On 1/22/07 11:22 PM, skalyanasundaram wrote:
Thanks all for your help, But Adam is saying, "> TLS works on 636? I don't think so, 636 is for SSL."But Hallvard is saying "> TLS works on 636? Yup. " So what i tried is i initiated a ldap_initialize(&ld,"ldaps://XX") and ldap_start_tls_s it returns 1 "Operations Error". So i guess 636 already SSL enabled and will not allow TLS on that, because no need , it is already secured one. Am i right?
You are correct, port 636 (in its default use as the SSL connection) already has the SSL as part of the connection and trying to enable SSL again via TLS is redundant.
My final question would be how to use certificates from the client side, i mean to say that server should decide to accept the client with or without certificate. As of now i did not try with any certificates. Please do me this last help on this topic.
I'm not certain that I understand your question. Are you saying that you want the server to communicate with the client whether the client is using an SSL certificate to identify itself or not? Well, that's the normal operation of OpenLDAP to ignore the client certificates (unless you've put requirements in the slapd.conf file that require client certificates)
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
smime.p7s
Description: S/MIME Cryptographic Signature
--- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
