[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLdap/SASL/TLS ...

On Wed, Feb 19, 2003 at 01:24:04PM -0600, Celso G. Lima wrote:
> What is the best way to get all the traffic between an openldap server and
> an openldap client encrypted?
> If this involves using SASL, does it have to be configured with kerberos? if
> it does not require kerberos, how do I get it working?
FWIW. You simply can have it start a instance of ldaps if you like 
ising the ldaps:// or use the TLSv1 starttls switch in the slapd.conf
(I have not tried this syntax for this yet.) To have non SSL enabled 
ldap clients access SSLed LDAP you can use stunnel in client mode.
This does not require Kerberos. However how one gets SASL to authenticate
using Kerberos I am trying to get working now. Related to this 
is how does one work in ldaps mode with SASL from a non connected 
system. IOW I would like to work from my mobile simulating the 
ldaps server locally. The problem is that the FQDN is needed to be
the same via DNS as is being requested. Is there a way to disable
this check or workaround it. That way one could work on ldaps
implementation and testing. Then merge diffs over to the development
server. Later committing this to the production LDAP server. 
Well any insights appreciated.

Best Regards,

/*  Security is a work in progress - dreamwvr                 */
# Note: To begin Journey type man afterboot,man help,man hier[.]      
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-]