Craig White wrote: >> What exactly is the relation between SASL and TLS? >> Are they alternative methods of authentication, >> or are they complementary in some way? >> >> Presently I'm just using TLS. >> >> Any illumination gratefully received. > ---- > TLS is encryption method > SASL is an authentication method OK, thanks for responding yet again. You've said that before, but it seems to me that encryption necessarily involves, or requires, authentication. > with reference to all recent Fedora versions (6/7/8), the openldap admin > guide is here... > > http://www.openldap.org/doc/admin23/ I have been looking at that. But I'll study it further. > or more specifically (SASL) > http://www.openldap.org/doc/admin23/sasl.html > OpenLDAP clients and servers are capable of authenticating via the > Simple Authentication and Security Layer (SASL) framework, which is > detailed in RFC2222. This chapter describes how to make use of SASL in > OpenLDAP. Yes, I did see that. But it wasn't clear to me if the openldap user was actually being advised to use SASL. As a matter of interest, do you advise it? > and here... > http://www.openldap.org/doc/admin23/tls.html > OpenLDAP clients and servers are capable of using the Transport Layer > Security (TLS) framework to provide integrity and confidentiality > protections and to support LDAP authentication using the SASL EXTERNAL > mechanism. So it seems that this document at least recommends the use of SASL + TLS?