[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls versus ldaps

To: Imobach González Sosa <igonzalez@becarios.ulpgc.es>
Subject: Re: start_tls versus ldaps
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 13 Aug 2004 13:14:39 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <200408130830.11028.igonzalez@becarios.ulpgc.es>
References: <200408121124.41942.igonzalez@becarios.ulpgc.es> <04c001c48065$aedfc7d0$160110ac@marco> <200408130830.11028.igonzalez@becarios.ulpgc.es>

At 09:30 AM 8/13/2004, Imobach González Sosa wrote:
>First, thanks ViSolve and Axel for your replies.
>
>El Jueves, 12 de Agosto de 2004 13:12, ViSolve OpenLDAP Support escribió:
>> StartTLS standard was defined with LDAPv3.Here we can have LDAP requests
>> after a connection is established.With this approach,a single listener can
>> be used for both cleartext and TLS-encrypted sessions.This is more
>> flexible, since we don't need to maintain a separate listener for encrypted
>> sessions.
>
>Ok, I see. But if I wanna "force" encrypted sessions, can I do it using TLS? 

Note that TLS (either by StartTLS or ldaps://) is not the only way
to provide data security for LDAP.  SASL also supports data security
layers.  Anyways, see slapd.conf(5) for various ways of requiring
data security.  IIRC, this is also discussed in the Admin Guide
security considerations.

>I've "googled" and I've seen some references, but nothing clear at all.



>Ideas?
>
>Thank you all.
>
>-- 
>Imobach González Sosa
>Servicio de Informática y Comunicaciones de la ULPGC
>e-mail: igonzalez@becarios.ulpgc.es
>Teléfono: +34 928 459519

References:
- start_tls versus ldaps
  - From: Imobach González Sosa <igonzalez@becarios.ulpgc.es>
- Re: start_tls versus ldaps
  - From: Imobach González Sosa <igonzalez@becarios.ulpgc.es>

Prev by Date: LDAP + Kerberos not allowing simple binds
Next by Date: Re: ldapmodify
Index(es):
- Chronological
- Thread