[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap tools starttls

To: "Ricardo Kirkner" <ricardo@fcen.uba.ar>, <openldap-software@OpenLDAP.org>
Subject: RE: openldap tools starttls
From: "Tay, Gary" <Gary_Tay@platts.com>
Date: Sat, 30 Oct 2004 08:12:54 +0800
Content-class: urn:content-classes:message
Thread-index: AcS9y2+hJsUVHJTiQe2x1ogKrcCLeAASLCP+
Thread-topic: openldap tools starttls

Your question has been answered, I just want to make a correction: StartTLS uses port 389/ldap, not port 636/ldaps. When using starttls, the ldap client should be using "uri ldap://FQDN"; in ldap.conf (both OpenLDAP and NSS_LDAP/PAM_LDAP).

Yes we may start the server in ldaps:// mode, on top of ldap://, but that is for local "openssl" testing only usually.

Read the OpenLDAP FAQ pages for SSL, TLS info. many are there.

	-----Original Message----- 
	From: owner-openldap-software@OpenLDAP.org on behalf of Ricardo Kirkner 
	Sent: Fri 10/29/2004 11:13 PM 
	To: openldap-software@OpenLDAP.org 
	Cc: 
	Subject: openldap tools starttls

	Hi:

	Is there a way to configure that StartTLS should be used by default when
	using the openldap utilities?

	In the PAM ldap.conf there is the option "ssl starttls", and in the
	openldap ldap.conf there is the option for using SSL "uri
	ldaps://myserver", but I cannot find an option for using StartTLS by
	default (I know I can use it by calling ldapsearch with -ZZ, by I want
	to configure it so I don't need to remember, and I always am sure that
	the connection is encrypted)

	thanks

	ricardo

Prev by Date: RES: Newbie question on client Auth and SSL
Next by Date: log errors regarding "can't contact ldap server"
Index(es):
- Chronological
- Thread