[ejabberd] ejabberd and LDAPS

Jeff McAdams jeffm at iglou.com
Thu Oct 2 06:12:06 MSD 2008


Jason Dusek wrote:
> Dr Rodney G. McDuff <mcduff at its.uq.edu.au> wrote:
>> Jason Dusek wrote:
>>> Is it possible to authenticate over an LDAPS connection with
>>> `ejabberd`?
>> http://www.stunnel.org
> 
>   That is unfortunately not an option for us, as our LDAP server
>   only does encrypted connections. Using `stunnel` would result
>   in double encryption without a double decryption.

You might want to read a bit more about stunnel.  It'll do what you need
(cleartext client connecting to 389 on localhost with stunnel connecting
that to the ldap server on 636).  This is exactly what I do on my setup.

I'd really rather have real ldaps in ejabberd, but stunnel fills the gap
quite nicely.

-- 
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
                                       -- Benjamin Franklin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20081001/a5c9c789/attachment.pgp>


More information about the ejabberd mailing list