'Re: LDAP over SSL: a question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-general
Subject:    Re: LDAP over SSL: a question
From:       "Kurt D. Zeilenga" <Kurt () OpenLDAP ! org>
Date:       1999-07-08 19:17:25
[Download RAW message or body]

At 01:46 PM 7/8/99 -0500, Stephen Langasek wrote:
>I'm looking at using LDAP for authenticating users on an internal network at
>an ISP (all Linux hosts).  An open source solution is a must; however, it
>appears that the existing free LDAP servers don't support SSL, which is also
>a must.  Would using SSL tunnelling software between the clients and the
>server be an option, or does LDAP over SSL have special requirements which
>make it infeasible to use a non-integrated solution?

Using SSL tunnelling software is an option.  See:
	http://www.openldap.org/faq/data/cache/65.html

>Also, the OpenLDAP roadmap says SSL support is planned for the 3rd quarter
>of 99, but we're past the 2nd quarter already, and 1.3 doesn't seem to be
>out.  :)  Is this timeline out-of-date?

Yes.  I'll update the roadmap soon.

>Would it be possible to get some idea of an expected release date for this?

Any such date would presume some expectation of the level of
contribution from our developers.   All our developers are
volunteers and, as such, contribute based upon their individual
desire to contribute.  As such, we do not publish release schedules.

Though I do expect some major releases soon...  this will include
most everything in -devel and then some.  This "some" may or may
not include SSL.

As posted to -devel recently, I wrote:
] The original and subsequent [SASL/TLS/SSL] developers are currently
] busy with other activities.  Hopefully, one of these developers will
] find the time to finish this work so we can avoid another hand off
] [delay] ...

>Migrating to LDAP isn't yet a
>pressing issue for us, but if SSL/TLS support is expected to take a long
>time, I might persuade my employer to let me work on the project.  (Of
>course, there'd be export issues to be worked around then...)

I encourage developers seeking this (or other functionality) to
get involved.  For starters, contact the listed (doc/devel/todo)
developer (or project@openldap.org) and offer to help.  If you
do decided to contribute code, be sure to read our contributing
guidelines (http://www.openldap.org/devel/contributing.html) and
coordinate your activities on the -devel mailing list.

Kurt

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic