[Pkg-openldap-devel] Bug#370337: Fwd: Re: Make /etc/default/slapd automatically configurable
Ryan Tandy
ryan at nardis.ca
Wed Dec 28 23:11:08 UTC 2016
On Tue, Aug 10, 2010 at 12:05:33AM +0200, Petter Reinholdtsen wrote:
>[Andreas B. Mundt]
>> We currently add the deprecated ldaps:/// protocoll here:
>>
>> SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
>>
>> It would be nice if we would not need ldaps and could only use
>> TLS. This has to be checked.
>
>I've checked, and we still need ldaps to be able to download the SSL
>certificate from the LDAP server to the clients during the first boot.
>If someone can come up with a way to extract it using TLS, I am all
>for dropping ldaps.
It looks like it's possible using gnutls-cli >= 3.5.0.
gnutls-cli -p 389 --x509cafile /etc/ldap/certs/ca.crt --starttls-proto=ldap --save-cert=ldap.example.org.crt ldap.example.org < /dev/null
More information about the Pkg-openldap-devel
mailing list