Closed (fixed)
Project:
LDAP integration
Version:
6.x-1.x-dev
Component:
Miscellaneous
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
13 Apr 2009 at 15:48 UTC
Updated:
30 Mar 2012 at 18:40 UTC
Hi,
I am hoping that someone can enlighten me to the pros and cons of using start-TLS on their LDAP server. More specifically, how secure is this option and how difficult is it to enable it on an average LDAP server that is already running.
Thanks in advance for any thoughts/insights.
Comments
Comment #1
chinko commentedTLS is an internet standard and is very secure, there is no doubt about that.
The term TLS is often used interchaneably with SSL.
TLS encrypts the traffic between a LDAP client and a LDAP server. Most importantly, it encrypts the password sent to the LDAP server during authentication. Without enabling TLS, people with a network sniffer software and with access to the network between the client and the server can capture all the network traffic which is in plain text. One can surely harvest a lot of user id and passwords.
Different LDAP server implementations have different steps to enable TLS. One thing in common is that you will need to get and install a server certificate on the LDAP server. If you are not familiar with PKI or don't already have a server certificate from a CA, that is going to be difficult.
Comment #2
cgmonroe commentedClearing out old support requests - reopen if problem still exists in newest code