[Date Prev][Date Next] [Chronological] [Thread] [Top]

Trying to confirm use of TLS...


  When running slapd with ldap:/// and ldaps:///, I understand that it
is listening on port 389 and 636.  If my clients have /etc/ldap.conf
with an entry of 'ssl start_tls', I assume that means that my session
is encrypted (i.e. all data passed back and forth from client -> server
is munged).  

  This being the case, I'm sure it is extremely critical to only allow
connections to slapd from trusted hosts, using tcp wrappers - correct?
If not, anybody can talk to my 389 port and therefore sniff.

  I have tested with just ldaps:///, and it works, but I fear I can't
use slurpd/replication unless I use 389 - is that right?

  Thanks for the info....

<><  ><> <><  ><> <><  ><> <><  ><> <><  ><> <><  

Ken Kleiner
System Manager
Computer Science Department
Umass Lowell

voice : 978 934 3645
fax : 978 934 3551

cell : 603 930 5582 (emergencies only, please)