[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issue with SLES11

To: openldap-technical@openldap.org
Subject: Re: TLS issue with SLES11
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 29 Aug 2011 13:25:24 +0200
Cc: pradyumna dash <neomatrixgem@gmail.com>, Benjamin Griese <der.darude@gmail.com>
In-reply-to: <CA+LU3B4CgRrn054+s2qgn4AZq-wvHJzG6GKQ2eghJjBSdgekzw@mail.gmail.com>
References: <CA+LU3B4E+5Z8gh-QJu7bwNggwo2iNC2ZX6aTyUzv=z5hGT0yWA@mail.gmail.com> <CAN=LG+MkeJaPGuwSYzT90J2YzMjBej_KFSNzSdeedgpq66kNyg@mail.gmail.com> <CA+LU3B4CgRrn054+s2qgn4AZq-wvHJzG6GKQ2eghJjBSdgekzw@mail.gmail.com>
User-agent: KMail/1.13.5 (Linux/2.6.33.7-desktop-2.1mnb; KDE/4.4.5; x86_64; ; )

On Saturday, 27 August 2011 12:23:38 pradyumna dash wrote:
> Hi,
> 
> I want to achieve ldaps, that means all the communication should use 636
> port,

You had done the configuration to *allow* encrypted communication.

> i have changed the parameters in the /etc/openldap/sysconfig file,
> but no luck.

Well, I don't know which of the following two you are trying to achieve:

1)Force all communication to be to a process listening on port 636
2)Force all communication to be via ldaps:///
3)Force all communication to be encrypted to a specific strength

Note that (1) may not achieve (3), and (2) might prevent clients that are 
capable of achieving (3) but not (2) from working.

Most likely you want to look at the 'security' statement covered in 
slapd.conf(5) to achieve (3).

Regards,
Buchan

Follow-Ups:
- Re: TLS issue with SLES11
  - From: pradyumna dash <neomatrixgem@gmail.com>

References:
- TLS issue with SLES11
  - From: pradyumna dash <neomatrixgem@gmail.com>
- Re: TLS issue with SLES11
  - From: Benjamin Griese <der.darude@gmail.com>
- Re: TLS issue with SLES11
  - From: pradyumna dash <neomatrixgem@gmail.com>

Prev by Date: How to delete LDAP Data base bdb
Next by Date: Re: Syncrepl over TLS for mirrormode
Index(es):
- Chronological
- Thread