[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls versus ldaps

One point is that some clients dont support ssl but only tls (gq for
Also I could'nt get samba to work with tls ( ldap ssl = start_tls ) so I
just have them both (tls and ssl).

> Hi all,
> First of all, I apologize for my poor english writing skill. I hope you to
> understand me.
> I'm almost new using TLS/SSL (and OpenLDAP too), so don't be rough ;)
> Right, I'm trying to set up an OpenLDAP server and I'd like the
> connections to
> be encrypted. Ok, it seems that TLS/SSL works pretty fine using start_tls
> or
> ldaps://. So, my question is, what's better?
> I've read somewhere that TLS is the "new way" and must be preferred. So, I
> suppose I could close the 636 port. In the other hand, I don't know if I
> can
> force the clients to use TLS over 389 this way.
>>From your experience, what do you think about it? I almost have read the
> "admin guide" and I've not seen clear advices on this issue.
> Thank you in advance.
> --
> Imobach González Sosa
> Servicio de Informática y Comunicaciones de la ULPGC
> e-mail: igonzalez@becarios.ulpgc.es
> Teléfono: +34 928 459519