[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: problem with enabling TLS
On Tue, 4 Mar 2008, Padmavathi Dt wrote:
We have installed and configured our openLDAP-2.4.7 on RedHat LINUX
machine using simple configure( . /configure) without any options.
It has been working fine.Now we want to use SSL with that
we are using openssl-0.9.7g package.We got all the required certificates.
Now the problem is that,when I run the following command:
/usr/local/etc/openldap/slapd.conf -d127 -h "ldap:/// ldaps:///"
It is giving the following error message:
...
daemon: TLS not supported (ldaps:///)
Your build didn't include TLS support. You're going to have to
reconfigure and rebuild and this time you should read the output from
'configure' to see why it didn't find your OpenSS install. Did you
install OpenSSL in a non-standard location? If you, you probably need to
set the CPPFLAGS and LDFLAGS environment variables so that configure can
find and build against it, ala:
env CPPFLAGS=-I/usr/local/openssl/include \
LDFLAGS=-L/usr/local/openssl/lib \
./configure --enable-tls=openssl --with-other-stuff --enable-bits-here
...etc
One more question. Is there any difference between enabling SSL and
TLS?
Unfortunately, different people use those terms in different ways.
"SSL" is a protocol for carrying other protocols with confidentiality,
integrity, authentication, etc. "TLS" is the standardized and revised
version of that protocol.
For many people, "enabling SSL" means "using the negotiate-SSL-on-connect"
version of the protocol. I.e., "ldaps" instead of "ldap". TLS is then
generally associated with using the "upgrade-to-TLS" method where you
connect normally (in cleartext) and then use a protocol request to
initiate the SSL/TLS handshake, aka STARTTLS. e.g., the -Z option to
ldap{search,modify,etc}.
please help me( It is difficult to rebuild openldap again,as there are
many applications that are using our current LDAP)
Why is that a problem? Rebuild and test before installing, then do the
install when you're sure it's working properly.
Philip Guenther