LDAPv3: Security

• LDAPv3 can be carried over SSL

  • Provides connection authentication and confidentiality

• SASL Bind

  • Allows negotiation of services (e.g. Kerberos or GSS-API)

• Password encrypted with one-way hash

  • All servers must have a copy of client’s password
  • Suitable for environments with a single service

• Strong authentication with digital signature

  • Servers need only have client’s public key (via certificate)
  • Suitable for environments with multiple services

Previous slide

Next slide

Back to first slide

View graphic version