Hello Alvaro,

 

We are interested using only SSL (so we don’t need checking TLS nor a
certificate). I think the problem is that there is no way to say to cherokee
that the protocol is LDAPS (correct me if I am wrong). 

 

I tried to configured ldap connection in these ways:

 

1.- Server: ldap.mydomain.es

      Port: In blank (389)

      It’s work fine, of course

 

2.- Server: ldap.mydomain.es

      Port: 636

      I get the error "Could not bind (ldap.mydomain.es:636)”. Cherokee
doesn’t know that it’s ldaps

 

3.- Server: ldaps://ldap.mydomain.es  (checking putting protocol in URL)

      Port: 636

     I get the error "Could not connect to LDAP:
ldaps://ldap.mydomain.es:636”. Cherokee doesn’t understand that URL has the
protocol too??

 

4. Server: ldap://ldap.mydomain.es (as I’m sure that works unsecure LDAP, I
try in this way to be sure that cherokee doesn’t interpret the URL
correctly)

    Port: In blank or 389

   I get the error “Could not connect to LDAP: ldap://ldap.mydomain.es:389”

 

These tests make me think that there is no way of saying to cherokee that
protocol is LDAPS.

 

Thanks!!

 

 

 

 

De: Alvaro Lopez Ortega [mailto:[email protected]] 
Enviado el: martes, 10 de mayo de 2011 17:03
Para: Raúl Jareño Morago
CC: cherokee List
Asunto: Re: [Cherokee] Validating using ldap secure

 

Hello Raúl,

2011/5/10 Raúl Jareño Morago <[email protected]>

Is it obligatory to use TLS in Cherokee for LDAPS?


As far as I'm aware of, LDAPS is no more than LDAP over a SSL/TLS
connection, where the service is accessible through a different TCP port
(636). 

 

Actually, a more modern approach is to use the standard LDAP port to sent a
StartTLS command to upgrade a plain TCP connection to a TLS connection. It's
important to notice that LDAP v2 did _not_ support this connection upgrade
scheme.

 

Currently Cherokee supports LDAP and LDAPS. I must say, I'm not sure about
the LDAP+StartTLS method though.


-- 
Greetings, alo
http://www.octality.com/

_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee

Reply via email to