Using LDAP backend with start_tls

Hi everyone,

I was wondering how can I use the LDAP backend over a TLS connection.
Looking at the krb5.conf file man page, looks like there is no option
covering this and I'm assuming that simply using ldaps:// as the
ldap_servers URI will toggle SSL over port 636 instead of TLS at port
389.

ldapi://socket will initiate a unix socket connection
ldap://host will start an unsecured connection at port 389
ldaps://host will start SSL through port 636

Is there a way to START_TLS over port 389?

Thanks,

-Klaus

--
Klaus Heinrich Kiwi
Linux Security Development, IBM Linux Technology Center

Le 17-09-2008, Klaus Heinrich Kiwi a Ã©critÂ*:
> Hi everyone,
>
> I was wondering how can I use the LDAP backend over a TLS connection.
> Looking at the krb5.conf file man page, looks like there is no option
> covering this and I'm assuming that simply using ldaps:// as the
> ldap_servers URI will toggle SSL over port 636 instead of TLS at port
> 389.
>
> ldapi://socket will initiate a unix socket connection
> ldap://host will start an unsecured connection at port 389
> ldaps://host will start SSL through port 636
>
> Is there a way to START_TLS over port 389?
>
> Thanks,
>
> -Klaus
>
>

Hi,

I have this setup with Heimdal and Openldap and iirc I checked the
source code and TLS was -not- used at all there :/
I did not care much since I use the same server for both, but this is
disturbing ...

writing a patch for this in Heimdal should be pretty straight forward I
guess.

Cheers,
Mik

Using LDAP backend with start_tls - Kerberos

Thread: Using LDAP backend with start_tls

LinkBack

Tools

Using LDAP backend with start_tls

Re: Using LDAP backend with start_tls