[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and encrypted connection?

Hi Stephan 
> I managed LDAP searches with simple and SASL (Digest MD5) authentication and
> everything seems to work as expected. However whatching the communication
> with a network sniffer, the whole communication during and after the simple
> bind is clear text (as expected) and the whole communitcation with the
> SASL-bind semms to be encrypted or obscured. I expected an encryped bind
> commuitcation but what is happening with the search request itself. Is this
> behaviour configurable?

By default integrity and privacy protection is negotiated when using
SASL binds. You can keep non-bind operations in clear text if you set
the maxssf parameter, e.g.: ldapsearch -h host -s base -O maxssf=0

Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de