Found this on wikipedia: It should be noted that some "LDAPS" client
libraries only encrypt communication, they do not check the host name
against the name in the supplied
certificate.[13]<http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#cite_note-13>
LDAPS was used with LDAPv2, because the StartTLS operation had not yet been
defined. The use of LDAPS is deprecated, and modern software should only
use StartTLS.
See:
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#StartTLS
On 13 March 2013 21:57, Walker Sampson <[email protected]> wrote:
> Thank you both for the feedback, and helix84 for posting an issue on it -
> much obliged.
>
> As it stands now TLS is rigid requirement for LDAP, so LDAPS doesn't
> appear to be an option. The repository runs behind a firewall but other
> LDAP clients do not.
>
> In any case there are alternatives, and if I do sort out something with
> TLS I'll be sure to post back.
>
> Best-
> Walker
>
> On 03/13/2013 10:17 AM, Hilton Gibson wrote:
>
>> "Hilton's response is in this case inaccurate, because he's talking
>> only about securing the connection of DSpace with the client"
>>
>> I did not look at port 636 because I was not sure what to do with the
>> cert on the server side.
>> Anyway our LDAP connection is behind our campus firewall but if yours is
>> outside, then you have a problem.
>>
>>
>> On 13 March 2013 17:02, helix84 <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> On Wed, Mar 13, 2013 at 3:17 PM, Walker Sampson
>> <[email protected]
>> <mailto:[email protected].**ms.us<[email protected]>>>
>> wrote:
>> > I'm running DSpace 3.1 and would like to set up LDAP. I
>> understand from
>> > our own IT that their LDAP requires authenticated bind lookup and
>> TLS
>> > encryption.
>> >
>> > From reading the authentication-ldap.cfg file it appears DSpace
>> does
>> > support authenticated bind lookups, but I'm unsure as to whether it
>> > supports TLS encryption, which I suppose would be in the form of
>> StartTLS.
>> >
>> > Does anyone have experience with this?
>>
>> Hi Walker,
>>
>> you're right, the DSpace LDAPAuthentication module doesn't support
>> StartTLS. I agree that it's a serious omission and should be
>> corrected. I filed a new Jira issue to keep track of this task:
>>
>> https://jira.duraspace.org/**browse/DS-1518<https://jira.duraspace.org/browse/DS-1518>
>>
>> I also explained some details there and gave some pointers, so you may
>> try to di it yourself. If you are successfull, please contribute your
>> code so that we can test it and include it into future DSpace
>> versions.
>>
>> Hilton's response is in this case inaccurate, because he's talking
>> only about securing the connection of DSpace with the client, while
>> you're asking about connection of DSpace with the LDAP server. Of
>> course, both connections should be secured.
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>>
>> https://wiki.duraspace.org/**display/DSPACE/Mailing+List+**Etiquette<https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette>
>>
>> ------------------------------**------------------------------**
>> ------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_**d2d_mar<http://p.sf.net/sfu/appdyn_d2d_mar>
>> ______________________________**_________________
>> DSpace-tech mailing list
>> [email protected].**net<[email protected]>
>>
>> <mailto:DSpace-tech@lists.**sourceforge.net<[email protected]>
>> >
>>
>> https://lists.sourceforge.net/**lists/listinfo/dspace-tech<https://lists.sourceforge.net/lists/listinfo/dspace-tech>
>> List Etiquette:
>>
>> https://wiki.duraspace.org/**display/DSPACE/Mailing+List+**Etiquette<https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette>
>>
>>
>>
>>
>> --
>> *Hilton Gibson*
>> Systems Administrator
>> JS Gericke Library
>> Room 1025D
>> Stellenbosch University
>> Private Bag X5036
>> Stellenbosch
>> 7599
>> South Africa
>>
>> Tel: +27 21 808 4100 | Cell: +27 84 646 4758
>> http://library.sun.ac.za
>> http://scholar.sun.ac.za
>> http://ar1.sun.ac.za
>> http://aj1.sun.ac.za
>>
>
> --
> Walker Sampson
> Electronic Records Analyst, Government Records
> Mississippi Department of Archives & History
> 601-576-6929
> [email protected]
>
--
*Hilton Gibson*
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa
Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
