[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: explaining LDAP and TLS

At 09:01 AM 6/30/2004, Laurent Mesuré wrote:
>I am not sure to understand TLS completly:

Most everything you ask is well covered in the FAQ.

>- TLS is a secure layer or not?

It's a security layer.  TLS (SSL) is a layer between LDAP and
(generally) TCP.  That layer can be installed immediately upon
TCP establishment (by use of the ldaps:// scheme) or subsequently
(by use of the LDAP Start TLS operation).

>i.e.: when i connect on my LDAP using TLS : I connect on port 389, the server verify my certificates and then the link is established.

I assume that after connecting TCP on port 389 you then
issued a Start TLS operation to request TLS be installed
between LDAP and TCP, otherwise no layer would normally
be installed.

>But are the flow of datas crypted or not? dos all information in the connection flow in clear text?

Only after the TLS (SSL) has been installed.

>Or does i use both TLS and SSL (so i connect only on port 636 ) ?

TLS and SSL are two names for the same thing.

Normally when one uses LDAP over TCP port 636, one use the
ldaps:// scheme which causes TLS (SSL) to be immediately

>TLS work only on port 389 isn t it?

Normally when one uses LDAP over TCP port 389, they use the
Start TLS operation to request the TLS layer be installed.