[Date Prev][Date Next]
Re: about TLS and Openldap ...
> >Your slapd binds to port 636/ldapssl and 389/ldap.
> >If you don't remove 'ldap:///' your server will also respond on non
> >encrypted traffic.
> I removed "ldap:///" and tested it with PHP - the same log as before.
> But testing with GQ and pam/nss does'nt work properly. I think it's
> because these clients don't use ldaps over port 636 but start_tls over
> port 389. Is this a security problem? Also I tried they don't use Port
> 636, but I thought start_tls is as save as ldaps?????
a problem i had with getting ldaps running was that my SSL cert was not
created with the correct hostname.
when you create the SSL cert, make sure your forward,reverse lookups match
the Common Name value you give:
openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 0
Common Name (eg, YOUR name) : myserver.mydomain.com
..just a shot in the dark. (:
"FreD is not dead"
- echo $(uname) is not dead | sed "s/eBS//"
Johann L. Botha Debian GNU Jedi: email@example.com
email: firstname.lastname@example.org snail mail: PO Box 3472
mobile: +27 82 5626 167 Matieland
workpage: http://www.frogfoot.net Stellenbosch
homepage: http://blue.frogfoot.net 7602
gps: 33deg 56.09S, 18deg 25.31E, 64m South Africa
Copyright (c) 2001. The Sovereigns of Frogfoot. All rights reserved.
Disclaimer available upon request.