I run into this almost daily at the moment. I can't comment on whether or not I have SSL for ldap binds on the corporate network, but I have to say that you should use it where required.
>From what I keep seeing the apps that tend to use this model are the ones that are converted from using SunONE to ADS. They tend to want to use one or the other and it's to the advantage of the development company to use something common. While I would prefer that they figure out what AD Integrated means and define a common set of descriptions for that. Might be my fault for not being more rigid I suppose, but we can't all own the system now can we :) I've got three at the moment. One wants to extend the schema and then will use ADS as the identity, authentication and authorization mechanism. It's optional to use SunONE locally and have it pass through the authentication from the desktop. SSL and extend the schema on the DC's? Not likely. Another app doesn't extend the schema, but instead creates 200+ groups and a few accounts to manage the access. The app uses web logic and does ldap bind (simple bind - yuck) and was originally written for SunOne directories. A third one still has the requirements being defined apparently. There's several more in the wings waiting to see daylight. If you don't like SSL, which is fairly standard, have you considered IPSec? When all is said and done, that's all you really are after: transport level protection to prevent network traces of credentials that are flying about the ether(net). Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, March 28, 2005 8:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS part 2 Use it if you have to use simple ldap binds or you don't mind clear text passwords from simple ldap binds flying about. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Monday, March 28, 2005 11:57 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAPS part 2 So what is the consensus on this then? How many people on this list have implemented LDAP over SSL in their environment? Did you run into any problems? Would you do it again, or have you decided that there was no benefit in your particular scenario? Thanks for the information Joe^2 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
