[EMAIL PROTECTED] writes: > I like to secure my open ldap access between the server and > clients. I hv gone through some documentation and > found that the start-tls option in /etc/ldap.conf enables > this features. I hv already created a self signed > certificate. > But I can't understand the tls_checkpeer option. should I > enable it ? what to do else to activate tls ?
Turn it on. And tls_cacertfile with the CA-certificate which signed the server's certificate. It means that the client will verify that the server certificate is valid, trusted, and has the name of the hostname you _thought_ you were connecting to. Thus an attacker can't hijack/redirect your connection to a hostile server, since that server would need the certificate and its key in order to impersonate your server. -- Regards, Hallvard --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
