LDAP samdb and "ldap ssl" (fwd)

Ignacio Coupeau icoupeau at unav.es
Thu Jan 3 01:31:07 GMT 2002


"Gerald (Jerry) Carter" wrote:
> 
> Folks,
> 
> I need to do a straw poll.  Right now the "ldap ssl" for the ldap samdb
> backend defaults to off which means that everthing goes in the clear in
> between the ldap server and smbd.  How do people feel about making this
> parameter default to "start tls"?  This means that using the default
> values, only an OpenLDAP 2.0 server properly confiured to support SSL
> connections would work.  This could be manually changed of course. The
> advantage I see is not sending things over the wire in the clear without
> the direct consent of the admin.
> 
> Yes?  No?

Yes

a bit late... I'm in other time zone ;-)
I found the tls very stable in the OpenLdap 2.0.x.

A question: will be required a valid certificate at both ends or only in
the ldap-server side?

Ignacio

-- 
____________________________________________________
Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/




More information about the samba-technical mailing list