[CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]

Thu Oct 7 07:20:49 UTC 2010
Smith Erick Marume-Bahizire <erick.smith at live.com>

       Please I want help in centos server I can ping the gateway or my eth1 ip address but i cant browse from 
my server could you help me with the codes the codes that will enable network cause i've already configure 
my iptables and it's showing me that everything is ok. Please help 
Thank you.
> Date: Wed, 6 Oct 2010 22:27:08 +0100
> From: miguelmedalha at sapo.pt
> To: mbaudier at argeo.org
> CC: centos at centos.org
> Subject: Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
> >> Are you aware that SSL on port 636 is now considered deprecated in favor of
> >> START_TLS on port 389?
> > No, I'm not (I actually thought that it was the other way round)
> >
> > (...)
> >
> > What are the pro and cons of both approaches?
> >
> > Comments more than welcome
> You can, as an example, consult the Wikipedia article on LDAP. It states:
> ---------------------------------------------------
> StartTLS
> The StartTLS operation establishes Transport Layer Security (the 
> descendant of SSL) on the connection. It can provide data 
> confidentiality (to protect data from being observed by third parties) 
> and/or data integrity protection (which protects the data from 
> tampering). During TLS negotiation the server sends its X.509 
> certificate to prove its identity. The client may also send a 
> certificate to prove its identity. After doing so, the client may then 
> use SASL/EXTERNAL. By using the SASL/EXTERNAL, the client requests the 
> server derive its identity from credentials provided at a lower level 
> (such as TLS). Though technically the server may use any identity 
> information established at any lower level, typically the server will 
> use the identity information established by TLS.
> Servers also often support the non-standard "LDAPS" ("Secure LDAP", 
> commonly known as "LDAP over SSL") protocol on a separate port, by 
> default 636. LDAPS differs from LDAP in two ways: 1) upon connect, the 
> client and server establish TLS before any LDAP messages are transferred 
> (without a StartTLS operation) and 2) the LDAPS connection must be 
> closed upon TLS closure.
> LDAPS was used with LDAPv2, because the StartTLS operation had not yet 
> been defined. The use of LDAPS is deprecated, and modern software should 
> only use StartTLS .
> http://en.wikipedia.org/wiki/LDAP
> ---------------------------------------------------
> A quick search will provide plenty of articles about the subject.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20101007/8da3ff6e/attachment-0004.html>