Preferred authentication mechanism - LDAPS or startTLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks George

I agree with you on point you made about the possibility of LDAP clients
that only supports LDAPS.
I'll look into that more to see if there is a need for LDAPS in my
environment.

- David

On Wed, Apr 9, 2008 at 4:20 PM, George Holbert <gholbert at broadcom.com>
wrote:

> Hi David,
>
> You're correct that LDAPS is deprecated.  I think most people would
> encourage you to prefer StartTLS.
> However, you may still want to use LDAPS in your environment depending on
> what LDAP client applications your service will need to support.  Several
> LDAP client programs still only support LDAPS, or have no support at all for
> transport layer security.  Your particular usage scenario will be the most
> influential factor.  If your LDAP service will be used with a variety of
> clients, odds are there's at least a few that will only support LDAPS.
>
>  Beside startTLS, what are some other popular LDAP authentication
> > mechanisms that is widely use in today's enterprise world?
> >
>
> As far as FDS, check out the following:
>
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL.html
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/SASL.html
> http://directory.fedoraproject.org/wiki/Documentation
>
>
>
>
> Chun Tat David Chu wrote:
>
> > Hi group,
> >
> > I'm currently looking into LDAP authentication and would like to know
> > about what is the preferred authentication mechanism.  If I want to use TLS
> > for authentication, should I use LDAPS or startTLS?
> >
> > From my understanding, LDAPS was introduced in LDAPv2 and startTLS is
> > introduced in LDAPv3.
> >
> > I surfed on the Internet, and it appears that startTLS should be
> > deprecating LDAPS but a lot of people are still using LDAPS today.
> >
> > Beside startTLS, what are some other popular LDAP authentication
> > mechanisms that is widely use in today's enterprise world?
> >
> > Thanks!
> >
> > David
> > ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080409/56781a6e/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux