[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS bare minimum

--On June 5, 2007 3:08:17 PM -0400 "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov> wrote:

I would like to set up TLS on our server. Looking through the
Administration guide, I am unsure if I need both server AND client
certificates. As I understand it I am supposed to first see if I can use
the command line tools to establish the TLS connection then attempt to
set up a client. So I have created a server certificate. I would like to
do this with a test system. The test server is running 2.0.27-22 and our
actual server runs 2.2.13-6.4E.. How can I be sure that I am getting an
encrypted connection. I am also unsure of how to use LDAP search since
whenever I do use it I get errors but when I verify the contents of our
directory with other software I can see the things Iâm looking for.
Again this is a question about LDAPsearch, not the other software. I have
a user called tester in my  dc=test,dc=com test server (Is it a problem
that I use test.com when the machine is not on that domain?) what would
be the command to get the LDAP information about tester?

I think you need to seriously examine running modern, supported versions of OpenLDAP (2.3.35 is the current release). But no, you don't need a client cert to establish TLS. The client must have access to the CA that signed the server cert, however. Have you read the man page on ldapsearch? Do you have any example of how you are using ldapsearch?


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration