[Date Prev][Date Next]
Re: LDAP and SSL
On Mon, Sep 26, 2011 at 3:58 PM, <firstname.lastname@example.org> wrote:
> Our network is secure. It's internal, except for the VPN. Access to these
> apps, even the web-based ones, is blocked by the firewall to outside and
> other vlans. This LDAP is for company/internal use, not for paying users.
Most successful attacks come from inside the network AFAIK.
> In the "monkeying around" at home I have setup my test systems with SSL, and
> I am learning it...just wondering if in a production environment we would
> need the extra layer of security, complexity and overhead.
> Thanks for the help!
> -----Original Message-----
> From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
> To: 'email@example.com' <firstname.lastname@example.org>;
> 'email@example.com' <firstname.lastname@example.org>
> Sent: Mon, Sep 26, 2011 10:28 am
> Subject: Re: LDAP and SSL
> SSL is primarily designed to encrypt the data 'on the wire'. Certs and cert
> authorities are designed to try bring some level of trust that you are
> talking to the server you intend to be talking to.
> If your network is secure then there's likely little 'need', per se, for SSL
> - but anyone on the network can do a network packet capture and catch the
> mailbox user login and app logins - which is not a good idea.
> If you're doing this for work and paying users: encrypt the data on the
> If you're just monkeying around at home: shave whatever corners you want,
> but learning SSL is important so take the time.
> TL;DR: Use SSL.
> - chris
> Chris Jacobs, Systems Administrator, Technology Services Group
> Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc.
> 1501 4th Ave | Suite 2500 | Seattle, WA 98101
> direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628
> email mailto:email@example.com
> From: openldap-technical-bounces@OpenLDAP.org
> To: firstname.lastname@example.org <email@example.com>
> Sent: Mon Sep 26 07:18:00 2011
> Subject: LDAP and SSL
> I'm struggling with the need for SSL...
> We will use our new LDAP for apps. These servers are all locally housed so
> each app server will talk to the LDAP server over our network. (why) Would
> we need SSL?
> What about for mail services? It seems to me that our mail server would also
> talk directly to the LDAP server...what am I missing here that dictates the
> use of SSL with LDAP? I could see if one had their LDAP open to be
> accessible direct access from off-network. Perhaps SSL is used simply as a
> means to authenitcate?
> This message is private and confidential. If you have received it in error,
> please notify the sender and remove it from your system.