On Tue, Feb 06, 2007 at 10:56:11AM -0500, Grok Mogger wrote: > > So forget SASL and just send everything through an SSL tunnel? > So you'd do something like this on the client... "ssh -L > 7777:LDAPServer:$LDAPServerPORT -N user@LDAPServer", and then > setup the LDAP client to send everything to the client's own > 7777 port? And do something similar on the server. Is that right? > Nope, edit /etc/defaults/slapd and tell it to bind to "ldap://127.0.0.1:389/ ldaps:/// ldapi:///" That tells it, clear text only on the loopback, SSL everywhere and also the Unix domain socket (only accessible on the local filesystem if you have the right permissions). Of course, you will need to setup certificates. You can read the LDAP admin guide and the SSL docs for that. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature