On Tue, Feb 06, 2007 at 10:56:11AM -0500, Grok Mogger wrote:
So forget SASL and just send everything through an SSL tunnel?
So you'd do something like this on the client... "ssh -L
7777:LDAPServer:$LDAPServerPORT -N user@LDAPServer", and then
setup the LDAP client to send everything to the client's own
7777 port? And do something similar on the server. Is that right?
Nope, edit /etc/defaults/slapd and tell it to bind to
"ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
That tells it, clear text only on the loopback, SSL everywhere and also
the Unix domain socket (only accessible on the local filesystem if you
have the right permissions).
Of course, you will need to setup certificates. You can read the LDAP
admin guide and the SSL docs for that.
Regards,
-Roberto