headers
Róbert Čerňanský | 14 Jan 2011 11:45
Picon
Favicon

Re: Secure authentication to LDAP via TLS

On Tue, 28 Dec 2010 14:42:09 +0100
Róbert Čerňanský <hslists2 <at> zoznam.sk> wrote:

> I'd like configure DLZ to use secure authentication to the LDAP
> server; preferably via TLS.  However I can not figure out how to turn
> it on for DLZ.
[...]
> When I've tried to use ldaps:// in queries (to use SSL) then I've got
> error: "named[13094]: lookup query must not specify a port".
[...]
> Does anyone know how to turn on TLS for DLZ to LDAP connections?

I should probably point out that when I was trying ldaps:// as
described in my previous mail above, I did _not_ specified a port and
yet I've got "lookup query must not specify a port" message.  It looks
as if the port is being added automatically by DLZ when ldaps:// is
used.

I've also considered another alternative to secure authentication --
Kerberos.  I have Kerberos 5 running and working but DLZ can be
configured just for Kerberos 4 (krb41, krb42).  Is there a way that
DLZ can authenticate to LDAP also with Kerberos 5?

Regards,
Robert

--

-- 
Robert Cernansky
E-mail: hslists2 <at> zoznam.sk
Jabber: hs <at> jabber.sk
(Continue reading)

Permalink | Reply | 0 comments |
headers
dlz-sourceforge@mfoxx.myspamkiller.com | 29 Jan 2011 21:46

"GLUE" A records still not possible?

I recall from way, way back in my memory (several years back) that having
BIND+DLZ made it impossible for the DNS response to have "GLUE" A records,
like for nameserver lookups, etc.

I'm now using BIND9.7 with DLZ built-in, and I still see warnings from DNS
check services that my DNS server doesn't respond with GLUE records as it
is expected to. I understand it's not a loss of functionality, but just
requires extra lookups. But this is a performance thing and something I
really wish BIND could resolve (especially now that DLZ is built-in).

Is there no way to ever see this resolved? I would have expected at some
point over the last several years this could have been addresses,
especially when DLZ was officially absorbed into BIND.

--Kyle

--------------------------------------------------------------------
mail2web.com – What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
Permalink | Reply | 0 comments |

Gmane