[Date Prev][Date Next]
Re: recompile openldap with SSL support
On 10/01/12 16:01 -0400, Aaron Richton wrote:
On Mon, 1 Oct 2012, Darouichi, Aziz wrote:
We have a direct tunnel connection to a vendor who uses our local LDAP,
when I complied Openldap I did not enable SSL. Is possible to
re-compile it again with SSL enabled even if it?s in production. We
are moving to moving one of our in house applications to a
hosted/managed but still need to authenticate with local LDAP. Vendor is
asking for Secure LDAP connection.
You can use stunnel to listen on port 636 and act as a lightweight ldaps
This should be OK in theory, but that server is going to need an
outage to change binaries. You can safely treat it just like any
other slapd upgrade (slapcat / stop slapd / install binaries /
slapadd / start slapd) or, if you're completely confident that you
have all the same libraries that your current version utilizes, you
should be able to just drop in the new binaries and stop/start.
There's no obligation with the TLS-aware binary to actually configure
TLS, so you can even come down with your old config and then set up
TLS once you come back up.
Still, I'd recommend doing a slapcat now with your existing binaries
just in case, and keeping that somewhere safe. (Of course you should
be doing that regardless of your upgrade timing?)