[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: How enforce TLS connection to openldap server only?
Khosrow:
Quanah showed me the link to the man page. But you have to search for
specific openldap command in order to see the documentation.
If I just search for a keyword like olcSecurity, nothing comes up.
A wiki knowledgebase will definitely help a lot!
Thanks a lot!
Yan
-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Khosrow
Ebrahimpour
Sent: Thursday, September 20, 2012 1:36 PM
To: openldap-technical@openldap.org
Subject: Re: How enforce TLS connection to openldap server only?
On September 20, 2012 09:59:05 AM Quanah Gibson-Mount wrote:
> --On Thursday, September 20, 2012 9:58 AM -0700 Quanah Gibson-Mount
>
> <quanah@zimbra.com> wrote:
> > --On Thursday, September 20, 2012 12:02 PM -0400 Yan Gong
> >
> > <yan@fabric.com> wrote:
> >> Peter:
> >>
> >> Thanks for the confirmation!
> >> I only used olcSecurity, not olcAccess to enforce the TLS connection.
> >> Man, I wish there is more detailed, updated and user-friendly
> >> information about OpenLdap on the web.
> >> I guess, that's why people are turning to Active Directory because
> >> it is much easier to use.
> >
> > It is documented in the manual pages, which are both on the web, and
> > ship with the software itself. Lack of comprehension does not mean
> > lack of documentation.
> >
> > If you think AD is LDAP, then you are in for a world of hurt.
>
> Meant to send this to the list. ;)
>
I agree with Quanah that documentation is there, I also think Yan is
correct that the information is not very easy to find.
I've used the Admin Guide and the Faq-O-Matic on many occassions and found
them a good starting point, but not the final answer. I think a wiki-style
documentation where the user commuity could more easily contribute to the
knowledge base may be a helpful thing.
Having said all that, there may already be something like that and I just
don't know about it.
I can start a new thread if more people want to chime in since I don't
want to derail the original thread here.