[Date Prev][Date Next]
Re: LDAP and SSL
On 9/26/2011 11:33, Dan White wrote:
The tls/ssl also protects against packet interception, which while it
may seem obvious that noone can or will, I assure you someone could and
On 26/09/11 10:18 -0400, email@example.com wrote:
I'm struggling with the need for SSL...
We will use our new LDAP for apps. These servers are all locally
each app server will talk to the LDAP server over our network. (why)
we need SSL?
What about for mail services? It seems to me that our mail server would
also talk directly to the LDAP server...what am I missing here that
dictates the use of SSL with LDAP? I could see if one had their LDAP
to be accessible direct access from off-network. Perhaps SSL is used
simply as a means to authenitcate?
If you're performing TLS authentication, using client certificates, via
STARTTLS, then using X.509 provides for a strong authentication mechanism
using SASL (EXTERNAL).
That's the one benefit that I know of beyond the obvious session based
encryption that you obtain using certificates.