How can I tell if my LDAP authentications are using StartTLS?

Question

I'm setting up a new OpenLDAP server on Ubuntu 12.04 with a copy of our current LDAP database. I've gotten most of the configuration down, I think, but I'm having trouble telling if the LDAP queries are encrypted or not. I suspect there may be a misconfiguration with the certificates, but I'm not sure how to tell.

Any suggestions or comments are greatly appreciated!

score 6 · Accepted Answer · answered May 17 '13 at 22:11

6

Check your logs.
(Or run the OpenLDAP clients in Verbose mode and they will tell you if they're using SSL.)
Don't trust your logs/clients.
(Run wireshark or something similar and verify the traffic.)

answered May 17 '13 at 22:11

voretaq7

79,345
17
128
213

Ran wireshark, and I can see my password clear as day. Thanks for your help! – zymhan May 20 '13 at 18:21

How can I tell if my LDAP authentications are using StartTLS?

1 Answers1