Date: Thu, 9 Jun 2016 15:34:13 -0700 From: Craig Rodrigues <rodrigc@freebsd.org> To: freebsd-current Current <freebsd-current@freebsd.org> Cc: =?UTF-8?B?6LW15paw?= <quakelee@gmail.com> Subject: Re: [CFT] ypldap testing against OpenLDAP and Microsoft Active Directory Message-ID: <CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA@mail.gmail.com> In-Reply-To: <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net> References: <CAG=rPVeiPvfBdnmieEHG_0Jp8ZxvTQr-sLdSkutWD5cYhdk9SA@mail.gmail.com> <7c39e5ac-3ed7-f19a-e175-d27af07eea47@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 8, 2016 at 11:41 PM, Xin Li <delphij@delphij.net> wrote: > > (I think the current implementation > would do everything with plaintext protocol over wire, so while it > You are correct. This document http://puffysecurity.com/wiki/ypldap.html#2 states: # # ypldap cant use SSL or SASL... # You must allow unsecured authentication with the following line # Then setup OpenIKED VPN or use OpenSSH Socket or Port Forwording # There is still value to ypldap as it is now, and getting feedback from users (especially Active Directory) would be very useful. If someone could document a configuration which uses IPSEC or OpenSSH forwarding, that would be nice. In future, maybe someone in OpenBSD or FreeBSD will implement things like LDAP over SSL. -- Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG=rPVfjzjh=Qb8Y%2BFsXgoLOA0UCf_mgJu32=wHUHjPjMFjvyA>