[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapi:/// without TLS; ldap:// with TLS?

To: openldap-technical@openldap.org
Subject: ldapi:/// without TLS; ldap:// with TLS?
From: Tom <tom@foscore.com>
Date: Mon, 18 Aug 2014 20:06:01 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

I'm running OpenLDAP 2.4 on CentOS. I'm trying to set it up so clientscan use the ldapi:/// socket without TLS, but any clients using ldap://must use TLS.

I believe that the relevant olc variables are olcLocalSSF andolcSecurity. I can't get it to work - either TLS is required no matterwhich URI I use, or clients can connect without TLS at all.

According to the docs, if I set olcLocalSSF to 128, and olcSecurity tossf=128, it should work, but it's not. I can only connect without TLS ifI delete the olcSecurity attribute, which allows anyone to connectwithout TLS. What am I dong wrong?

Follow-Ups:
- ldapi:/// without TLS + ldap:// with TLS?
  - From: Tom <tom@foscore.com>
- ldapi:/// without TLS; ldap:// with TLS?
  - From: Tom <tom@foscore.com>

Prev by Date: Re: Antw: Q: querying accesslog with reqStart>=partial time spec
Next by Date: TLS negotiation failed on ldaps:// - sslv3 alert bad record mac
Index(es):
- Chronological
- Thread