[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unix sockets and localhost and TLS



Jason Joines <joines@bus.okstate.edu> writes:

>     I've go OpenLDAP 2.2.15 running on SuSE Linux 9.2.  There is one
>     master and several slaves.  The slaves run Samba and various other
>     services that use ldap for authentication.  In this case, is if
>     more efficient to reference the ldap server via localhost like
>     ldap://localhost or via unix sockets like
>     ldapi://%2fvar%2frun%2fslapd%2fldapi?  If using unix sockets, is
>     TLS even applicable?  If not, will enabling TLS in slapd.conf
>     disable access to the unix socket?

>From a security point of view there is no need to start TLS on local
sockets, therefore TLS is not initiated. To my experience transport over
local sockets seems to be slightly faster than over internet sockets.
Just an example

time ldapwhoami -H ldapi:// -ZZ -Y EXTERNAL






-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53