[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Securing Open LDAP & SSL

To: openldap-software@OpenLDAP.org
Subject: Re: Securing Open LDAP & SSL
From: Michael Ströder <michael.stroeder@inka.de>
Date: Thu, 10 Feb 2000 21:56:20 +0100
Organization: at Home
References: <Pine.LNX.4.04.10002101222530.23010-100000@coruscant.plug.org>

Daniel Hanks wrote:
> 
> On Thu, 10 Feb 2000, Michael [iso-8859-1] Ströder wrote:
> 
> > OpenLDAP wrote:
> > >
> > > I'm looking for tips on securing the LDAP software,
> > > implementing SSL to
> > > the servers that will utilize it,
> >
> > You can e.g. use stunnel on both ends (client-/server-mode) for
> > tunneling the LDAP traffic.
> >
> Unfortunately, (and correct me if I'm wrong...) stunnel uses openssl,
> which uses rsa, and therefore unless you're non-commercial, or outside the
> US, it's illegal to use w/o a license from the RSA people.
> 
> I have built openssl without RSA, but most anything that uses it wont work
> without the RSA stuff...as far as I have seen.
> 
> Has anybody discovered any alternative solutions to this problem?

Especially stunnel make some efforts to get the DSA/DH thing
working. If you have it on both sides this might work. I never tried
it myself. You have to create DSA certs (look at the mailing-list
archive on http://www.openssl.org/).

Ciao, Michael.

References:
- Re: Securing Open LDAP & SSL
  - From: Daniel Hanks <hanksdc@plug.org>

Prev by Date: Re: Securing Open LDAP & SSL
Next by Date: Microsoft Outlook 98 and OE fail with OpenLDAP
Index(es):
- Chronological
- Thread