Hi,

I am hoping that someone can enlighten me to the pros and cons of using start-TLS on their LDAP server. More specifically, how secure is this option and how difficult is it to enable it on an average LDAP server that is already running.

Thanks in advance for any thoughts/insights.

Comments

chinko’s picture

TLS is an internet standard and is very secure, there is no doubt about that.

The term TLS is often used interchaneably with SSL.

TLS encrypts the traffic between a LDAP client and a LDAP server. Most importantly, it encrypts the password sent to the LDAP server during authentication. Without enabling TLS, people with a network sniffer software and with access to the network between the client and the server can capture all the network traffic which is in plain text. One can surely harvest a lot of user id and passwords.

Different LDAP server implementations have different steps to enable TLS. One thing in common is that you will need to get and install a server certificate on the LDAP server. If you are not familiar with PKI or don't already have a server certificate from a CA, that is going to be difficult.

cgmonroe’s picture

Status: Active » Closed (fixed)

Clearing out old support requests - reopen if problem still exists in newest code