[Date Prev][Date Next] [Chronological] [Thread] [Top]

about TLS and Openldap ...


I get my Openldap-2.0.18 working with TLS-Support. I'm using LDAP, PHP 4.0.6, GQ 4.0.1 (I think), pam_ldap and nss_ldap (newest versions) as "clients" - all compiled with TLS/SSL-support.
But now I'm a little bit concerned about security, because when starting slapd with

/usr/local/openldap/libexec/slapd -h "ldap:/// ldaps:///" -d 127 -f /usr/local/openldap/etc/openldap/slapd.conf

the log output shows, that TLS is used in all communications, but some of the packages I see are in clear text. These lines start with "ldap_read" or "ber_dump" instead of "tls_read"/"tls_write" . Unfortunately these packages also include password information.

Have I done something wrong (pherhaps configuration)? Or is this not the real "net traffic" but just Openldap internal communication, that can't be seen by others?

Openldap (as far as I understand it) only supports TLS connection without client certificate. Does this mean only "one way" of communication is encrypted?

Please give me some advice.