[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: explaining LDAP and TLS

To: Laurent Mesuré <lmesure@nerim.net>
Subject: Re: explaining LDAP and TLS
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 30 Jun 2004 09:27:21 -0700
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <40E2E3ED.4020601@nerim.net>
References: <40E2E3ED.4020601@nerim.net>

At 09:01 AM 6/30/2004, Laurent Mesuré wrote:
>I am not sure to understand TLS completly:

Most everything you ask is well covered in the FAQ.

>- TLS is a secure layer or not?

It's a security layer.  TLS (SSL) is a layer between LDAP and
(generally) TCP.  That layer can be installed immediately upon
TCP establishment (by use of the ldaps:// scheme) or subsequently
(by use of the LDAP Start TLS operation).

>i.e.: when i connect on my LDAP using TLS : I connect on port 389, the server verify my certificates and then the link is established.

I assume that after connecting TCP on port 389 you then
issued a Start TLS operation to request TLS be installed
between LDAP and TCP, otherwise no layer would normally
be installed.

>But are the flow of datas crypted or not? dos all information in the connection flow in clear text?

Only after the TLS (SSL) has been installed.

>Or does i use both TLS and SSL (so i connect only on port 636 ) ?

TLS and SSL are two names for the same thing.

Normally when one uses LDAP over TCP port 636, one use the
ldaps:// scheme which causes TLS (SSL) to be immediately
installed.

>TLS work only on port 389 isn t it?

Normally when one uses LDAP over TCP port 389, they use the
Start TLS operation to request the TLS layer be installed.

References:
- explaining LDAP and TLS
  - From: Laurent Mesuré <lmesure@nerim.net>

Prev by Date: slapd and high system load
Next by Date: Re: TLS still works not proper.
Index(es):
- Chronological
- Thread