Our network is secure. It's internal, except for the VPN. Access to these apps, even the web-based ones, is blocked by the firewall to outside and other vlans. This LDAP is for company/internal use, not for paying users.
 
In the "monkeying around" at home I have setup my test systems with SSL, and I am learning it...just wondering if in a production environment we would need the extra layer of security, complexity and overhead.
 
Thanks for the help!



-----Original Message-----
From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
To: 'criderkevin@aol.com' <criderkevin@aol.com>; 'openldap-technical@openldap.org' <openldap-technical@openldap.org>
Sent: Mon, Sep 26, 2011 10:28 am
Subject: Re: LDAP and SSL

SSL is primarily designed to encrypt the data 'on the wire'. Certs and cert authorities are designed to try bring some level of trust that you are talking to the server you intend to be talking to.

If your network is secure then there's likely little 'need', per se, for SSL - but anyone on the network can do a network packet capture and catch the mailbox user login and app logins - which is not a good idea.

If you're doing this for work and paying users: encrypt the data on the wire.

If you're just monkeying around at home: shave whatever corners you want, but learning SSL is important so take the time.

TL;DR: Use SSL.

- chris


Chris Jacobs, Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc.
1501 4th Ave | Suite 2500 | Seattle, WA 98101
direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628
email mailto:chris.jacobs@apollogrp.edu


From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Mon Sep 26 07:18:00 2011
Subject: LDAP and SSL

I'm struggling with the need for SSL...
 
We will use our new LDAP for apps. These servers are all locally housed so each app server will talk to the LDAP server over our network. (why) Would we need SSL?
 
What about for mail services? It seems to me that our mail server would also talk directly to the LDAP server...what am I missing here that dictates the use of SSL with LDAP? I could see if one had their LDAP open to be accessible direct access from off-network. Perhaps SSL is used simply as a means to authenitcate?
 
Kevin




This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.