[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Securing Open LDAP & SSL

Daniel Hanks wrote:
> On Thu, 10 Feb 2000, Michael [iso-8859-1] Ströder wrote:
> > OpenLDAP wrote:
> > >
> > > I'm looking for tips on securing the LDAP software,
> > > implementing SSL to
> > > the servers that will utilize it,
> >
> > You can e.g. use stunnel on both ends (client-/server-mode) for
> > tunneling the LDAP traffic.
> >
> Unfortunately, (and correct me if I'm wrong...) stunnel uses openssl,
> which uses rsa, and therefore unless you're non-commercial, or outside the
> US, it's illegal to use w/o a license from the RSA people.
> I have built openssl without RSA, but most anything that uses it wont work
> without the RSA stuff...as far as I have seen.
> Has anybody discovered any alternative solutions to this problem?

Especially stunnel make some efforts to get the DSA/DH thing
working. If you have it on both sides this might work. I never tried
it myself. You have to create DSA certs (look at the mailing-list
archive on http://www.openssl.org/).

Ciao, Michael.