[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

To: Robert Heller <heller@deepsoft.com>, brendan kearney <bpk678@gmail.com>
Subject: Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 29 Sep 2017 09:15:27 -0700
Cc: m.wandel@t-online.de, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <WM!42bd67f9720a65826e770d6d912c9a63fe6bbaf27b7948988128bea2c9709b8a458b6871a6be0263f43e3928fbab6cde!@mailstronghold-3.zmailcloud.com>
References: <20170928170817.DE268732A40@sharky3.deepsoft.com> <WM!3841d97ef9fe61874abde790669c89cda7491f751a8d1d42d6fedcad23ad03723369227f2cf988e1296a97f7d1455a45!@mailstronghold-2.zmailcloud.com> <3631C46B10C6A6D96C92A6CA@192.168.1.30> <20170928183434.C52377323F2@sharky3.deepsoft.com> <WM!d02d61414b21d1174b6888ab449c4269fa38d934004f76ade936b18cd00ea29eb903d4c22a82e75a76373bb72667b68d!@mailstronghold-3.zmailcloud.com> <5A6DACC51CF6F5156270C77F@192.168.1.30> <20170928194148.9B6D973231B@sharky3.deepsoft.com> <15356c29-f750-6f54-3e08-e5ad268233c9@t-online.de> <CAARxGtjJR5ZFTQd1aCpuPn_dcHdeSVJXxXC=JSRTmL2N7uTyMw@mail.gmail.com> <20170929135940.D4B617321AF@sharky3.deepsoft.com> <CAARxGtjmW9FU5kZqJHXPsUy-mmvtiZ8zcxC8gKyS3WYZdjEXdA@mail.gmail.com> <20170929160717.29C67732141@sharky3.deepsoft.com> <WM!42bd67f9720a65826e770d6d912c9a63fe6bbaf27b7948988128bea2c9709b8a458b6871a6be0263f43e3928fbab6cde!@mailstronghold-3.zmailcloud.com>

--On Friday, September 29, 2017 1:07 PM -0400 Robert Heller<heller@deepsoft.com> wrote:

At Fri, 29 Sep 2017 10:47:48 -0400 brendan kearney <bpk678@gmail.com>
wrote:



SASL is a "glue" between LDAP and Kerberos, that translates an identity
established through Kerberos AuthN to an LDAP Distinguished Name (among
other possible uses). When communications between Kerberos and LDAP
happen, SASL also provides encryption.

I have setup Kerberos, SASL, OpenLDAP and SSSD all on Fedora and it all
works.  I dont have to muck with SSL/TLS and the different
implementations with their specific nuances.


Don't you still need a SSL Certificate?  That is, SSL/TLS is still there
someplace?


No.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Robert Heller <heller@deepsoft.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: Michael Wandel <m.wandel@t-online.de>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: brendan kearney <bpk678@gmail.com>
- Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
  - From: brendan kearney <bpk678@gmail.com>

Prev by Date: Re: Openldap periodic cpu spikes in one of the servers in two node MMR
Next by Date: Re: Openldap periodic cpu spikes in one of the servers in two node MMR
Index(es):
- Chronological
- Thread