Hmm - I don't know of any specific OID for LDAP - I'm assuming that it would just be the server authentication OID, which is included in any 3rd party CA offering. Possibly most people don't expose LDAPS over the internet?
Cheers Ken From: Oliver Marshall [mailto:[email protected]] Sent: Friday, 24 September 2010 6:09 PM To: NT System Admin Issues Subject: RE: LDAP SSL using 3rd party certs So the next question is, why do all the instructions include setting up a CA? Humpf. -- G2 Support Network Support : Online Backups : Server Management Web: www.g2support.com Twitter: g2support<http://twitter.com/home?stat...@g2support> Newsletter: www.g2support.com/newsletter<http://www.g2support.com/newsletter> From: Ken Schaefer [mailto:[email protected]] Sent: 24 September 2010 10:52 To: NT System Admin Issues Subject: RE: LDAP SSL using 3rd party certs SSL/TLS just relies on a commonly trusted party (i.e. trusted by the client, and by the server). That trusted party "signs" the certificate(s). Since both parties "trust" the trusted party, both parties have access to the necessary public key that can verify the signature on the presented certificate. So, bottom line, the answer to your question is "yes" Cheers Ken From: Oliver Marshall [mailto:[email protected]] Sent: Friday, 24 September 2010 5:27 PM To: NT System Admin Issues Subject: LDAP SSL using 3rd party certs Does anyone know if it's possible to secure LDAP without using a CA install on the network? For various reasons (mainly down to the remote web servers of which we don't appear to have any control) we can't use a CA and install our own root certs, but need to find a way to secure LDAP authentication over the web without anything being required to be installed on the remote server doing the checking of user details. Any ideas? Olly ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin [cid:[email protected]] Network Support Online Backups Server Management Tel: 0845 307 3443 Email: [email protected]<mailto:[email protected]> Web: http://www.g2support.com<http://www.g2support.com/> Twitter: g2support<http://twitter.com/home?stat...@g2support> Newsletter: http://www.g2support.com/newsletter Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF Have you said something nice about us to a friend or colleague ? Let us say thanks. Find out more at www.g2support.com/referral<http://www.g2support.com/referral> G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE BN3 7LE. Our registered company number is OC316341. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
<<inline: image002.png>>
