDAP over TLS (SSL)
is to "upgrade" an LDAP session using the Start TLS
operation (RFC 2830).

>Starting config:
>
>Mandrake 10.0 Official
>
>nss_ldap-212-3mdk
>pam_ldap-167-3mdk
>libldap2-2.1.25-6mdk
>perl-ldap-0.31-2mdk
>openldap-clients-2.1.25-6mdk
>openldap-2.1.25-6mdk

I note that many of the above packages do not include
OpenLDAP Software and none of the packages are provided
by OpenLDAP Project.

Aside from limiting issues to those which are specific
to OpenLDAP Software, you should avoid relying on aspects
of 3rd party packages which are not common to OpenLDAP
Software as distributed by the Project.  If you need
help understanding what is or isn't common to OpenLDAP
Software, ask the packager.

Kurt