[30314] in Kerberos
Re: Using LDAP backend with start_tls
daemon@ATHENA.MIT.EDU (Sonja Benz)
Thu Sep 18 01:17:20 2008
In-Reply-To: <78c6bd860809172028s3115572cp7bcf2270f18be0c0@mail.gmail.com>
To: "Michael B Allen" <ioplex@gmail.com>
MIME-Version: 1.0
From: Sonja Benz <sonja.benz@de.ibm.com>
Message-ID: <OF995F0181.DE615FE1-ONC12574C8.001C8C84-C12574C8.001CCC96@de.ibm.com>
Date: Thu, 18 Sep 2008 07:14:33 +0200
Cc: kerberos-bounces@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
TLS uses the standard LDAP port, by default 389, if it is started. To my
understanding, then you just use ldap://
See also: http://www.openldap.org/faq/data/cache/605.html
Sonja
"Michael B Allen" <ioplex@gmail.com>
Sent by: kerberos-bounces@mit.edu
18.09.2008 05:28
To
"Klaus Heinrich Kiwi" <klausk@linux.vnet.ibm.com>
cc
kerberos@mit.edu
Subject
Re: Using LDAP backend with start_tls
On Wed, Sep 17, 2008 at 5:21 PM, Klaus Heinrich Kiwi
<klausk@linux.vnet.ibm.com> wrote:
> Hi everyone,
>
> I was wondering how can I use the LDAP backend over a TLS connection.
> Looking at the krb5.conf file man page, looks like there is no option
> covering this and I'm assuming that simply using ldaps:// as the
> ldap_servers URI will toggle SSL over port 636 instead of TLS at port
> 389.
>
> ldapi://socket will initiate a unix socket connection
> ldap://host will start an unsecured connection at port 389
> ldaps://host will start SSL through port 636
>
> Is there a way to START_TLS over port 389?
Perhaps you can grep through the ldap backend source. If it uses
OpenLDAP's API I believe the function in question is called
ldap_start_tls_s. If it exists, maybe you can determine what
conditions are required to trigger it.
Or wait for someone to answer who actually knows how the LDAP backend
works :->
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
