[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL coding and openLDAP

To: phil@bolthole.com
Subject: Re: SSL coding and openLDAP
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 11 Jun 2001 15:23:28 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20010611145202.A25321@bolthole.com>
References: <5.1.0.14.0.20010611103247.030bb748@127.0.0.1> <5.1.0.14.0.20010606160010.02f02b00@127.0.0.1> <008001c0f26a$af796e80$14d915a5@sze4041> <5.1.0.14.0.20010611103247.030bb748@127.0.0.1>

At 02:52 PM 6/11/2001, phil@bolthole.com wrote:
>On Mon, Jun 11, 2001 at 10:35:20AM -0700, Kurt D. Zeilenga wrote:
>> ...
>> If you want to do Start TLS [RFC 2830], yes.  If you
>> want to do LDAP over SSL, no.  For LDAP over SSL,
>> you need to use ldap_initialize() (instead of ldap_init()).
>> See any of the client applications in clients/tools
>> for examples.
>
>what is the difference? Why would you choose one over the other?

They both provide the same basic security services in different
ways.  LDAP over SSL is not standard track and requires use of
a second port.  StartTLS is standard track and uses one
port.

I prefer to use standard track mechanisms.  However, the OpenLDAP
API makes it fairly easy to support both.  All OpenLDAP client
tools do and can be used as implementation examples.

Kurt

References:
- Re: SSL coding and openLDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Deleting index files on boot
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- SSL coding and openLDAP
  - From: "Lye" <sze4041@singnet.com.sg>
- Re: SSL coding and openLDAP
  - From: phil@bolthole.com

Prev by Date: Re: SSL coding and openLDAP
Next by Date: Re: why is adding records slow?
Index(es):
- Chronological
- Thread