Re: [exim] LDAP lookup over SSL

Startseite
Nachricht löschen
Nachricht beantworten
Autor: John W. Baxter
Datum:  
To: exim-users
Betreff: Re: [exim] LDAP lookup over SSL
On 10/18/05 10:24 AM, "Fred Viles" <fv+exim@???> wrote:

> On 18 Oct 2005 at 18:18, Heiko Schlittermann wrote about
>     "Re: [exim] LDAP lookup over SSL":

>
> | Cyril Feraudet <exim4@???> (Di 18 Okt 2005 10:58:32 CEST):
> | > it is possible to bind an ldap server over ssl (not start TLS).
> |
> | I think, currently it (TLS on connect) is the only possibility to use
> encryption for LDAP
> | queries.
>
> Hmm? I am not an expert of SSL or LDAP, but I don't see how
> encryption of the SMTP session has any relationship with encryption
> of database queries being made by exim.


Indeed. But that's not the question I see above.

First: Exam question: Discuss LDAP over SLL as you understand it.
Exam answer: LDAP over SLL as I understand it is not very well understood.

With that out of the way, suitable LDAP servers provide for SSL-protected
connections on--by convention--port 636. These are similar to the
ssl-on-connect connections for SMTP using--typically--port 465.

LDAPv3 provides the alternative of a STARTTLS means of using the normal LDAP
port (389).

OpenLDAP seems to provide support for ldaps: URLS using the port 636
mechanism. A look through Google (while dodging LDAPS, the Lego Design and
Programming System) leaves me dubious about support in OpenLDAP for
STARTTLS, although
man -S3 ldap
seems encouraging.

Next question is what parts of this does Exim support in making LDAP
lookups. Presumably, the answer is revealed in the source.

--John