On Thu, 2007-12-06 at 13:09 +0000, Timothy Murphy wrote: > Still battling with openldap, > which I actually have working perfectly, > but which I still don't understand. > > What exactly is the relation between SASL and TLS? > Are they alternative methods of authentication, > or are they complementary in some way? > > Presently I'm just using TLS. > > Any illumination gratefully received. ---- TLS is encryption method SASL is an authentication method with reference to all recent Fedora versions (6/7/8), the openldap admin guide is here... http://www.openldap.org/doc/admin23/ or more specifically (SASL) http://www.openldap.org/doc/admin23/sasl.html OpenLDAP clients and servers are capable of authenticating via the Simple Authentication and Security Layer (SASL) framework, which is detailed in RFC2222. This chapter describes how to make use of SASL in OpenLDAP. and here... http://www.openldap.org/doc/admin23/tls.html OpenLDAP clients and servers are capable of using the Transport Layer Security (TLS) framework to provide integrity and confidentiality protections and to support LDAP authentication using the SASL EXTERNAL mechanism. Craig