ine doc/rlm_ldap I've read:
<quote>
# identity: DN under which LDAP searches are done password: pasword
# which authenticate this DN default: anonymous bind, no password
# required NOTE: searches are done now over unencrypted connection!
</quote>
I'm especially concerned about the 'searches are done now over
unencrypted connection!' sentence.
Does this mean that even if I use "start_tls = yes", searches will be
performed unencrypted ?
If yes, isn't the following procedure a way to enforce encryption on
searches ?
* do not use "start_tls = yes"
* use "port = 636" and/or "tls_mode = yes"
* have your ldap server reply only to port 636 in ldaps.
Thanks in advance,
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
