On Wed, 28 Sep 2005, Ricardo Stella wrote:
>
> I understand that SSL is experimental. But I don't even see that it's
> being used, though it's properly comiled and libraries are linking to it.
>
> I show nothing when running pen in debug mode that certs are being
> loaded. My approach is to try to use pen as a failover stunnel.
>
> In my case, I want to accept localhost non-secure connections for ldap
> in 389 and contact a farm of ldap servers in secure mode (port 636).
>
> Currently 389->389 or 636->636 works perfectly fine. But not 389->636,
> since the secure connection needs to be done by pen.
>
> Any ideas ?
There is no code for the pen->server connections, only for
client->pen.
This may work, though:
.--------. .---------. .-----. .------.
| client |->| | | |->| ldap |
`--------' | | | | `------'
| stunnel |->| pen |
.--------. | | | | .------.
| client |->| | | |->| ldap |
`--------' `---------' `-----' `------'
Stunnel and pen run on the same host.
Stunnel configuration file:
client = yes
pid = /home/ulric/stunnel.pid
foreground = yes
[foobar]
accept = 389
connect = localhost:636
Pen command line:
pen 636 ldapserver1:636 ldapserver2:636
Untested, buyer beware.
Ulric
Received on Wed Sep 28 2005 - 22:15:15 CEST
This archive was generated by hypermail 2.2.0 : Wed Sep 28 2005 - 22:15:16 CEST