[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL



On 9/26/2011 11:33, Dan White wrote:
On 26/09/11 10:18 -0400, criderkevin@aol.com wrote:

I'm struggling with the need for SSL...

We will use our new LDAP for apps. These servers are all locally housed so each app server will talk to the LDAP server over our network. (why) Would
we need SSL?

What about for mail services? It seems to me that our mail server would
also talk directly to the LDAP server...what am I missing here that
dictates the use of SSL with LDAP? I could see if one had their LDAP open
to be accessible direct access from off-network. Perhaps SSL is used
simply as a means to authenitcate?

If you're performing TLS authentication, using client certificates, via
STARTTLS, then using X.509 provides for a strong authentication mechanism
using SASL (EXTERNAL).

That's the one benefit that I know of beyond the obvious session based
encryption that you obtain using certificates.

The tls/ssl also protects against packet interception, which while it may seem obvious that noone can or will, I assure you someone could and might.