Hi,
I forgot a few things in my last msg, that were implied but not explicitly stated.
1.) I downloaded and installed stunnel-4.27. 2.) Im not running darwin ports. 3.) When I installed I entered the commands on the command line without ever touching xCode. 4.) I am running MAC OS 10.5.7. I will have to do a later install on MAC OS 10.4.11. 5.) I need to connect my laptop (test machine) to an ldap server. The ldap server is NOT running stunnel, and I have no control over the ldap server. I am wanting to create a secure connection from my machine to the target server.
+++++++++++++++++++++
Previous Msg Below.
+++++++++++++++++++++
Hi
I'm a newbie to stunnel.
I have a couple of questions....ok, a zillion. However I'll stick to the basics.
I found this in the archives that apply to my situation:
http://marc.info/?l=stunnel-users&m=121848237124000&w=2
I followed those instructions that Tom Shaw gave, and I can't tell whether or not this thing is installed at all. http://marc.info/?l=stunnel-users&m=121848703131936&w=2
I think that the files are in the right places. And now when I type in stunnel on the command line, I get this as a response:
2009.06.20 12:27:37 LOG7[582:2691602208]: Snagged 64 random bytes from /Users/miles/.rnd 2009.06.20 12:27:37 LOG7[582:2691602208]: Wrote 1024 new random bytes to /Users/miles/.rnd 2009.06.20 12:27:37 LOG7[582:2691602208]: RAND_status claims sufficient entropy for the PRNG 2009.06.20 12:27:37 LOG7[582:2691602208]: PRNG seeded successfully 2009.06.20 12:27:37 LOG3[582:2691602208]: stunnel.pem: No such file or directory (2)
I suppose that's an improvement over the command line returning no response for stunnel. So I guess it installed. I have a feeling that the config file (the sample that came with) is what's causing it to respond the way that it is... However, I also see that its throwing an error about the PEM file, that it thinks that its not there. Is there any way to check to see if its pointing at the right file for the pem ? Or to use another crt file ?
Now the question becomes how the hell do I start this thing ?
(I'm running leopard [10.5.7] for test purposes, but I'll have to do this all over again for a tiger install [10.4.11]...)
Then once I get it started, how the hell do I initiate what needs doing ?
I tried this ->> stunnel -o /Users/Miles/config.lgo -c -d 80 -r 134.84.119.230:636 Which returns -> 2009.06.20 13:34:32 LOG3[738:2691602208]: -o: No such file or directory (2) Obviously its yapping about a file, in this case I'm assuming the log file where its being referenced.
Here's what I'm trying to do: I'm trying to set up a secure tunnel to an ldap server at umn.edu. I got this to work a while back but now I have to set this up from scratch....it was set up for me the last time. I wasn't paying attention and now Im kicking myself.
The example I post is running in client mode and not server mode ? I was looking at THIS page: http://radio.weblogs.com/0100683/stories/2002/03/23/settingUpStunnelUnderMac... I'm not entirely certain that what I want to do is run in client mode given what I'm wanting to do... Any help would be a great relief.
Thanks ahead of time...
Sincerely,
Miles.
At 2:01 PM -0400 6/20/09, m i l e s wrote:
Hi,
I forgot a few things in my last msg, that were implied but not explicitly stated.
1.) I downloaded and installed stunnel-4.27. 2.) Im not running darwin ports. 3.) When I installed I entered the commands on the command line without ever touching xCode. 4.) I am running MAC OS 10.5.7. I will have to do a later install on MAC OS 10.4.11. 5.) I need to connect my laptop (test machine) to an ldap server. The ldap server is NOT running stunnel, and I have no control over the ldap server. I am wanting to create a secure connection from my machine to the target server.
Unless LDAP server at your target machine is capable of sldap you are SOL unless you can establish a VPN to either the LDAP server host or the network that the host resides on.
Tom
At 2:56 PM -0400 6/20/09, m i l e s wrote:
Tom.
The LDAP server is running SLDAP.
Miles,
STunnel is not for this. Just use ldapsearch command line tool to make a secure query to an LDAP server.
Tom
Tom,
BTW: Long time no hear. I used to use your winnow product.
STunnel is not for this. Just use ldapsearch command line tool to
make a secure query to an LDAP server.
Hmmm, ok...Im building an app with Lasso (lassosoft.com), LASSO has a tag within its library of tags that allow it to communicate directly with an LDAP server. The problem is that this is an SLDAP server which requires a certificate in order to talk to the server. The tags don't allow for me to send a cert along. You see my problem ? So setting up a secure tunnel to the server would solve that problem and allow clear, secure communication to occur. Besides I've talked to the LDAP admin for the target server and he's doing something similar, however, he's away for the weekend and I need to get this up and running before the weekend is up.
Furthermore...while I can do this with a command line operation, and I have tried and been some what successful, there are a few hurdles to overcome, speed is one of them, especially when you have to pass the output back to Lasso. Another is if I can avoid using certain lasso tags that open the server up to potential attack, my client and I'd sleep much easier at night, you dig ?
Further still, the simple fact is that while Lasso can go out to the command line (OS_Process Tags which open the server up to potential threat), it takes a lot of gup to filter out what I need to get at, while using the onboard LDAP tags handle all the noise for me, and I can get at the requisite data immediately versus spending literally HOURS and HOURS and I DO MEAN HOURS just writing a processing script, to handle the entry data, when its already done for me. Further still sending the output out the command line, while it works, tends to be some what slow for anything more than 10 users at a time. This a heavy traffic server. And the last thing in the world I need to do is slow things down anymore. The onboard lasso tags really do make things MUUUUUUUCH easier.
Miles.
-
m i l e s -
Tom Shaw