[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unix sockets and localhost and TLS

To: openldap-software@OpenLDAP.org
Subject: Re: unix sockets and localhost and TLS
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sat, 05 Feb 2005 21:54:52 +0100
In-reply-to: <cu0fbe$1fa$1@sea.gmane.org> (Jason Joines's message of "Fri, 04 Feb 2005 12:37:17 -0600")
Organization: AVCI
References: <cu0fbe$1fa$1@sea.gmane.org>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

Jason Joines <joines@bus.okstate.edu> writes:

>     I've go OpenLDAP 2.2.15 running on SuSE Linux 9.2.  There is one
>     master and several slaves.  The slaves run Samba and various other
>     services that use ldap for authentication.  In this case, is if
>     more efficient to reference the ldap server via localhost like
>     ldap://localhost or via unix sockets like
>     ldapi://%2fvar%2frun%2fslapd%2fldapi?  If using unix sockets, is
>     TLS even applicable?  If not, will enabling TLS in slapd.conf
>     disable access to the unix socket?

>From a security point of view there is no need to start TLS on local
sockets, therefore TLS is not initiated. To my experience transport over
local sockets seems to be slightly faster than over internet sockets.
Just an example

time ldapwhoami -H ldapi:// -ZZ -Y EXTERNAL






-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53

Follow-Ups:
- Re: unix sockets and localhost and TLS
  - From: Jason Joines <joines@bus.okstate.edu>

References:
- unix sockets and localhost and TLS
  - From: Jason Joines <joines@bus.okstate.edu>

Prev by Date: Re: Slave machine
Next by Date: Re: unix sockets and localhost and TLS
Index(es):
- Chronological
- Thread