[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with tsl/ssl

To: Stig Venaas <Stig@OpenLDAP.org>
Subject: Re: OpenLDAP with tsl/ssl
From: Susanne Benkert <benkerts@emt.iis.fhg.de>
Date: Fri, 30 Nov 2001 16:27:45 +0100
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
References: <3C079543.E258599@emt.iis.fhg.de> <20011130153913.A12238@itea.ntnu.no>

Thank you for your fast reply.

Stig Venaas wrote:

> > I have already tried this on the LDAP-Server itself: ldapsearch -ZZ -d
> > 127 "cn=*" - but it seems, that only parts of the traffic are encypted.
> 
> What you see in clear text is perhaps just the server certificate?

I don't think so, because I can read my LDAP-entries in cleartext in the
debug output. But there is no error message which shows than somethimng
with TLS went wrong. *?*  

> I did as follows:
> 
> I created my own certificate for CA and then created a certificate
> for the LDAP server where CN in the certificate is the same as the
> FQDN of the LDAP server (ldap.testfirma.de or something). See how
> at http://www.raphinou.com/ldaps/LDAP-SSL.HOWTO

Nearly the same did I.
But I have (a quite stupid) question: What means the "FQDN" of the
Server? My server-root (base) of the ldap directory is
"ou=abteilung,ou=institut,o=organisation,c=de" and my server "host04".
Is the NQDN in this case "host04.abteilung.institut,organisation,de"? I
only used "host04" as Common Name in the Certificate. Could this be my
mistake?

Have a nice day.
Susanne

Follow-Ups:
- Re: OpenLDAP with tsl/ssl
  - From: Prune <prune@lecentre.net>

References:
- OpenLDAP with tsl/ssl
  - From: Susanne Benkert <benkerts@emt.iis.fhg.de>
- Re: OpenLDAP with tsl/ssl
  - From: Stig Venaas <Stig@OpenLDAP.org>

Prev by Date: Adding attributetypes and objectclasses with ldapmodify?
Next by Date: RE: OpenLDAP with tsl/ssl
Index(es):
- Chronological
- Thread