Re: Forcing TLS encryption

27 Dec 2012


      Am Mon, 24 Dec 2012 10:14:39 +0100 (CET)
schrieb Wiebe Cazemier wiebe@halfgaar.net:
...
----- Original Message -----
...
From: "Chuck Lever" chuck.lever@oracle.com
To: "Wiebe Cazemier" wiebe@halfgaar.net
Cc: openldap-technical@openldap.org
Sent: Friday, 21 December, 2012 4:39:21 PM
Subject: Re: Forcing TLS encryption
...
I added an olcSecurity attribute to the database directives for the
parts of the server's DIT where I wish to require TLS.  To start
with I set the value "tls=1".
See also:
http://itsecureadmin.com/tag/openldap/
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
I got it to work (connection won't be allowed without TLS), but I can
still capture the password with tcpdump. To elaborate:
I successfully set tls=1 with:
dn: cn=config
changetype:  modify
add: olcSecurity
olcSecurity: tls=1
When I do an ldapsearch now, it says TLS is required:
$ ldapsearch ldapsearch -Hldap://myhost:389
-D"uid=user,ou=people,dc=domain,dc=com" -W Enter LDAP Password:
ldap_bind: Confidentiality required (13)
        additional info: TLS confidentiality required
In order to initiate Transport Layer Security you have to call the
extended operation ldapSTARTTLS.
-Dieter
-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Forcing TLS encryption