[Date Prev][Date Next]
RE: ldap-ssl trouble .....
That's right. Of course the StartTLS request can be sent any time but
there's not much point in doing it late. The standard client tools will
send it as the first request.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Carl J Meyer
> I'm no expert, but from packet-sniffing my LDAP connections it appears
> that StartTLS is issued before binding (which is what I would expect, or
> else TLS would be mostly pointless), so you don't need
> to worry about passwords in the clear using StartTLS.
> It's just too bad that there's no stable PHP release with ldap_start_tls
> yet, so we're stuck using ldaps:// until the we get the next release...
> On Thu, 14 Feb 2002, Kaufmann Lionel wrote:
> > Thanks a lot for you explanation Mister Chu !!
> > Some light in the darkness....
> > So there is two way to work with TLS / SSL
> > 1) Normal connection on port 389 ( or an another you can specify when
> > lounching the server and in the client, that was my mistake :-/
> ) and then
> > turn TLS/SSL with the start TLS request ( -Z option )!
> > In this way you don't need to run ldaps://
> > I verified it : only lounch the normal server ( and retired the
> port number
> > 636 in my ldap.conf sigh' ) #>ldapsearch -x -Z -b o=societe.fr sn=Wayne
> > works better ( i still have an error but it's with the
> certificate, i will
> > work on it a little bit more to find how to correct....)
> > But with this way the identification / connexion is established
> in clear....
> > 2) Full secured communication ( connection && data ) with the ldaps://
> > server on port 636 where SSL take !
> > This is the way i would prefer because password would be crypted....
> > This is not standard ?
> > Can I use ldapsearch to communicate with such a server ? If yes, how ?
> > Thanks for every help...
> > Best reguards