-# Copyright 1999-2006 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP$
+# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Using TLS
LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism.
TLS is defined in {{REF:RFC4346}}.
+Note: For generating certifcates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}}
+
H2: TLS Certificates
TLS uses {{TERM:X.509}} certificates to carry client and server
individual users in their {{.ldaprc}} files.
The LDAP Start TLS operation is used in LDAP to initiate TLS
-negotatation. All OpenLDAP command line tools support a {{EX:-Z}}
+negotiation. All OpenLDAP command line tools support a {{EX:-Z}}
and {{EX:-ZZ}} flag to indicate whether a Start TLS operation is to
be issued. The latter flag indicates that the tool is to cease
processing if TLS cannot be started while the former allows the
In LDAPv2 environments, TLS is normally started using the LDAP
Secure URI scheme ({{EX:ldaps://}}) instead of the normal LDAP URI
scheme ({{EX:ldap://}}). OpenLDAP command line tools allow either
-scheme to used with the {{EX:-U}} flag and with the {{EX:URI}}
+scheme to used with the {{EX:-H}} flag and with the {{EX:URI}}
{{ldap.conf}}(5) option.