Using LDAP backend with start_tls

Mickael Marchand mikmak at
Thu Sep 18 02:08:34 EDT 2008

Le 17-09-2008, Klaus Heinrich Kiwi <klausk at> a écrit :
> Hi everyone,
>  I was wondering how can I use the LDAP backend over a TLS connection.
> Looking at the krb5.conf file man page, looks like there is no option
> covering this and I'm assuming that simply using ldaps:// as the
> ldap_servers URI will toggle SSL over port 636 instead of TLS at port
> 389.
> ldapi://socket will initiate a unix socket connection
> ldap://host will start an unsecured connection at port 389
> ldaps://host will start SSL through port 636
> Is there a way to START_TLS over port 389?
> Thanks,
>  -Klaus


I have this setup with Heimdal and Openldap and iirc I checked the
source code and TLS was -not- used at all there :/
I did not care much since I use the same server for both, but this is
disturbing ...

writing a patch for this in Heimdal should be pretty straight forward I


More information about the Kerberos mailing list