[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL and pam_ldap

Geoff Hibble wrote:
> Hi,
> Is it possible to enable SSL between my pam_ldap client and my slapd
> server?  What is involved?

Right now it is not possible.  OpenLDAP 1.2 has no support for TLS.
There is some support on the development versions but it is not
enough for what you want: slapd will happily use TLS/SSL, but the
client-side support in the library is not complete enough and is
mostly untested.  I have to look carefully into what does nss_ldap
in terms of threads, it does something, but I never quite understood
what or why.

In the meantime, try stunnel.  You need stunnel in client mode
in the host where pam_ldap is used and stunnel in server mode
in the host where slapd is running.

If you feel adventurous, you can try the development version of
OpenLDAP and you can lose the server-side stunnel.  If you try
this, tell us how it went in openldap-devel (instead of this list
where we should try not to confuse readers about features/problems
they are unlikely to see).