I am mainly thinking about communications with Exchange. Other than that, I am not really sure what applications or other communications are actually using LDAP. For instance, when someone logs onto a machine, what is happening? I have thought that everything was taken care of by Kerberos, but not totally sure that that is all that is happening. I mean, isn't group membership and junk like that using LDAP?
Is this the case: Authorization uses LDAP in plain text Authentication uses Kerberos If so, exactly what makes up the authorization component (username, groups)? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, March 23, 2005 9:03 AM To: [email protected] Subject: RE: [ActiveDir] LDAPS part 2 Which LDAP traffic are you thinking of? Typically LDAP traffic is passed by an application/client for the purpose of either white pages type lookup or for identification and authentication. LDAP authentication, by it's nature is unsecure. It passes credentials in the clear on the wire. Did you have some other communication in mind? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Tuesday, March 22, 2005 11:15 PM To: [email protected] Subject: [ActiveDir] LDAPS part 2 I am feeling lost right now. Without LDAP over SSL enabled, does AD pass LDAP traffic around in plain text? If so, exactly what information would that be (that is being passed in clear text)? I have been wondering if I should implement a CA and LDAP over SSL, but I guess I don't know all the implications. If anyone knows of a good document, that should suffice. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
