[Scottish] Quick ldap question

Phillip Bennett phillip at mve.com
Wed Jul 4 15:28:16 BST 2007

Hi everyone,

As I have previously mentioned, I have spent the last few weeks setting up 
an ldap server.  So far, I have got authentication working for logins and 
samba (even created a domain and joined it!).

My question is this:

What is needed to make it secure?  I have set it up to work with SSL/TLS and 
can see the packets going to and from the server on port 636 (ldaps).  As 
far as I'm aware this is secure.  However, all the documentation I can find 
on the web tells me that sasl and/or kerberos is needed to make it 
super-secure.  Is this correct?  Do people think it's needed, or is it good 
enough to be using TLS?

I notice that some of the ldap tools don't work properly without it, but the 
ones I need do so it's not too much of an issue just yet.  My biggest thing 
is that it's taking a LOT longer than I thought.  I would rather make it 
"good" than "cheap", but is the extra time this would take worth it?


More information about the Scottish mailing list