On Feb 14, 2012, at 5:46 PM, Fajar Priyanto wrote:
Hi all, I'm setting up a local LDAP server with a pass-through authentication to another LDAP. I'm not clear about the encryption.
Say the case is like this. CompB is set to have LDAP authentication. A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636
- Password on the SSH session would be encrypted, isn't it?
---- ldaps (port 636) would indeed be encrypted but it is deprecated and not typically started by default configurations these days. ----
- How about when it goes to the local LDAP:389, would it be encrypted?
---- depends upon whether TLS is indicated and/or required.
If you require it via an ACL on the LDAP server, then it succeeds only if the connection is made via TLS.
If you require it at the client (TLS_ReqCert demand or hard), then it succeeds only if the connection is made via TLS.
Craig