[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapi:/// without TLS + ldap:// with TLS?

To: openldap-technical@openldap.org
Subject: ldapi:/// without TLS + ldap:// with TLS?
From: Tom <tom@foscore.com>
Date: Fri, 22 Aug 2014 08:22:51 -0400
In-reply-to: <53F294E9.2060304@foscore.com>
References: <53F294E9.2060304@foscore.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

I'm running OpenLDAP 2.4 on CentOS 6.5. I'm trying to set it up so
clients can use the ldapi:/// socket without TLS, but any clients using
ldap:// must use TLS.

I believe that the relevant olc variables are olcLocalSSF and
olcSecurity. I can't get it to work - either TLS is required no matter
which URI I use, or clients can connect without TLS at all.

According to the docs, if I set olcLocalSSF to 128, and olcSecurity to
ssf=128, it should work, but it's not. I can only connect without TLS if
I delete the olcSecurity attribute, which allows anyone to connect
without TLS. What am I dong wrong?

References:
- ldapi:/// without TLS; ldap:// with TLS?
  - From: Tom <tom@foscore.com>

Prev by Date: Re : RE24 testing call (2.4.40)
Next by Date: Re: best practices WRT resizing a MDB backend?
Index(es):
- Chronological
- Thread