[nflug] openldap
Eric Benoit
eric at bootz.us
Wed Nov 19 11:04:01 EST 2008
Darin, thank you.
we should use tls because encryption like ssha and crypt can be decrypted?
Darin Perusich wrote:
> The client doesn't dictate how communication will take place, the server
> does. You configure the server to allow anonymous binds, or to use TLS,
> or to require certificates, or SASL, etc, etc. Anonymous binds are
> allowed by default but the server will only return a subset of the
> information. Even if you bind as yourself and query your record the
> server will still not return all values. Do a search and request your
> userPassword field and you'll see what I mean, only certain account
> types can view that attribute.
>
> I would advice against preforming anonymous binds, instead create an
> application or proxy user. And TLS should alway be used with passwords
> or any sensitive data is passing over the wire.
>
> Eric Benoit wrote:
>
>> :) so many questions, wish I could take a class.
>>
>> I'm trying to get a handle on the most common way to connect to an
>> openldap server anonymously.
>>
>> do most clients require the use of sasl or tls even when it's an
>> anonymous bind?
>>
>
>
More information about the nflug
mailing list