On 10/18/05 10:24 AM, "Fred Viles" <[EMAIL PROTECTED]> wrote:
> On 18 Oct 2005 at 18:18, Heiko Schlittermann wrote about > "Re: [exim] LDAP lookup over SSL": > > | Cyril Feraudet <[EMAIL PROTECTED]> (Di 18 Okt 2005 10:58:32 CEST): > | > it is possible to bind an ldap server over ssl (not start TLS). > | > | I think, currently it (TLS on connect) is the only possibility to use > encryption for LDAP > | queries. > > Hmm? I am not an expert of SSL or LDAP, but I don't see how > encryption of the SMTP session has any relationship with encryption > of database queries being made by exim. Indeed. But that's not the question I see above. First: Exam question: Discuss LDAP over SLL as you understand it. Exam answer: LDAP over SLL as I understand it is not very well understood. With that out of the way, suitable LDAP servers provide for SSL-protected connections on--by convention--port 636. These are similar to the ssl-on-connect connections for SMTP using--typically--port 465. LDAPv3 provides the alternative of a STARTTLS means of using the normal LDAP port (389). OpenLDAP seems to provide support for ldaps: URLS using the port 636 mechanism. A look through Google (while dodging LDAPS, the Lego Design and Programming System) leaves me dubious about support in OpenLDAP for STARTTLS, although man -S3 ldap seems encouraging. Next question is what parts of this does Exim support in making LDAP lookups. Presumably, the answer is revealed in the source. --John -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
