rlm_ldap and 'unencrypted' connections
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Thu Sep 21 18:55:40 CEST 2006
ine doc/rlm_ldap I've read:
<quote>
# identity: DN under which LDAP searches are done password: pasword
# which authenticate this DN default: anonymous bind, no password
# required NOTE: searches are done now over unencrypted connection!
</quote>
I'm especially concerned about the 'searches are done now over
unencrypted connection!' sentence.
Does this mean that even if I use "start_tls = yes", searches will be
performed unencrypted ?
If yes, isn't the following procedure a way to enforce encryption on
searches ?
* do not use "start_tls = yes"
* use "port = 636" and/or "tls_mode = yes"
* have your ldap server reply only to port 636 in ldaps.
Thanks in advance,
Thibault
More information about the Freeradius-Users
mailing list