Re: TLS issue with SLES11

[Benjamin Griese <der.darude@gmail.com>]

Hello,

I don't clearly understand what you're trying to achieve?

There are two possible ways to do encrypted connections:

- with StartTLS via Port 389 (ldap:// - non-encrypted connections are still possible, if onfigured in your slapd config)

- with SSL/TLS via 639 (ldaps://)

You can disable/enable each way in your /etc/sysconfig/openldap file.

Please read this: http://www.openldap.org/faq/data/cache/185.html

Bye, Benjamin

On Sat, Aug 27, 2011 at 12:00, pradyumna dash <neomatrixgem@gmail.com> wrote:

List,

It would be great if someone can share doc on TLS with OpenLDAP configuration on SLES 11, I tried all the possible ways to make it happen but no luck.

I tried with both yast2 and by CA.pl and openssl commands, but no luck, When i do netstat .lnap |grep ldap it shows both 636 and 389 port listtening to the
hostname, When i check the logs it shows the destination port its showing is 389.

But when i try ldapsearch -x -H ldaps://hostname, its also showing me the ldap contents, dont know whats wrong, I also tried to open /etc/sysconfig/openldap
and assigned the LDAP service to run on 127.0.0.1, but if i do so then its not able to get the server.

Please help.

Regards,
Neo

--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra