Using LDAP backend with start_tls - Kerberos

This is a discussion on Using LDAP backend with start_tls - Kerberos ; Hi everyone, I was wondering how can I use the LDAP backend over a TLS connection. Looking at the krb5.conf file man page, looks like there is no option covering this and I'm assuming that simply using ldaps:// as the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Using LDAP backend with start_tls

  1. Using LDAP backend with start_tls

    Hi everyone,

    I was wondering how can I use the LDAP backend over a TLS connection.
    Looking at the krb5.conf file man page, looks like there is no option
    covering this and I'm assuming that simply using ldaps:// as the
    ldap_servers URI will toggle SSL over port 636 instead of TLS at port
    389.

    ldapi://socket will initiate a unix socket connection
    ldap://host will start an unsecured connection at port 389
    ldaps://host will start SSL through port 636

    Is there a way to START_TLS over port 389?

    Thanks,

    -Klaus


    --
    Klaus Heinrich Kiwi
    Linux Security Development, IBM Linux Technology Center


  2. Re: Using LDAP backend with start_tls

    Le 17-09-2008, Klaus Heinrich Kiwi a √©crit¬*:
    > Hi everyone,
    >
    > I was wondering how can I use the LDAP backend over a TLS connection.
    > Looking at the krb5.conf file man page, looks like there is no option
    > covering this and I'm assuming that simply using ldaps:// as the
    > ldap_servers URI will toggle SSL over port 636 instead of TLS at port
    > 389.
    >
    > ldapi://socket will initiate a unix socket connection
    > ldap://host will start an unsecured connection at port 389
    > ldaps://host will start SSL through port 636
    >
    > Is there a way to START_TLS over port 389?
    >
    > Thanks,
    >
    > -Klaus
    >
    >


    Hi,

    I have this setup with Heimdal and Openldap and iirc I checked the
    source code and TLS was -not- used at all there :/
    I did not care much since I use the same server for both, but this is
    disturbing ...

    writing a patch for this in Heimdal should be pretty straight forward I
    guess.

    Cheers,
    Mik

+ Reply to Thread