Secure LDAP

[etchy]

Forgive me if this has been answered somewhere else.

I am attempting to secure LDAP authentication between the wiki and a 2k3 domain controller. Thanks to the information in the 'how to', it was relatively easy to setup and integrate with the AD, however anyone with a sniffer can grab usernames and passwords.

Is it possible to implement secure LDAP communication from the DikiWiki running on Debian Linux/GNU to Windows Server 2k3 R2 and if so could someone point me in the right direction?

I've checked this forum and the only answers I can find include installing additional software (DeleGate or stunnel).

In the 'how to' there's a comment that says SSL support is not currently enabled, but that was back on October 2007

Thank you!

[yasuaki]

Hi etchy,
I'm thinking that Deki Wiki doesn't communicate to secure LDAP authentication service. However, Deki Wiki can communicate secure LDAP service with additional software, like DeleGate or stunnel. I think you have already had the answer.

In my office, DeleGate has converted the communication protocol by using Windows 2003 Server on the same box. Moreover, therer is DeleGate also in the Deki Wiki box, and the communication route is protected with SSL.

The configuration are described on below thread.
Forums > MindTouch Deki Wiki > General Technical Discussions > LDAP Integration > LDAP over SSL
http://forums.opengarden.org/showthread.php?t=1852

In my guess, additional software is unnesessary for Windows Server. I think that LDAP service in Windows server can communicate over both ports 389(LDAP) and 636 (LDAP over SSL protocol).