|Skip Navigation Links|
|Exit Print View|
|Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (22.214.171.124.0)|
Directory Server supports several mechanisms that provide secure and trusted communications over the network. LDAPS is the standard LDAP protocol that runs on top of the Secure Sockets Layer (SSL). LDAPS encrypts data and optionally uses certificates for authentication. When the term SSL is used in this chapter, it means the supported protocols SSL2, SSL3 and TLS 1.0.
Directory Server also supports the Start Transport Layer Security (Start TLS) extended operation to enable TLS on an LDAP connection that was originally not encrypted.
In addition, Directory Server supports the Generic Security Service API (GSSAPI) over the Simple Authentication and Security Layer (SASL). The GSSAPI allows you to use the Kerberos Version 5 security protocol on the Solaris and Linux operating systems. An identity mapping mechanism then associates the Kerberos principal with an identity in the directory.
For additional security information, see the NSS web site at http://www.mozilla.org/projects/security/pki/nss/.
This chapter provides procedures for configuring security through SSL. For information about ACIs, see Chapter 6, Directory Server Access Control. For information about user access and passwords, see Chapter 7, Directory Server Password Policy.
This chapter covers the following topics: