[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS and security of LDAP transmissions

To: "Howard Chu" <hyc@highlandsun.com>
Subject: RE: TLS and security of LDAP transmissions
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 23 Apr 2001 17:06:07 -0700
Cc: "Sean Champ" <JunctionXYZ@go.com>, <openldap-software@OpenLDAP.org>
In-reply-to: <000b01c0cc3f$ee191100$0c01a8c0@fiddle.symas.com>
References: <7582152.988061227831.JavaMail.JunctionXYZ@gomailjtp00>

At 02:54 PM 4/23/01, Howard Chu wrote:
>By default, LDAP transactions are transmitted in clear text.
>If you use LDAP over SSL (usually denoted by the nonstandardized
>"ldaps://foo.bar" URL) then the entire session is protected by SSL.
>If you use LDAPv3 and the StartTLS option on a regular LDAP connection,
>the connection is initiated in the clear, and TLS is activated
>once the StartTLS option has been recognized.
>
>All of this is completely independent of Kerberos and SASL.

BTW, certain SASL mechanisms, such as GSSAPI (KerberosV)
and DIGEST-MD5,  provide integrity and confidential security
layers.  DIGEST-MD5 is LDAPv3's mandatory-to-implement strong
authentication mechanism [RFC2829].

Kurt

References:
- TLS and security of LDAP transmissions
  - From: Sean Champ <JunctionXYZ@go.com>
- RE: TLS and security of LDAP transmissions
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: allowing anonymous binds from a specific machine
Next by Date: Possible to recover data in .gdbm files?
Index(es):
- Chronological
- Thread