We are trying to put in place a high availability instance of openLDAP
using a 3-node n-way multi master setup. I can telnet to our instance and
each individual node through ports 389 and 636. I can use the showcerts
command on port 636 and see the certs but wheh I try to do this on port
389
I can use the showcerts command on port 636 and see the certs but wheh I try
to do this on port
389 to use TLS I get the following error.
389 is the plaintext LDAP port; 636 is for LDAP over SSL/TLS so your system
is doing the right thing. If you want to force SSL/TLS, then you'll have to
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
Another option is to use LDAP's STARTTLS support on port 389.
It seems the config to require it is a bit obscure;
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
might be useful.
Note, the above is for
Another option is to use LDAP's STARTTLS support on port 389.
It seems the config to require it is a bit obscure;
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html might be
useful.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-users@openssl.org openssl-users@openssl.org
Date: 09/23/2013 10:10 AM
Subject:Re: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich
Viktor Dukhovni wrote:
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
Another option is to use LDAP's STARTTLS support on port 389.
It seems the config to require it is a bit obscure;
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
might be useful.
Note, the above is for enforcing STARTTLS on the server. If the
decision is left to the client, the configuration is less opaque.
And less secure. :)
If policy is to use SSL/TLS, then the server must enforce it; trusting the
clients to do the right thing is bad.
/r$
--
Principal
From: Salz, Rich rs...@akamai.com
To: openssl-users@openssl.org openssl-users@openssl.org
Date: 09/23/2013 10:29 AM
Subject:RE: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
Note, the above is for enforcing STARTTLS on the server
On Mon, Sep 23, 2013 at 11:27:06AM -0400, Salz, Rich wrote:
Note, the above is for enforcing STARTTLS on the server. If the
decision is left to the client, the configuration is less opaque.
And less secure. :)
If policy is to use SSL/TLS, then the server must enforce it;
trusting the
From: Viktor Dukhovni openssl-us...@dukhovni.org
To: openssl-users@openssl.org openssl-users@openssl.org
Date: 09/23/2013 10:40 AM
Subject:Re: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
On Mon, Sep 23, 2013 at 11:27:06AM -0400, Salz, Rich
10 matches
Mail list logo