Comment 0 for bug 1040115
Revision history for this message
| Adam Young (ayoung) wrote LDAPS and TLS support | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The current LDAP support does not support encryption. One of the standard approaches is LDAPS
We need some way to specify the certificate. In nss_ldap syntax, this is one of:
tls_cacertfile /etc/ssl/ca.cert
tls_cacertdir /etc/openldap/
Additionally, you need a directive to state whether you intent to use SSL or START_TLS. Have an 'ldaps' URI is not enough, because that wouldn't leave you with a way to specify that you wish to connect to unencrypted port 389 and issue a START_TLS command. nss_ldap does one of:
ssl on
ssl start_tls
You need a way to specify whether the cert is required and should be validated:
tls_reqcert never | demand | allow
Have a look at the TLS functions of python-ldap:
http://