[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Confusion about Authenticaion and Transport layers



At 06:39 AM 5/10/01, Martin Hicks wrote:
>The first question is regarding transport.  How is LDAP transported?

LDAP can be transported over any reliable, connection-oriented
transfer service.  RFC 2251 defines a mapping onto TCP.  Other
mappings are possible.

>is it all
>in the clear or is there a fairly simple way to make it to LDAP over SSL. 

Though not described in any Standard Track document, one can
use LDAP over TLS (SSL).  Or one can use the Standard Track "Start
TLS" mechanism (RFC 2830).

>Or some other method?

You can use SASL negotiated security layers or use protection provided
at lower levels (e.g.; IPSEC).

>The second question is a lot of confusion regarding how to make anything but 
>simple authentication work.  I can make queries to the LDAP server (OpenLDAP 2.0.7)
>without any problems if I specify simple authentication (-x), but if I remove the -x
>flag then I get:
>
>ldap_sasl_interactive_bind_s: No such attribute

That implies that your server is not properly configured to support
SASL.  See the archives for discussions on how configure SASL.  (Hint:
start with Cyrus SASL sample client/server programs).

Kurt