directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <trus...@gmail.com>
Subject Re: [Servser] SSL Support?
Date Thu, 22 Sep 2005 14:56:43 GMT
Hi Stefan,

Thank you for your clarification! So there are two ways for users to
authenticate themselves in a secure manner; one with LDAPS and the other
with SASL, right?

Thanks again,
Trustin

2005/9/22, Stefan Zoerner <SZOERNER@de.ibm.com>:
>
>
> Hi Trustin!
>
> > I thought SASL is required for LDAP to authenticate user in a secure way
> and LDAPS works with SASL only. Am I
> > misunderstanding? Let me know. I'm a novice in LDAP. :)
>
> As far as I know, LDAPS is comparable to HTTPS. It just adds a layer
> between LDAP and TCP/IP. Especially It has nothing to do with SASL.
> Normally, you have two different ports an LDAP server is listening on: 389
> for LDAP unencrypted, and 636 for LDAP over SSL/TLS (like 80/443 with HTTP).
> Using LDAPS it is possible to to use a simple bind (with pwd in clear)
> within SSL/TLS, therefore it is encrypted nevertheless. Using SASL (e.g.
> DIGEST-MD5) is another option for a secure authentication. A third one would
> be using an anonymous bind, using StartTLS (extended operation) and after
> successfully establishing TLS on the same connection a rebind with
> credentials.
>
> I hope this helps (and is right as well ;-)
> Stefan
>
>


--
what we call human nature is actually human habit
--
http://gleamynode.net/

Mime
View raw message