Hi Trustin!
> I thought SASL is required for LDAP to authenticate user in a secure way
and LDAPS works with SASL only. Am I
> misunderstanding? Let me know. I'm a novice in LDAP. :)
As far as I know, LDAPS is comparable to HTTPS. It just adds a layer
between LDAP and TCP/IP. Especially It has nothing to do with SASL.
Normally, you have two different ports an LDAP server is listening on: 389
for LDAP unencrypted, and 636 for LDAP over SSL/TLS (like 80/443 with
HTTP). Using LDAPS it is possible to to use a simple bind (with pwd in
clear) within SSL/TLS, therefore it is encrypted nevertheless. Using SASL
(e.g. DIGEST-MD5) is another option for a secure authentication. A third
one would be using an anonymous bind, using StartTLS (extended operation)
and after successfully establishing TLS on the same connection a rebind
with credentials.
I hope this helps (and is right as well ;-)
Stefan
|