directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject Re: [Servser] SSL Support?
Date Thu, 22 Sep 2005 14:49:04 GMT
Hi Trustin!

> I thought SASL is required for LDAP to authenticate user in a secure way 
and LDAPS works with SASL only.  Am I 
> misunderstanding?  Let me know.  I'm a novice in LDAP. :)

As far as I know, LDAPS is comparable to HTTPS. It just adds a layer 
between LDAP and TCP/IP. Especially It has nothing to do with SASL.
Normally, you have two different ports an LDAP server is listening on: 389 
for LDAP unencrypted, and 636 for LDAP over SSL/TLS (like 80/443 with 
HTTP). Using LDAPS it is possible to to use a simple bind (with pwd in 
clear) within SSL/TLS, therefore it is encrypted nevertheless. Using SASL 
(e.g. DIGEST-MD5) is another option for a secure authentication. A third 
one would be using an anonymous bind, using StartTLS (extended operation) 
and after successfully establishing TLS on the same connection a rebind 
with credentials.

I hope this helps (and is right as well ;-)

View raw message