On 9/26/2011 11:33, Dan White wrote:
On 26/09/11 10:18 -0400, criderkevin@aol.com wrote:
I'm struggling with the need for SSL...
We will use our new LDAP for apps. These servers are all locally housed so each app server will talk to the LDAP server over our network. (why) Would we need SSL?
What about for mail services? It seems to me that our mail server would also talk directly to the LDAP server...what am I missing here that dictates the use of SSL with LDAP? I could see if one had their LDAP open to be accessible direct access from off-network. Perhaps SSL is used simply as a means to authenitcate?
If you're performing TLS authentication, using client certificates, via STARTTLS, then using X.509 provides for a strong authentication mechanism using SASL (EXTERNAL).
That's the one benefit that I know of beyond the obvious session based encryption that you obtain using certificates.
The tls/ssl also protects against packet interception, which while it may seem obvious that noone can or will, I assure you someone could and might.