Adding SSL to non SSL LDAP Programs

Created: 2012-04-20 08:09:59
Modified: 2017-05-31 15:15:43
Tags: LDAP SSL

This solution applies to any application that lacks SSL support.

Stunnel is an open source program. It is a TCP proxy that can forward packets wrapped in an SSL connection. It is a great way to SSL enable any TCP client or server application. Stunnel relies on OpenSSL for it’s encryption code and is available in binary format for Linux and Windows. Source code is also available to comple to other platforms.

In our example let’s take an LDAP client that does not have SSL capabilities but needs to connect to an LDAP server running SSL.

Stunnel can run on the client’s machine as a background process listening on a specific port. In this example let’s use 10000 and it is configured to connect to a distant LDAP server over SSL (ldap.acme.com:636). The client application connects locally to port 10000 with their favorite LDAP application. That connection is then wrapped in SSL and forwarded using stunnel to the distant LDAP server listening on LDAP SSL port 636.

This is just one small way the software can be used. Here are some other ideas:

  • SSL Enable your favorite server application (LDAP, HTTP, telnet etc)
  • Install it on a seperate server to accelerate SSL connections.
  • Use it at both ends to provide an end-to-end secure solution.
  • Use it as a basic proxy solution to prevent direct access to your server.

If you would like more information on configuring this solution please contact us our Technical Support Team.

Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync