[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS and security of LDAP transmissions

By default, LDAP transactions are transmitted in clear text.
If you use LDAP over SSL (usually denoted by the nonstandardized
"ldaps://foo.bar" URL) then the entire session is protected by SSL.
If you use LDAPv3 and the StartTLS option on a regular LDAP connection,
the connection is initiated in the clear, and TLS is activated
once the StartTLS option has been recognized.

All of this is completely independent of Kerberos and SASL.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc  

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Sean Champ
> Sent: Monday, April 23, 2001 2:27 PM
> Hi.
> I noticeed the mentions of OpenSSL and Cyrus SASL as 
> prerequisites for compling OpenLDAP, but i wanted to check the following:
> are all OpenLDAP transmissions encrypted, with SSL, by default 
> [and /without/ Kerberos being used], or is everything [including 
> any passwords stored in a given LDAP directory] sent as clear-text?
> thanks.
> ___________________________________________________
> GO.com Mail                                    
> Get Your Free, Private E-mail at http://mail.go.com