[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security, SSF and localhost lookups

To: openldap-software@OpenLDAP.org
Subject: Re: Security, SSF and localhost lookups
From: M Butcher <mbutcher@grcomputing.net>
Date: 06 May 2003 14:17:01 -0600
In-reply-to: <1052244803.4148.148.camel@jericho>
Organization:
References: <1052244803.4148.148.camel@jericho>

It occurs to me that the main reason I have port 389 open is so that I
can do replication. I couldn't figure out how to do it over LDAPS, so I
did configured it to use LDAP with tls=critical.

If there is a way to do replication over LDAPS, then I can probably get
around the security settings that way.

Is there a way to do that?

Matt

On Tue, 2003-05-06 at 12:13, M Butcher wrote:
> I would like to set up OpenLDAP to allow localhost connections without
> TLS, but require any other incoming connections to use secure
> connections (e.g. ldaps:// or ldap:// with StartTLS).
> 
> When I used the RH RPM for OpenLDAP 2.0.17, using this setting in
> slapd.conf seemed to work: 
> 
> security tls=128 ssf=128
> 
> With OpenLDAP 2.1.16, it does not. My suspicion is that this is the way
> it _should_ be, as one would expect that the setting above would apply
> to everything... but, now I'm at a loss.
> 
> How do I allow localhost to make non-TLS connections while requiring
> external connections to use TLS?
> 
> Thanks,
> 
> Matt Butcher
-- 
M Butcher <mbutcher@grcomputing.net>

Follow-Ups:
- RE: Security, SSF and localhost lookups
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Security, SSF and localhost lookups
  - From: M Butcher <mbutcher@grcomputing.net>

Prev by Date: Security, SSF and localhost lookups
Next by Date: RE: Do large searches block updates under the ldbm backend?
Index(es):
- Chronological
- Thread