[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: debugging tls (apache2 mod_ldap)
* Dick Davies <rasputnik@hellooperator.net> [0721 15:21]:
> * Kurt D. Zeilenga <Kurt@OpenLDAP.org> [0709 22:09]:
Sorry to reply to my own post, but I've just been reading
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#7.0
and am confused by Kurts earlier post which stated:
>>Ideally I'd happily just use SSL, it looks to me like it's trying to
>>to TLS inside the SSL session, which just seems silly.
>SSL and TLS are two names for the same thing (see archives).
>OpenLDAP Software (including libraries) will error if you
>attempt to do so.
>>Do I have an option to just do SSL without TLS,
>Since SSL is TLS (and TLS is SSL), no.
The url I mentioned seems to back up my earlier assumption that you could
do SSL without TLS, and vice versa.
What I think is happening is mod_auth_ldap
is trying to do both - presumably that works fine with many configurations, but
no mine. I need to have an SSL tunnel and not worry about TLS.
To illustrate:
[user@server httpd-2.0.49]$ /opt/bin/ldapsearch -x -H 'ldaps://ldaphost.domain/o=org' uid=user
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: uid=user
# requesting: ALL
#
[returns the requested entry, no problems]
but requesting TLS fails:
[user@server httpd-2.0.49]$ /opt/bin/ldapsearch -ZZ -x -H 'ldaps://ldaphost.domain/o=org' uid=user
ldap_start_tls: Operations error (1)
additional info: TLS is is already established
[user@server httpd-2.0.49]$
Does that make any sense?
Maybe we're getting startTLS and TLS confused here?
--
We are all worms. But I do believe I am a glowworm.
-- Winston Churchill
Rasputin :: Jack of All Trades - Master of Nuns