Mysteries of openldap
Craig White
craig at tobyhouse.com
Fri Nov 30 22:12:32 UTC 2007
On Fri, 2007-11-30 at 16:07 -0600, Anthony Messina wrote:
> On Friday 30 November 2007 03:59:15 pm Timothy Murphy wrote:
> > Craig White wrote:
> > >> I'm running openldap on my desktop,
> > >> and can access it fine from my laptop.
> > >> But I'd like to use TLS encryption
> > >> (as the desktop ldap is open to the world).
> > >>
> > >> Unfortunately I find the openldap documentation
> > >> very difficult to follow.
> >
> > ...
> >
> > > short answer, use ldaps - even though it is deprecated.
> >
> > Well, thanks very much for your response.
> > I'll try ldaps, as you suggest.
> > I couldn't tell, from the documentation,
> > what the difference is between ldap + TLS and ldaps,
> > except that they seem to use different ports.
>
> ldaps is ldap over ssl, port 636: this would be similar to using https://
> instead of http://
>
> ldap + tls is ldap using the start_tls mechanism, port 389
----
yes, more common these days to use URI than HOST designations.
uri ldaps://some.fqdn:636
similar to
uri ldap://some.fqdn:389
ssl start_tls
be sure that your self-signed certs, dns, system all use the same host
names
Craig
More information about the fedora-list
mailing list