[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP exclusively on SSL

--On Tuesday, March 23, 2004 3:43 PM -0500 "Pandey, Vishal" <vpandey@verisign.com> wrote:

I'm not sure if I have asked this before but is it advisable (and actually
desirable from security standpoint) to run ldap only in SSL mode. Any tips
on accomplishing this? Would it break anything?
The system I'm talking about is RedHat9 and openLDAP-2.1.22-0.
Thanks !!

It depends entirely on what you are doing. We use K5/GSSAPI binds, so we just enforce encryption at that layer. Turning on SSL really buys us nothing.

What it would break depends on the client software that accesses the server.

Also, you really should upgrade your version of OpenLDAP. ;)


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html