On Jan 4, 2017, at 12:18 PM, Michael Ströder <michael@stroeder.com> wrote:
A.L.M.Buxey@lboro.ac.uk wrote:
Yes, we are using SSL. We're using the standard OpenLDAP package distributed with CentOS 7, which is built against libnss. Obviously I prefer to rebuild as little of the system as possible but I'm open to the idea of rebuilding OpenLDAP against OpenSSL if necessary.
yes, rebuild. gfairly simple process, get openldap source, compile, install (eg into /usr/local) , remove openldap-devel RPM (keep the system openldap for other things...) -
Note that the LTB project provides OpenLDAP RPMs also for CentOS7 linked against OpenSSL (built with prefix /usr/local/openldap):
https://ltb-project.org/wiki/documentation/openldap-rpm#yum_repository
Yes, that's what NetworkRADIUS uses for customer deployments on RHEL, or Symas OpenLDAP depending on the level of support required. -Arran