Comments (6)
Altai-man
commented on August 18, 2024
/me hopes using glauth server as a target for integration tests is ok enough.
from cro-ldap.
Altai-man
commented on August 18, 2024
Nope, it seems that go-ldap does not support StartTLS operation.
I am finding configuring OpenLDAP relatively complicated on my a bit rarely used distro, Void Linux it is...
@slunski do you know any lightweight servers I can use to test against? Or maybe some public server with StartTLS support I can use.
Implementing LDAP over SSL as ldaps seems not so hard too, probably have to implement it too, but it is deprecated and I would like to sort out things with StartTLS first.
from cro-ldap.
Altai-man
commented on August 18, 2024
@slunski and I see ldaps being advised compared to StartTLS... What do you think about implementing it instead(at least for the time being), will it make things better?
from cro-ldap.
slunski
commented on August 18, 2024
If I remember corectly 'ldaps' is not so good, StartTLS via 389 is prefered. Anyway, those days 'SSL' means TLS1.x...
Testing: I would just test on OpenLDAP. However RedHad's port389.org aka Sun Directory Server aka Netscape Directory Server could be good too. It was very good, no data from current decade...
Setting tunel with OpenSSL tools should also be possible for testing becouse that StartTLS is just outer layer to the protocol.
Generally LDAP servers are usually backend servers so no really encryption is needed. On-premise infrastructure speaking... Cloud is just... cloud... Also, as backend database running on same host as service using it 'ldapi://' protocol can be used - Unix/localhost sockets.
But OSI 'The Directory' - X.500 - was designed as general information sharing service: home adresses, phone book, DNS replacement, configuration storage, any data that have hierarchical structure. So from that point of view and in that Internet time-frame encryption would be big improvement over eg. DNS. Key motivation is speed - directory servers should are specialised for 1000:1 read to write ratio. If directory implementation isn't faster then eg. relational database then there is no point in using it.
However, as you noticed, public directory servers are probably nonexistent... LDAP is rather used in enterprise infrastructures. So encryption depends on use-case.
from cro-ldap.
Altai-man
commented on August 18, 2024
In the meanwhile, implemented LDAPS support, though not yet documented, really short on time these days.
from cro-ldap.
Altai-man
commented on August 18, 2024
Documented LDAPS support a91fc54
from cro-ldap.
Related Issues (13)
- Ensure anonymous authentication rules HOT 1
- Recompilation after dependencies update fails HOT 1
- A better server is needed
- is this project abadoned HOT 4
- Failure on fresh compilers HOT 1
- .bind hangs on credentials failure HOT 5
- Get SASL support for Perl 6 HOT 2
- Roadmap HOT 4
- LDAPv3
- Using "ldaps" without $ca-file hangs instead of showing an error message HOT 1
- :$dn in search method is confusing HOT 3
- Re-design controls HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cro-ldap.