[Scottish] Quick ldap question
Phillip Bennett
phillip at mve.com
Wed Jul 4 15:28:16 BST 2007
Hi everyone,
As I have previously mentioned, I have spent the last few weeks setting up
an ldap server. So far, I have got authentication working for logins and
samba (even created a domain and joined it!).
My question is this:
What is needed to make it secure? I have set it up to work with SSL/TLS and
can see the packets going to and from the server on port 636 (ldaps). As
far as I'm aware this is secure. However, all the documentation I can find
on the web tells me that sasl and/or kerberos is needed to make it
super-secure. Is this correct? Do people think it's needed, or is it good
enough to be using TLS?
I notice that some of the ldap tools don't work properly without it, but the
ones I need do so it's not too much of an issue just yet. My biggest thing
is that it's taking a LOT longer than I thought. I would rather make it
"good" than "cheap", but is the extra time this would take worth it?
Thanks,
Phil.
More information about the Scottish
mailing list