From: Viktor Dukhovni <openssl-us...@dukhovni.org>
To: "openssl-users@openssl.org" <openssl-users@openssl.org>
Date: 09/23/2013 10:10 AM
Subject: Re: TLS authentication for ldap
Sent by: owner-openssl-us...@openssl.org
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
> > Another option is to use LDAP's "STARTTLS" support on port 389.
>
> It seems the config to require it is a bit obscure;
> http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
> might be useful.
Note, the above is for enforcing STARTTLS on the server. If the
decision is left to the client, the configuration is less opaque.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
The authentication work on the single server we have which is running an
older version of openLDAP. In my packet captures it appears that the older
version of openLDAP is presenting the certificate we want it to present.
The new version, although it has the same cert installed in the same place
it is presenting an older self signed cert that has been removed. The new
servers have been rebooted since this change so now I think it's time to
hit the opnldap list again and see where this might be cached.
Thanks,
Eric
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: E42C2600DDF.A4005
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the intended
recipient, and may contain legally privileged material. If you are not the
intended recipient, please return or destroy it immediately. Thank you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
