[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and SSL



On Mon, Sep 26, 2011 at 3:58 PM,  <criderkevin@aol.com> wrote:
> Our network is secure. It's internal, except for the VPN. Access to these
> apps, even the web-based ones, is blocked by the firewall to outside and
> other vlans. This LDAP is for company/internal use, not for paying users.
>
      Most successful attacks come from inside the network AFAIK.

> In the "monkeying around" at home I have setup my test systems with SSL, and
> I am learning it...just wondering if in a production environment we would
> need the extra layer of security, complexity and overhead.
>
> Thanks for the help!
>
>
>
> -----Original Message-----
> From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
> To: 'criderkevin@aol.com' <criderkevin@aol.com>;
> 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
> Sent: Mon, Sep 26, 2011 10:28 am
> Subject: Re: LDAP and SSL
>
> SSL is primarily designed to encrypt the data 'on the wire'. Certs and cert
> authorities are designed to try bring some level of trust that you are
> talking to the server you intend to be talking to.
>
> If your network is secure then there's likely little 'need', per se, for SSL
> - but anyone on the network can do a network packet capture and catch the
> mailbox user login and app logins - which is not a good idea.
>
> If you're doing this for work and paying users: encrypt the data on the
> wire.
>
> If you're just monkeying around at home: shave whatever corners you want,
> but learning SSL is important so take the time.
>
> TL;DR: Use SSL.
>
> - chris
>
>
> Chris Jacobs, Systems Administrator, Technology Services Group
> Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc.
> 1501 4th Ave | Suite 2500 | Seattle, WA 98101
> direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628
> email mailto:chris.jacobs@apollogrp.edu
> ________________________________
> From: openldap-technical-bounces@OpenLDAP.org
> <openldap-technical-bounces@OpenLDAP.org>
> To: openldap-technical@openldap.org <openldap-technical@openldap.org>
> Sent: Mon Sep 26 07:18:00 2011
> Subject: LDAP and SSL
>
> I'm struggling with the need for SSL...
>
> We will use our new LDAP for apps. These servers are all locally housed so
> each app server will talk to the LDAP server over our network. (why) Would
> we need SSL?
>
> What about for mail services? It seems to me that our mail server would also
> talk directly to the LDAP server...what am I missing here that dictates the
> use of SSL with LDAP? I could see if one had their LDAP open to be
> accessible direct access from off-network. Perhaps SSL is used simply as a
> means to authenitcate?
>
> Kevin
>
>
> ________________________________
> This message is private and confidential. If you have received it in error,
> please notify the sender and remove it from your system.
>
>