[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: recompile openldap with SSL support



On Mon, 1 Oct 2012, Darouichi, Aziz wrote:

We have a direct tunnel connection to a vendor  who uses our local LDAP, when I complied Openldap I did not enable SSL.  Is possible to re-compile  it again with SSL enabled even if it?s in production.    We are moving to moving one
of our in house applications to a  hosted/managed but still need to authenticate with local LDAP. Vendor is asking for Secure LDAP connection.

This should be OK in theory, but that server is going to need an outage to change binaries. You can safely treat it just like any other slapd upgrade (slapcat / stop slapd / install binaries / slapadd / start slapd) or, if you're completely confident that you have all the same libraries that your current version utilizes, you should be able to just drop in the new binaries and stop/start.

There's no obligation with the TLS-aware binary to actually configure TLS, so you can even come down with your old config and then set up TLS once you come back up.

Still, I'd recommend doing a slapcat now with your existing binaries just in case, and keeping that somewhere safe. (Of course you should be doing that regardless of your upgrade timing?)