would this still be the way of securing an OpenLDAP server on Debian 9 (Stretch) and 10 (Buster). See Section 11.7.3.3. Securing LDAP Data Exchanges. Unfortunately the Debian manual seems to always be a few distros behind. Although its a home network, I'm still no keen on having passwords traveling in clear between hosts.
1 Answer
Yes. Always use TLS to secure data transmitted and let the client authenticate the server to which it sends credentials.
Yes. The section Securing LDAP Data Exchanges seems to be sufficient to properly configure TLS. You should consider to automate things especially for certificate and key renewal.
-
Thanks for your reply Michael. I guess my question was whether the above guide was applicable to Debian Buster? Apologies for not wording the question correctly.MiniTux– MiniTux2020-04-16 07:43:04 +00:00Commented Apr 16, 2020 at 7:43
-
Edit my answer.Michael Ströder– Michael Ströder2020-04-16 19:43:00 +00:00Commented Apr 16, 2020 at 19:43