Thank you for your clarification! So there are two ways for users to authenticate themselves in a secure manner; one with LDAPS and the other with SASL, right?
Thanks again,
Trustin
2005/9/22, Stefan Zoerner <[EMAIL PROTECTED]>:
Hi Trustin!
> I thought SASL is required for LDAP to authenticate user in a secure way and LDAPS works with SASL only. Am I
> misunderstanding? Let me know. I'm a novice in LDAP. :)
As far as I know, LDAPS is comparable to HTTPS. It just adds a layer between LDAP and TCP/IP. Especially It has nothing to do with SASL.
Normally, you have two different ports an LDAP server is listening on: 389 for LDAP unencrypted, and 636 for LDAP over SSL/TLS (like 80/443 with HTTP). Using LDAPS it is possible to to use a simple bind (with pwd in clear) within SSL/TLS, therefore it is encrypted nevertheless. Using SASL (e.g. DIGEST-MD5) is another option for a secure authentication. A third one would be using an anonymous bind, using StartTLS (extended operation) and after successfully establishing TLS on the same connection a rebind with credentials.
I hope this helps (and is right as well ;-)
Stefan
--
what we call human nature is actually human habit
--
http://gleamynode.net/
