[Pdns-users] PowerDNS + TLS, How should Slapd be setup?
Norbert Sendetzky
norbert at linuxnetworks.de
Tue Feb 17 22:57:58 UTC 2009
Hi Joshua
> I've been at this too long. Turned off ldap-starttls, and it hooked up to
> the ldaps://URI just fine. Hah!
ldap-starttls is only allowed if ldap-host is a ldap:// URI or a host name /
IP address. It's not allowed for ldaps:// URIs as SSL and TLS does exclude
themselves.
> But, the Assertion failure still happens when you have ldap-starttls=yes
> and ldap-host is in the form of ldap://ldap.mydomain.com/, which
> corresponds with the documentation on the ldap-backend website, so I think
> that sounds like a bug?
>
> Of course, my slapd is still running in ldaps-only mode, so maybe the
> daemon isn't dealing with a return value properly?
If you LDAP server only listens to port 636 (ldaps://), you won't be able to
connect via ldap:// and/or TLS as ldap:// schemas will tell the LDAP library
to connect to port 389.
Norbert
--
OpenPGP public key
http://www.linuxnetworks.de/norbert.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20090217/f3d47352/attachment-0001.sig>
More information about the Pdns-users
mailing list