[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS or plain?


You should take the trace in /var/log/syslog:

Jul 18 14:36:54 ldapserver slapd[1272]: conn=39 fd=12 ACCEPT from IP=XXX.XXX.XXX.XXX:2024 (IP=XXX.XXX.XXX.XXX:389)
Jul 18 14:36:54 ldapserver slapd[1273]: conn=39 op=0 BIND dn="" method=128

And convert the value for "method"

# pwd ; grep LDAP_AUTH ldap.h
#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */
#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */
#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */
#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
#define LDAP_AUTH_UNKNOWN 0x56

-- Christian

Beast a écrit:

Hi all,

I have openldap 2.1.21 which support plain, tls or ssl.
This ldap is used by many apps, ie. pam for user auth, mod_auth_ldap
from apache, postfix etc.

How do i know that client is connect using TLS and not plain
(unencrypted) from openldap itself or is there another way to see it?