LDAP Security Model

• Client authentication at start of the LDAP connection

  • simple bind
    • send a DN and a password that is stored in the userPassword attribute of that entry
    • password gets sent in the clear
  • SSL (Secure Socket Layer): LDAPS
    • whole session is encrypted
    • strong authentication with X.509 Certificates
  • SASL (Simple Authentication and Security Layer) mechanisms
    • TLS (Transport Layer Security) = new version of SSL
    • StartTLS operation

Previous slide

Next slide

Back to first slide

View graphic version