Open kevin-olbrich opened 3 years ago
Set ldap server to 127.0.0.1 with port 389 and ssl off.
Shell:
# apt install stunnel4
# vim /etc/stunnel/ldap.conf
client = yes
[389]
accept = localhost:389
connect = ldap.example.com:636
# systemctl restart stunnel4.service
This example only works with LDAP using TLS (mostly called SSL) socket and not using STARTTLS. Traffic is handled on localhost by stunnel service and only leaves the node encrypted.
EMQX allows to use plain-text (unsecured) as well as certificate based binds. Binding using STARTTLS on port 389 as well as SSL on 636 failes but are the most used combinations.