[Date Prev][Date Next]
Re: explaining LDAP and TLS
At 09:01 AM 6/30/2004, Laurent Mesuré wrote:
>I am not sure to understand TLS completly:
Most everything you ask is well covered in the FAQ.
>- TLS is a secure layer or not?
It's a security layer. TLS (SSL) is a layer between LDAP and
(generally) TCP. That layer can be installed immediately upon
TCP establishment (by use of the ldaps:// scheme) or subsequently
(by use of the LDAP Start TLS operation).
>i.e.: when i connect on my LDAP using TLS : I connect on port 389, the server verify my certificates and then the link is established.
I assume that after connecting TCP on port 389 you then
issued a Start TLS operation to request TLS be installed
between LDAP and TCP, otherwise no layer would normally
>But are the flow of datas crypted or not? dos all information in the connection flow in clear text?
Only after the TLS (SSL) has been installed.
>Or does i use both TLS and SSL (so i connect only on port 636 ) ?
TLS and SSL are two names for the same thing.
Normally when one uses LDAP over TCP port 636, one use the
ldaps:// scheme which causes TLS (SSL) to be immediately
>TLS work only on port 389 isn t it?
Normally when one uses LDAP over TCP port 389, they use the
Start TLS operation to request the TLS layer be installed.