![]() The feature is enabled by default, but you may need to configure it. Server ConfigurationĪpacheDS 1.5.x supports both options and requires a JDK 1.5 or above. The client may go back to the original connection state ("TLS Closure Alert"), in doing so protecting only selected parts of the communication.īoth ways to utilize SSL/TLS within LDAP require the configuration of the server with an appropriate certificate. It is not necessary to change the port for this, the communication continues on the established connection. With a special request (extended operation StartTLS) it tries to switch to secure communication afterwards. In the second option a client establishes at first a "normal" LDAP connection. It is possible to write programs which switch between ldap and ldaps without changes in the source, if the connection data is configured external. In URIs the schema "ldaps" is specified (for instance ldaps://fmw11g.vm.:636/ ) instead of "ldap". Establishing a connection like this is normally provided via a different server port (port 636 is common, it is a well-known port, like port 389 is for LDAP). The first option is comparable to HTTPS and inserts an SSL/TLS layer between the TCP/IP protocol and LDAP. There are two approaches to utilize these technologies in the LDAP world. Among these are the protection of data against eavesdropping and modification, when on transit between client and server (data integrity), and the authentication of a server toward a client with the help of a certificate. Several requirements related to security can be easily accomplished with the help of SSL technology (Secure Socket Layer) or its standardized successor TLS (Transport Layer Security, RFC 2246).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |