Digging a "Stunnel"
Novell Cool Solutions: Tip
Digg This -
Posted: 16 Dec 2004
A reader recently asked the following question about security:
"I have 2 webservers that use ldap authentication. They each have their own ldap server. im a bit worried about security. Do you have any advice / TIDs on this issue?"
Depending on what OS your webservers are running, something as simple as stunnel can be used to connect using LDAPS. The nice thing about using stunnel is that your applications will not need to change to use LDAPS. Instead they just connect locally to stunnel, which handles the secure connection to the remote server.
Here's a brief description of stunnel from the stunnel.org home page:
Stunnel -- Universal SSL Wrapper
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. The Stunnel source code is not a complete product -- you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.
The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software. Your compiled Stunnel binary is 'restricted' by whatever license your chosen SSL library is under, however both OpenSSL and SSLeay are open source and similarly liberal in their licensing.
For more information on stunnel, see http://www.stunnel.org/
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com