This is a discussion on Re: Using LDAP backend with start_tls - Kerberos ; TLS uses the standard LDAP port, by default 389, if it is started. To my understanding, then you just use ldap:// See also: http://www.openldap.org/faq/data/cache/605.html Sonja "Michael B Allen" Sent by: firstname.lastname@example.org 18.09.2008 05:28 To "Klaus Heinrich Kiwi" cc email@example.com Subject ...
TLS uses the standard LDAP port, by default 389, if it is started. To my
understanding, then you just use ldap://
See also: http://www.openldap.org/faq/data/cache/605.html
"Michael B Allen"
Sent by: firstname.lastname@example.org
"Klaus Heinrich Kiwi"
Re: Using LDAP backend with start_tls
On Wed, Sep 17, 2008 at 5:21 PM, Klaus Heinrich Kiwi
> Hi everyone,
> I was wondering how can I use the LDAP backend over a TLS connection.
> Looking at the krb5.conf file man page, looks like there is no option
> covering this and I'm assuming that simply using ldaps:// as the
> ldap_servers URI will toggle SSL over port 636 instead of TLS at port
> ldapi://socket will initiate a unix socket connection
> ldap://host will start an unsecured connection at port 389
> ldaps://host will start SSL through port 636
> Is there a way to START_TLS over port 389?
Perhaps you can grep through the ldap backend source. If it uses
OpenLDAP's API I believe the function in question is called
ldap_start_tls_s. If it exists, maybe you can determine what
conditions are required to trigger it.
Or wait for someone to answer who actually knows how the LDAP backend
Michael B Allen
PHP Active Directory SPNEGO SSO
Kerberos mailing list Kerberos@mit.edu