[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP exclusively on SSL

To: "Pandey, Vishal" <vpandey@verisign.com>, openldap list <openldap-software@OpenLDAP.org>
Subject: Re: OpenLDAP exclusively on SSL
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 23 Mar 2004 13:11:24 -0800
Content-disposition: inline
In-reply-to: <0EEC778AAEE0BD4591D954AEDC5B470A64F523@pro1wnexc02.guardent.com>
References: <0EEC778AAEE0BD4591D954AEDC5B470A64F523@pro1wnexc02.guardent.com >

--On Tuesday, March 23, 2004 3:43 PM -0500 "Pandey, Vishal" <vpandey@verisign.com> wrote:

Hi,
I'm not sure if I have asked this before but is it advisable (and actually
desirable from security standpoint) to run ldap only in SSL mode. Any tips
on accomplishing this? Would it break anything?
The system I'm talking about is RedHat9 and openLDAP-2.1.22-0.
Thanks !!

It depends entirely on what you are doing. We use K5/GSSAPI binds, so we just enforce encryption at that layer. Turning on SSL really buys us nothing.

What it would break depends on the client software that accesses the server.

Also, you really should upgrade your version of OpenLDAP. ;)

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- OpenLDAP exclusively on SSL
  - From: "Pandey, Vishal" <vpandey@verisign.com>

Prev by Date: Re: Confused 'bout diff. between SHA and SSHA
Next by Date: Re: Confused 'bout diff. between SHA and SSHA
Index(es):
- Chronological
- Thread