Hi Stefan,
Thank you for your clarification! So there are two ways for users to
authenticate themselves in a secure manner; one with LDAPS and the other
with SASL, right?
Thanks again,
Trustin
2005/9/22, Stefan Zoerner <SZOERNER@de.ibm.com>:
>
>
> Hi Trustin!
>
> > I thought SASL is required for LDAP to authenticate user in a secure way
> and LDAPS works with SASL only. Am I
> > misunderstanding? Let me know. I'm a novice in LDAP. :)
>
> As far as I know, LDAPS is comparable to HTTPS. It just adds a layer
> between LDAP and TCP/IP. Especially It has nothing to do with SASL.
> Normally, you have two different ports an LDAP server is listening on: 389
> for LDAP unencrypted, and 636 for LDAP over SSL/TLS (like 80/443 with HTTP).
> Using LDAPS it is possible to to use a simple bind (with pwd in clear)
> within SSL/TLS, therefore it is encrypted nevertheless. Using SASL (e.g.
> DIGEST-MD5) is another option for a secure authentication. A third one would
> be using an anonymous bind, using StartTLS (extended operation) and after
> successfully establishing TLS on the same connection a rebind with
> credentials.
>
> I hope this helps (and is right as well ;-)
> Stefan
>
>
--
what we call human nature is actually human habit
--
http://gleamynode.net/
|