Philip,
Happy New Year.
At 10:17 on 7-January-2002, Philip Hazel wrote:
> On Sun, 6 Jan 2002 cboye@??? wrote:
>
> > The following patch against src/lookups/ldap.c makes it possible to use
> > ldap connections over ssl (with startssl or direct ssl connection with
> > ldaps://). For this you must have openldap-2 or greater.
>
> Exim 4 already supports "ldaps".
>
> Is there a great need for the other option? LDAP users on this list,
> please respond! (We don't use LDAP here, so I have no experience of it
> myself.)
IMHO, the only reason for using SSL (so that is LDAPS, or LDAP
followed by starttls) is if you are concerned about data security
(i.e. password sniffing).
For some operations (not in Exim), I do use LDAP, followed by
STARTTLS. Typical cases are where I do not want the overheads of
setting up and running an SSL connection (as I am not worried about
the data being sniffed), but then once I have checked some data, I
decide that I want to perform an authentication, so need to
communicate a password. In this situation I would start with an LDAP
connection, then use starttls when I came to bind with the password.
I suspect that most people are calling LDAP from Exim to look up
details, but few are using it for authentication, so startssl may be
a nice to have option for a minority of users.
Douglas.
--
================================
Douglas GRAY STEPHENS
Global Infrastructure (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND
Phone +44 1223 325295
Mobile +44 773 0051628
Fax +44 1223 311830
Email DGrayStephens@???
================================