[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapi:/// without TLS; ldap:// with TLS?

To: openldap-technical@openldap.org
Subject: ldapi:/// without TLS; ldap:// with TLS?
From: Tom <tom@foscore.com>
Date: Tue, 26 Aug 2014 09:15:28 -0400
In-reply-to: <53F294E9.2060304@foscore.com>
References: <53F294E9.2060304@foscore.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

I'm running OpenLDAP 2.4 on CentOS. I'm trying to set it up so clients
can use the ldapi:/// socket without TLS, but any clients using ldap://
must use TLS.

I believe that the relevant olc variables are olcLocalSSF and
olcSecurity. I can't get it to work - either TLS is required no matter
which URI I use, or clients can connect without TLS at all.

According to the docs, if I set olcLocalSSF to 128, and olcSecurity to

ssf=128, it should work, but it's not. I can only connect without TLS ifI delete the olcSecurity attribute, which allows anyone to connect

without TLS.

Has anyone else seen this behaviour?

Follow-Ups:
- Re: ldapi:/// without TLS; ldap:// with TLS?
  - From: Philip Guenther <pguenther@proofpoint.com>

References:
- ldapi:/// without TLS; ldap:// with TLS?
  - From: Tom <tom@foscore.com>

Prev by Date: Re: Getting the memberof overlay to work
Next by Date: Re: How can I add ldap user from linux shell command line?
Index(es):
- Chronological
- Thread