[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s: Local error ???


-----Original Message-----
From: Bill Dossett [mailto:bd@emtex.com]
Sent: woensdag 20 november 2002 13:43
To: openldap-software@OpenLDAP.org
Subject: Re: ldap_sasl_interactive_bind_s: Local error ???

Tony Earnshaw wrote:
> ons, 2002-11-20 kl. 09:20 skrev Zhang Fei:
>>8.Adding a line in "ldap.conf" as root:
>>TLS_CACERT      		/usr/share/ssl/misc/demoCA/52026275.0
> I have no idea about 2.0.x, all my experience is with 2.1.x (at present
> 2.1.8. However,Howard has said that 2.0 can use SSL/TLS, so I suppose it
> can.
> 1: You seem to have previous experience with SSL. The fact that you are
> using hashes of certs seem to infer that your experience was with
> FreeS/WAN or Apache. Openldap 2.1 (at least) uses neither .der encoded
> certificates nor hashes, but .pem encoded raw certs;
> 2: *Raw* Openldap SSL/TLS (TLS is different from SSL) does not use SASL,
> which seems to be throwing you out (although SSL is refererred to as
> SASL EXTERNAL). Not that SSL is not a valid SASL extra, it's just that
> Openssl SASL is not necessary for Openldap SSL/TLS.

I'm a little confused by the statement "TLS is different from SSL".
 From my understanding, StartTLS, is different, but TLS and SSL
are two names for the same thing...  I could certainly be wrong,
and I guess this is for the OpenSSL list, but seeing as almost
everyone seems to be using some form of SSL, I think it is sort
of pertinent to this list as well.



> Best,
> Tony

> *************************************************************
> Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie
> bevatten die vertrouwelijk is en/of beschermd door intellectuele
> eigendomsrechten. Dit bericht is uitsluitend bestemd voor de
> geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht
> (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder
> elke vorm) door andere personen dan de geadresseerde(n) is verboden.
> Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender
> hiervan te verwittigen en dit bericht te verwijderen. 
> This e-mail and any attachment thereto may contain information which is
> confidential and/or protected by intellectual property rights and are
> intended for the sole use of the addressees. Any use of the information
> contained herein (including but not limited to total or partial
> reproduction or distribution in any form) by other persons than the
> addressees is prohibited. If you have received this e-mail in error,
> please notify the sender and delete its contents. 
> *************************************************************