[Date Prev][Date Next]
Re: recompile openldap with SSL support
On Mon, 1 Oct 2012, Darouichi, Aziz wrote:
We have a direct tunnel connection to a vendor who uses our local LDAP, when I complied Openldap I did not enable SSL. Is possible to re-compile it again with SSL enabled even if it?s in production. We are moving to moving one
of our in house applications to a hosted/managed but still need to authenticate with local LDAP. Vendor is asking for Secure LDAP connection.
This should be OK in theory, but that server is going to need an outage to
change binaries. You can safely treat it just like any other slapd upgrade
(slapcat / stop slapd / install binaries / slapadd / start slapd) or, if
you're completely confident that you have all the same libraries that your
current version utilizes, you should be able to just drop in the new
binaries and stop/start.
There's no obligation with the TLS-aware binary to actually configure TLS,
so you can even come down with your old config and then set up TLS once
you come back up.
Still, I'd recommend doing a slapcat now with your existing binaries just
in case, and keeping that somewhere safe. (Of course you should be doing
that regardless of your upgrade timing?)