Securing Network-Based Directory Connections with SSL/TLS
The first element of security that we will examine is network security. Most clients connect to OpenLDAP over a network interface, and client requests, as well as the server's responses, are transferred over a network.
The LDAP protocol, by default, sends and receives messages in clear text. In this case no attempt is made to obscure the data as it is being transmitted across the network. Sending in clear text has a few advantages:
- It is easier to configure and maintain.
- LDAP services can function faster. The process of encrypting and decrypting messages can be processor-intensive, and eliminating that processing can serve to speed things up.
But these advantages come at the cost of security. ...
Get Mastering OpenLDAP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
