[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi security level?

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: ldapi security level?
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Tue, 06 Jul 2004 07:16:43 +0200
In-reply-to: <6.0.1.1.0.20040705120409.048c6858@127.0.0.1>
Organization: Billy
References: <HBF.20040627ijw9@bombur.uio.no> <6.0.1.1.0.20040627103918.047f27d8@127.0.0.1> <HBF.20040705h3eh@bombur.uio.no> <6.0.1.1.0.20040705120409.048c6858@127.0.0.1>

man, 05.07.2004 kl. 21.12 skrev Kurt D. Zeilenga:

> So, maybe, some don't consider ldapi:// to be "more secure"
> than TLS with a "strong" TLS cipher.  I find myself using
> TLS (with strong ciphers) over ldapi://.  I don't find
> that all that strange.

Not often I'm taken aback, but ... How on earth do you do this? With
2.2.x on 2 different rigs (ldap.conf has 'uri            
ldapi://%2fusr%2flocal%2fvar%2fslapd%2fldapi/'), I get:

1134 [root:billy.demon.nl] /etc/postfix/maps # ldapsearch -ZZ -x
'uid=tonni'
ldap_start_tls: Connect error (-11)
        additional info: TLS: hostname does not match CN in peer
certificate

More important, perhaps: Why would you want to?

--Tonni

-- 

Happiness is having your cat jump in through the window and
greet you, with the light summer dew yet a few seconds wet
on his coat.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl

Follow-Ups:
- Re: ldapi security level?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: ldapi security level?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: ldapi security level?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Fatal error: Cannot map library libdb-4.2.so
Next by Date: Re: ldap+ssl+Active directory
Index(es):
- Chronological
- Thread