OpenLDAP with TLS

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
tvleavitt
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 11, 2018 11:21 am

OpenLDAP with TLS

Post by tvleavitt » Thu Jan 11, 2018 11:31 am

I have my OpenLDAP server set up to use TLS, but it is unclear to me how to tell OpenVPN AS to connect to it via TLS. Does this happen automatically? I've dug through Google and the documentation and I can't find a definitive answer.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenLDAP with TLS

Post by novaflash » Thu Jan 11, 2018 6:37 pm

It's a little complicated at the moment, but possible. See here;
https://docs.openvpn.net/command-line/a ... entication
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

tvleavitt
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 11, 2018 11:21 am

Re: OpenLDAP with TLS

Post by tvleavitt » Fri Jan 12, 2018 2:54 am

Thanks for responding! I really appreciate it.

I looked at that page already; there's nothing in there that states, at all clearly, what parameters need to be set, and how, to make that happen. It reads as if SSL (port 636, LDAPS) is the only option. Has anyone done this, and published a walk through? Seems like this would be a pretty basic thing... I mean, passing your authentication credentials over your local network in the clear is not exactly a best practice, right? I'd hate to have to revert to setting up LDAPS to make this work.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenLDAP with TLS

Post by novaflash » Fri Jan 12, 2018 7:57 am

Hi,

You may want to read the first few lines of this page:
http://www.openldap.org/faq/data/cache/185.html

So it should be possible with the information on the page I linked you to earlier. We support LDAPS.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

tvleavitt
OpenVpn Newbie
Posts: 3
Joined: Thu Jan 11, 2018 11:21 am

Re: OpenLDAP with TLS

Post by tvleavitt » Fri Jan 12, 2018 8:51 am

Right, o.k., so, basically, there's no alternative other than having a listener enabled on port 636 for your LDAP server (but there's no functional difference between this and a conventional STARTTLS on port 389). Now that this is clear, I understand what I need to do. Thank you.

Post Reply