On Mon, Sep 26, 2011 at 3:58 PM, criderkevin@aol.com wrote:
Our network is secure. It's internal, except for the VPN. Access to these apps, even the web-based ones, is blocked by the firewall to outside and other vlans. This LDAP is for company/internal use, not for paying users.
Most successful attacks come from inside the network AFAIK.
In the "monkeying around" at home I have setup my test systems with SSL, and I am learning it...just wondering if in a production environment we would need the extra layer of security, complexity and overhead.
Thanks for the help!
-----Original Message----- From: Chris Jacobs Chris.Jacobs@apollogrp.edu To: 'criderkevin@aol.com' criderkevin@aol.com; 'openldap-technical@openldap.org' openldap-technical@openldap.org Sent: Mon, Sep 26, 2011 10:28 am Subject: Re: LDAP and SSL
SSL is primarily designed to encrypt the data 'on the wire'. Certs and cert authorities are designed to try bring some level of trust that you are talking to the server you intend to be talking to.
If your network is secure then there's likely little 'need', per se, for SSL
- but anyone on the network can do a network packet capture and catch the
mailbox user login and app logins - which is not a good idea.
If you're doing this for work and paying users: encrypt the data on the wire.
If you're just monkeying around at home: shave whatever corners you want, but learning SSL is important so take the time.
TL;DR: Use SSL.
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing and Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | fax 206.644.0628 email mailto:chris.jacobs@apollogrp.edu ________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Sep 26 07:18:00 2011 Subject: LDAP and SSL
I'm struggling with the need for SSL...
We will use our new LDAP for apps. These servers are all locally housed so each app server will talk to the LDAP server over our network. (why) Would we need SSL?
What about for mail services? It seems to me that our mail server would also talk directly to the LDAP server...what am I missing here that dictates the use of SSL with LDAP? I could see if one had their LDAP open to be accessible direct access from off-network. Perhaps SSL is used simply as a means to authenitcate?
Kevin
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.