[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Require use of SSL..

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Require use of SSL..
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Mon, 08 Mar 2004 09:39:11 +0100
In-reply-to: <004201c404d6$a19140a0$6401a8c0@yourqqh4336axf>
Organization: Billy
References: <004201c404d6$a19140a0$6401a8c0@yourqqh4336axf>

man, 08.03.2004 kl. 07.01 skrev adp:

> I have been studying 'require' for slapd, but it doesn't appear to do what I
> want. Hopefully someone can help here. I want to force all connections to be
> over SSL. Is there an easy way to do this? I know that OpenLDAP supports
> both ldaps (just ldap over SSL on port 636 from what I can see) and StartTLS
> (port 389). What I can't see is how to enforce the use of StartTLS.

'man slapd.conf' -> security -> tls=1. Not very clear in the man;
nevertheless, it works - for 2.1.25 and 2.2.x

>  Also, is
> there any reason why this would be a bad idea? We are using LDAP mostly to
> auth user logins (not yet actually).

Certain clients - e.g. Courier maildrop 1.6.3 - can't cope with TLS/SSL
at all, and won't in the near future.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

References:
- Require use of SSL..
  - From: "adp" <dap99@i-55.com>

Prev by Date: Re: Require use of SSL..
Next by Date: Re: Require use of SSL..
Index(es):
- Chronological
- Thread