Hello,
I'm under the impression that LDAPS (and not StartTLS) has been depreciated in OpenLDAP, but I can't find anything on the OpenLDAP website that says this. Is this the case, and is there a reference for it?
Thanks.
https://www.openldap.org/faq/data/cache/605.html
" ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both."
I understand it as OpenLDAP 2.1 and greater don't. ++Cyrille
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of web@tomjay.co.uk Sent: Tuesday, June 05, 2018 4:36 AM To: openldap-technical@openldap.org Subject: LDAPS Support
Hello,
I'm under the impression that LDAPS (and not StartTLS) has been depreciated in OpenLDAP, but I can't find anything on the OpenLDAP website that says this. Is this the case, and is there a reference for it?
Thanks.
On 06/06/2018 03:44 PM, Maucci, Cyrille wrote:
https://www.openldap.org/faq/data/cache/605.html
" ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both."
I understand it as OpenLDAP 2.1 and greater don't.
This FAQ entry is very old. You can safely read it as "OpenLDAP 2.x supports both."
Ciao, Michael.
Maybe just delete the article, or combine it with the 'How do I use TLS/SSL?' article? At the very least, I think deleting the 'ldaps:// is deprecated...' section would be a good idea, and moving it/providing a link from the 'How do I use TLS/SSL?' section would be useful.
Thanks for the help!
On 2018-06-06 14:48, Michael Ströder wrote:
On 06/06/2018 03:44 PM, Maucci, Cyrille wrote:
https://www.openldap.org/faq/data/cache/605.html
" ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both."
I understand it as OpenLDAP 2.1 and greater don't.
This FAQ entry is very old. You can safely read it as "OpenLDAP 2.x supports both."
Ciao, Michael.
On 06/05/2018 04:36 AM, web@tomjay.co.uk wrote:
I'm under the impression that LDAPS (and not StartTLS) has been depreciated in OpenLDAP, but I can't find anything on the OpenLDAP website that says this. Is this the case, and is there a reference for it?
The "LDAPS is deprecated" is rather obsolete. It was caused by lack of formal specification for LDAPS.
Personally I was always against this position. It simply works anyway. And any directory server vendor dropping support for LDAPS would be seriously punished by its customer base.
See also the discussion I've started a couple of months ago:
https://www.openldap.org/lists/openldap-technical/201802/msg00004.html
Ciao, Michael.
Am Tue, 05 Jun 2018 03:36:11 +0100 schrieb web@tomjay.co.uk:
Hello,
I'm under the impression that LDAPS (and not StartTLS) has been depreciated in OpenLDAP, but I can't find anything on the OpenLDAP website that says this. Is this the case, and is there a reference for it?
RFC 4511 and 4513 are quite clear about this. While start TLS is defined in RFC 2830, there is no formal specification for ldaps, furthermore read on ldaps in /etc/services.
-Dieter
06.06.2018, 21:59, "Dieter Klünter" dieter@dkluenter.de:
Am Tue, 05 Jun 2018 03:36:11 +0100 schrieb web@tomjay.co.uk:
Hello,
I'm under the impression that LDAPS (and not StartTLS) has been depreciated in OpenLDAP, but I can't find anything on the OpenLDAP website that says this. Is this the case, and is there a reference for it?
Hello,
please you can look more carefully to OpenLDAP website:
http://www.openldap.org/faq/data/cache/185.html https://www.openldap.org/pub/ksoper/OpenLDAP_TLS_obsolete.html
You can run ldaps: by creating and integrate SSL certificates.
Regards
Ozgur
RFC 4511 and 4513 are quite clear about this. While start TLS is defined in RFC 2830, there is no formal specification for ldaps, furthermore read on ldaps in /etc/services.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org