Return-Path: <owner-pamldap-padl-com@au.padl.com>
Received: from mx01.uni-tuebingen.de (mx01.uni-tuebingen.de [192.168.3.11])
	by mailserv01.uni-tuebingen.de (8.9.3/8.9.3) with ESMTP id TAA12493
	for <zrdkn01@mailserv01.uni-tuebingen.de>; Fri, 1 Dec 2000 19:10:06 +0100
Received: from au.padl.com (au.padl.com [210.15.222.250] (may be forged))
	by mx01.uni-tuebingen.de (8.9.3/8.9.3) with ESMTP id TAA22508
	for <klasen@zdv.uni-tuebingen.de>; Fri, 1 Dec 2000 19:10:04 +0100
Received: (from majordom@localhost)
	by au.padl.com (8.9.3/8.9.3) id EAA07256
	for pamldap-padl-com-outgoing; Sat, 2 Dec 2000 04:50:48 +1100 (EST)
Received: from mx03.uni-tuebingen.de (mx03.uni-tuebingen.de [134.2.3.13])
	by au.padl.com (8.9.3/8.9.3) with ESMTP id EAA07251
	for <pamldap@padl.com>; Sat, 2 Dec 2000 04:50:45 +1100 (EST)
Received: from dragon.directory.dfn.de (dragon.directory.dfn.de [134.2.217.35])
	by mx03.uni-tuebingen.de (8.9.3/8.9.3) with ESMTP id SAA16521
	for <pamldap@padl.com>; Fri, 1 Dec 2000 18:50:41 +0100
Received: from zdv.uni-tuebingen.de ([134.2.217.40])
	by dragon.directory.dfn.de (8.10.2/8.10.2/SuSE Linux 8.10.0-0.3) with ESMTP id eB1HodU27205
	for <pamldap@padl.com>; Fri, 1 Dec 2000 18:50:40 +0100
X-Authentication-Warning: dragon.directory.dfn.de: Host [134.2.217.40] claimed to be zdv.uni-tuebingen.de
Message-ID: <3A27E4EE.A84B7DC8@zdv.uni-tuebingen.de>
Date: Fri, 01 Dec 2000 18:50:38 +0100
From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Organization: DFN Directory Services, ZDV Uni =?iso-8859-1?Q?T=FCbingen?=
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: de, en
MIME-Version: 1.0
To: pamldap@padl.com
Subject: [pamldap] LDAPS connections with OpenLDAP 2
Content-Type: multipart/mixed;
 boundary="------------60B454A1C50370C2FE22E48A"
Sender: owner-pamldap@padl.com
Precedence: bulk
X-Spamblock-notify: caught by rule direct*.com
X-Spamblock-maybe: mailinglist extra check

Hi,
I've written a patch to pam_ldap-82 to allow connections using LDAP over
SSL (LDAPS, usually port 636) with the OpenLDAP 2.0 libs.

The configuratin directive is "ssl yes" to be compatible with the
Netscape SDK. The start_tls mode introduced in pam_ldap 73 is now
activated with "ssl start_tls".

P.S.: See also OpenLDAP ITS #889 for a bug in OpenLDAPs 2.0.7 SSL mode.

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de