RE: Only Openldap 2.1.x support TLS ?

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tony Earnshaw

> man, 2002-11-11 kl. 03:07 skrev Zhang Fei:
> >     I notice that no introduction of TLS configuration is
> mentioned in 2.0.x version
> > and no option,such as" --with-tls",is listed in "configure
> --help",while both of then
> > exist in 2.1.x version.
> >     Does it mean that 2.0.x version doesn't support TLS
> feature ,while 2.1.x version does ?
>
> AFAIk, after communication with others and having been on
> this list for
> a while, 2.0.x has no encryption (SSL or TLS) or otherwise advanced
> authentication possibility and has to use /usr/sbin/stunnel for
> encrypted connections (man stunnel), whilst 2.1.x has a *lot* of added
> functionality, including full SASL.

No. 2.0.x and 2.1.x have mostly identical support for SSL/TLS, it's just that
the man pages and admin guide never got updated with these features in 2.0.
There are probably some bug fixes in 2.1 tls.c that never made it back to 2.0
but for the most part they're the same. All the TLS configuration keywords
documented for ldap.conf and slapd.conf in 2.1 are identical in 2.0. 2.1 has
much better support for SASL/EXTERNAL though.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support