[Date Prev][Date Next]
Re: SASL and encrypted connection?
At 11:17 AM 2/6/01 +0100, Stephan Siano wrote:
>I compiled OpenLDAP 2.0.7 with SASL and OpenSSL but without Kerberos support
>and after some troubles I got the whole beast running (the documentation is
>somehow sparse)... I haven't configured any SSL certificates yet.
>I managed LDAP searches with simple and SASL (Digest MD5) authentication and
>everything seems to work as expected. However whatching the communication
>with a network sniffer, the whole communication during and after the simple
>bind is clear text (as expected) and the whole communitcation with the
>SASL-bind semms to be encrypted or obscured. I expected an encryped bind
>commuitcation but what is happening with the search request itself.
SASL/DIGEST-MD5 supports integrity and privacy services.
>Is this behaviour configurable?
Yes, using maxssf parameter (-O).