Is LDAP authentication supported on LDAPS through MID server?

Ivar Donado
Mega Sage

Hi everyone,

I know LDAP authentication is not supported through MID server. My understanding is that this happens because LDAP doesn't support SSL connections.

However LDAPS supports them, so I was wondering if LDAPS would support authentication through a MID server and what configuration would I need to do in order to make it possible. I haven't been able to find any info about this.

1 ACCEPTED SOLUTION

I doubt that that could be made to work securely and reliably. As you know SN can never connect to the MID server (to send user and password for validation) only the MID server can connect to SN, fetch the list of work to be done and upload the result once completed. In an ideal situation, where the MID server has a working AMB subscription, this can be almost instantaneous, however AMB is not 100% bulletproof. And the fallback max. round-trip interval can be as long as 40+ seconds in a default configuration. That means a simple login can take as much as almost a minute in a worst case scenario. Another concern would be security: the job "sent" to the MID server (the ecc queue record) will contain the password and it could be logged to a file too. Even if encrypted, someone who gains access to the MID service process will be able to decrypt passwords. I'm not sure users would be thrilled to learn that their passwords can easily be had by administrators of the MID servers. It might also enable man in the middle attacks. Actually for the same reasons it might not be a good idea to do it even if it were possible.

View solution in original post

3 REPLIES 3

Raj_Esh
Kilo Sage
Kilo Sage

Hi Ivar,

 

If you're looking for connecting LDAPS through MID Server. You can refer to KB0825425

Also, LDAP integration via MID Server

 

Hope it helps.

 

Thanks,

Raj

 

--Raj

We are already past integrating with LDAPS through MID server. The problem is that my client is using LDAP authentication, which is not available through MID server as LDAP doesn't support SSL.

I was wondering if LDAPS did support authentication since it supports SSL.

I doubt that that could be made to work securely and reliably. As you know SN can never connect to the MID server (to send user and password for validation) only the MID server can connect to SN, fetch the list of work to be done and upload the result once completed. In an ideal situation, where the MID server has a working AMB subscription, this can be almost instantaneous, however AMB is not 100% bulletproof. And the fallback max. round-trip interval can be as long as 40+ seconds in a default configuration. That means a simple login can take as much as almost a minute in a worst case scenario. Another concern would be security: the job "sent" to the MID server (the ecc queue record) will contain the password and it could be logged to a file too. Even if encrypted, someone who gains access to the MID service process will be able to decrypt passwords. I'm not sure users would be thrilled to learn that their passwords can easily be had by administrators of the MID servers. It might also enable man in the middle attacks. Actually for the same reasons it might not be a good idea to do it even if it were possible.