Date: Thu, 9 Nov 2006 18:52:58 -0600
From: Greg Hetrick <ghetrick@xxxxxxxxxxxxxx>
New to FDS/LDAP doing a proof of concept and I have FDS 1.0.4
installed with SSL enabled on the DS side, TLS enabled on a FC 6
client. In ldap config I have TLS_REQCERT required.
Question is, should ldap traffic generated from the client to the
server pass on port 636 or port 389, I am seeing traffic that is
supposed to be encrypted passing on the regular ldap port (389).
ldaps:// uses port 636 by default. That's the non-standard method of
using LDAP over SSL that was common with LDAPv2. The connection has
SSL/TLS enabled on it from the moment the connection opens.
LDAPv3 uses port 389 by default. Connections are always opened in the
clear. Then the StartTLS Extended Operation is issued by the client, and
an SSL/TLS layer is added to the connection.
I am seeing what appears to be correct in the access logs during the
communication indicating that the traffic is in fact encrypted.
Your log clearly shows StartTLS being used, successfully. Looks normal.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
