[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL support

> I've looked around in on the openldap.org web site and have found sound
> information on SSL and openldap 1.2 with the use of wrappers.  With OpenLDAP
> 2.0, do I still need to use wrappers?
> Joseph Hoot
> System Administrator
> http://www.networkpenguin.com
> joe@networkpenguin.com

SSL will insure that your communications between client and server are
secure.  Wrappers perform an entirely different function, ie. they provide
an extra layer of security, a little bit like having a firewall in your
application.  For example, if you are using wrappers, but mess up your
access controls, wrappers will limit your exposure.  Unless your situation
demands access from the entire internet, I would recommend using wrappers
to help insure that you've limited access to the desired networks, and
then fine tune your access through ACLs in slapd.conf.

On a side note about wrappers, configuring in wrappers on OSF 4.0e would cause
slapd to abort until I created /etc/hosts.allow and /etc/hosts.deny.  This
was because the error message saying they did not exist has some kind of
bug in it.  I'm looking forward to upgrading the OS level to see if that
will fix this problem.