[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with SASL and TLS



Adam Shand wrote:
>
> here are the relevant pieces of what i have in my slapd.conf:
>
> TLSCertificateFile      /etc/openldap/server.pem
> TLSCertificateKeyFile   /etc/openldap/server.pem
> TLSCACertificateFile    /etc/openldap/server.pem
>
> replogfile /etc/openldap/slurpd.replog
> replica host=192.168.1.2:389
>         binddn="cn=manager,dc=example,dc=net"
>         bindmethod=simple
>         credentials=mypasswd
>         tls=yes
>
> you should generate the key like this:
>
> # openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
>

It would seem that the problem was that I was expecting the SSL/TLS traffic to go over the 636 port not the same port as unencrypted traffic. I think this is due to the description in the FAQ of TLS/SSL. I think it's there that I went off on some weird tangent. Using ngrep I could determine that the traffic is indeed being encrypted.