I noticed binds to the LDAP server with TLS off (plain connection) generate around 14
packets, while with TLS on, generate around twice the number of packets. It's not
always twice, but near that.
The smtp server only does anonymous binds do LDAP, while the IMAP server always use TLS,
because it makes bind with DN/passwords. I don't think about changing this setup (smtp
= plain connections, imap = tls connections).
My question is about other software, code me and others write, that makes queries to the
same LDAP server. We want to define a standard to always use TLS on code any of us write,
so we don't need to recheck the code, to find if authenticated binds are being made
without TLS, or sensitive data is being passed on a LDAP query with plain text
connections. We can't always be sure if sensitive data will be passed, it's not
My question is, any of you can share your experience on LDAP perfomance regarding this,
whether or not to *always use TLS*? I think it's best to be sure we always use TLS,
but don't know the impact on performance. For the code we write I guess it will be no
more than 100 connections/hour (bind operations). That's really not much, so I think
TLS on everything won't be a problem. The real load is the smtp server use of LDAP,
thousands/hour, but that's all plain connections, anon bind, search operations.
Manage Clusters Easier
Easy to use Graphical Interface. Get 90-99% HW Utilization - Try Moab.
Powered by Outblaze