[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS or plain?

To: Beast <beast@setuid.com>
Subject: Re: TLS or plain?
From: Christian DUCLOU <Christian.Duclou@eeigm.inpl-nancy.fr>
Date: Fri, 18 Jul 2003 14:46:24 +0200
Cc: openldap-software@OpenLDAP.org
Organization: EEIGM
References: <498825748.20030718181451@setuid.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.0.2) Gecko/20021120 Netscape/7.01

Hi,

You should take the trace in /var/log/syslog:

Jul 18 14:36:54 ldapserver slapd[1272]: conn=39 fd=12 ACCEPT from IP=XXX.XXX.XXX.XXX:2024 (IP=XXX.XXX.XXX.XXX:389) Jul 18 14:36:54 ldapserver slapd[1273]: conn=39 op=0 BIND dn="" method=128


And convert the value for "method"

# pwd ; grep LDAP_AUTH ldap.h ...../openldap-2.1.22/include #define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */ #define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */ #define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */ #define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */ #define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */ #define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */ #define LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07 #define LDAP_STRONG_AUTH_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED #define LDAP_AUTH_UNKNOWN 0x56

-- Christian

Beast a écrit:

Hi all,

I have openldap 2.1.21 which support plain, tls or ssl.
This ldap is used by many apps, ie. pam for user auth, mod_auth_ldap
from apache, postfix etc.

How do i know that client is connect using TLS and not plain
(unencrypted) from openldap itself or is there another way to see it?

--beast

Follow-Ups:
- Re: TLS or plain?
  - From: Beast <beast@setuid.com>

References:
- TLS or plain?
  - From: Beast <beast@setuid.com>

Prev by Date: /etc/ldap.secret : hack one client and own the whole directory?
Next by Date: Re: /etc/ldap.secret : hack one client and own the whole directory?
Index(es):
- Chronological
- Thread