Hi all,
I'm trying to use openLDAP as NIS replacement. This is working fine. The
Server is listening on LDAP and LDAPS and the clients are configured to
use LDAPS. So far it is running.
If I got this right, LDAPS is not the recomanded method for tls, but
start_tls is.
I have tried to use start_tls in a perl script, and get only unencrypted
connections. Making a perl script as simple as possible I found $test to
be "2" (LDAPv2) which resultes in an error trying Start_tls. The script
is:
#!/usr/bin/perl -w
use Net::LDAP;
$ldap = Net::LDAP->new('buddy.io-software.com') or die "$@";
$test = $ldap->version() ;
print " $test \n";
but from /usr/sysconfig/openldap I thought it should be 3 (LDAPv3) for
openldap Versions > 2:
#
# If set to "yes" the "ldap over ssl" feature of slapd will be enabled.
Don't
# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile"
options
# to the /etc/openldap/slapd.conf (man slapd.conf).
# Note: Don't confuse this with "START_TLS", the preferred method for
# making encrypted LDAP connections, which is enabled as soon as
You
# specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your
config
# file
#
and rpm gives:
#rpm -qi openldap2
Name : openldap2 Relocations: (not
relocateable)
Version : 2.1.4 Vendor: SuSE Linux AG,
Nuernberg, Germany
Release : 68 Build Date: Thu Dec 12
13:53:46 2002
Install date: Thu Jan 23 16:05:23 2003 Build Host: wiles.suse.de
Group : Productivity/Networking/LDAP/Servers Source RPM:
openldap2-2.1.4-68.src.rpm
Size : 6406919 License: Other
License(s), see package
Packager : http://www.suse.de/feedback
Summary : The new OpenLDAP Server (LDAPv3)
Description :
The Lightweight Directory Access Protocol (LDAP) is a protocol for
accessing online directory services. It runs directly over TCP, and
can be used to access a standalone LDAP directory service or to access
a directory service that is back-ended by X.500
Authors:
--------
Kurt Zeilenga