[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls versus ldaps

To: Imobach González Sosa <igonzalez@becarios.ulpgc.es>
Subject: Re: start_tls versus ldaps
From: "Axel" <axel@axeltabs.com>
Date: Thu, 12 Aug 2004 17:46:01 +0300 (EEST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <200408121124.41942.igonzalez@becarios.ulpgc.es>
References: <200408121124.41942.igonzalez@becarios.ulpgc.es>
User-agent: SquirrelMail/1.4.2

One point is that some clients dont support ssl but only tls (gq for
example).
Also I could'nt get samba to work with tls ( ldap ssl = start_tls ) so I
just have them both (tls and ssl).



> Hi all,
>
> First of all, I apologize for my poor english writing skill. I hope you to
> understand me.
>
> I'm almost new using TLS/SSL (and OpenLDAP too), so don't be rough ;)
>
> Right, I'm trying to set up an OpenLDAP server and I'd like the
> connections to
> be encrypted. Ok, it seems that TLS/SSL works pretty fine using start_tls
> or
> ldaps://. So, my question is, what's better?
>
> I've read somewhere that TLS is the "new way" and must be preferred. So, I
> suppose I could close the 636 port. In the other hand, I don't know if I
> can
> force the clients to use TLS over 389 this way.
>
>>From your experience, what do you think about it? I almost have read the
> "admin guide" and I've not seen clear advices on this issue.
>
> Thank you in advance.
>
> --
> Imobach González Sosa
> Servicio de Informática y Comunicaciones de la ULPGC
> e-mail: igonzalez@becarios.ulpgc.es
> Teléfono: +34 928 459519
>
>



cheers,
http://www.axeltabs.com/

Follow-Ups:
- Re: start_tls versus ldaps
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- start_tls versus ldaps
  - From: Imobach González Sosa <igonzalez@becarios.ulpgc.es>

Prev by Date: Custom schema repository?
Next by Date: RE: SLAPD denial of connections under load
Index(es):
- Chronological
- Thread