OpenLDAP with TLS
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 11, 2018 11:21 am
OpenLDAP with TLS
I have my OpenLDAP server set up to use TLS, but it is unclear to me how to tell OpenVPN AS to connect to it via TLS. Does this happen automatically? I've dug through Google and the documentation and I can't find a definitive answer.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenLDAP with TLS
It's a little complicated at the moment, but possible. See here;
https://docs.openvpn.net/command-line/a ... entication
https://docs.openvpn.net/command-line/a ... entication
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 11, 2018 11:21 am
Re: OpenLDAP with TLS
Thanks for responding! I really appreciate it.
I looked at that page already; there's nothing in there that states, at all clearly, what parameters need to be set, and how, to make that happen. It reads as if SSL (port 636, LDAPS) is the only option. Has anyone done this, and published a walk through? Seems like this would be a pretty basic thing... I mean, passing your authentication credentials over your local network in the clear is not exactly a best practice, right? I'd hate to have to revert to setting up LDAPS to make this work.
I looked at that page already; there's nothing in there that states, at all clearly, what parameters need to be set, and how, to make that happen. It reads as if SSL (port 636, LDAPS) is the only option. Has anyone done this, and published a walk through? Seems like this would be a pretty basic thing... I mean, passing your authentication credentials over your local network in the clear is not exactly a best practice, right? I'd hate to have to revert to setting up LDAPS to make this work.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenLDAP with TLS
Hi,
You may want to read the first few lines of this page:
http://www.openldap.org/faq/data/cache/185.html
So it should be possible with the information on the page I linked you to earlier. We support LDAPS.
You may want to read the first few lines of this page:
http://www.openldap.org/faq/data/cache/185.html
So it should be possible with the information on the page I linked you to earlier. We support LDAPS.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 11, 2018 11:21 am
Re: OpenLDAP with TLS
Right, o.k., so, basically, there's no alternative other than having a listener enabled on port 636 for your LDAP server (but there's no functional difference between this and a conventional STARTTLS on port 389). Now that this is clear, I understand what I need to do. Thank you.