Re: [suse-sles-e] OpenLDAP listens only on ldaps

From: Ralf Haferkamp (rhafer_at_suse.de)
Date: Wed Nov 07 2007 - 09:01:40 CET

• Next message: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Previous message: Alexei Roudnev: "Re: [suse-sles-e] Latest YOU update introduces new dependency for giflib"
• In reply to: Shashi Kanth Boddula: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Next in thread: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Reply: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 7 Nov 2007 09:01:40 +0100
Message-Id: <200711070901.40988.rhafer@suse.de>
Subject: Re: [suse-sles-e] OpenLDAP listens only on ldaps

On Dienstag, 6. November 2007, Shashi Kanth Boddula wrote:
> Thanks for the clarification, Ralf. I think, it will be good, if there
> is an option in /etc/sysconfig/openldap to achieve my requirement.
Yes. Noted. :)

> One more, SLES10 doesn't have a LDAP client software, i can find GQ in
> SLES9.
Yes, we dropped gq because it was very unstable and is basically unmaintmained
upstream. The sad thing is that there wasn't any real good alternative tool
out there in the SLES10 timeframe.
Nowadays Apache LDAP Studio (an Eclipse Plugin) would probably be a good
choice. Anybody interested in creating packages for that in the openSUSE
build service by chance?

-- 
regards,
	Ralf
> Ralf Haferkamp wrote:
> > On Montag, 5. November 2007, Shashi Kanth Boddula wrote:
> >> With SLES10, what is the right process to instruct the OpenLDAP to
> >> listen only on ldaps (636), not on ldap (389)  ?
> >
> > Currently our init-script and sysconfg files don't really allow to do
> > that. But if your goal is to allow only encrypted LDAP traffic you can
> > just set "security ssf=128" or "security tls=128" to your slapd.conf.
> > Please have a look at the slapd.conf man pages or the OpenLDAP Admin
> > Guide for details on that settings.
> >
> > Additionally to ldaps:// connections clients will then also be able to
> > connect on Port 389 when they use the StartTLS Extended Operation.
> >
> > Alternatively you can restrict slapd to just listen on the localhost
> > interface on port 389 and on all interfaces on the ldaps port by setting
> > this in /etc/sysconfig/openldap:
> >
> > OPENLDAP_LDAP_INTERFACES=127.0.0.1
> > OPENLDAP_LDAPS_INTERFACES=""
> > OPENLDAP_START_LDAPS=yes
> >
> > To completely disable port 389 some modifications to the init script are
> > needed.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
> For additional commands, e-mail: suse-sles-e-help@suse.com
-- 
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Previous message: Alexei Roudnev: "Re: [suse-sles-e] Latest YOU update introduces new dependency for giflib"
• In reply to: Shashi Kanth Boddula: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Next in thread: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Reply: heiko.helmle_at_horiba.com: "Re: [suse-sles-e] OpenLDAP listens only on ldaps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Tue Nov 06 2007 - 22:02:00 CET