On Feb 14, 2012, at 5:46 PM, Fajar Priyanto wrote: > Hi all, > I'm setting up a local LDAP server with a pass-through authentication > to another LDAP. > I'm not clear about the encryption. > > Say the case is like this. CompB is set to have LDAP authentication. > A ---> SSH ---> CompB ---> Local LDAP:389 ---> SASLAUTHD --> Global LDAP: 636 > > 1. Password on the SSH session would be encrypted, isn't it? ---- ldaps (port 636) would indeed be encrypted but it is deprecated and not typically started by default configurations these days. ---- > 2. How about when it goes to the local LDAP:389, would it be encrypted? ---- depends upon whether TLS is indicated and/or required. If you require it via an ACL on the LDAP server, then it succeeds only if the connection is made via TLS. If you require it at the client (TLS_ReqCert demand or hard), then it succeeds only if the connection is made via TLS. Craig