LDAPS - Lightweight Directory Access Protocol over SSL/TLS

What is LDAPS?

LDAPS stands for Lightweight Directory Access Protocol over SSL/TLS. It is a secure version of LDAP that encrypts the communication between the client and server using SSL (Secure Sockets Layer) or TLS (Transport Layer Security).

Why is LDAPS useful?

  • Protects sensitive directory data by encrypting it during transmission.

  • Prevents eavesdropping, tampering, and man-in-the-middle attacks.

  • Commonly required in environments handling authentication, authorization, or identity management.

  • Helps meet security compliance standards.

How it works?

  • The client initiates a connection to the LDAP server on the secure LDAPS port.

  • A TLS/SSL handshake occurs to establish a secure channel.

  • Once the connection is encrypted, LDAP operations (search, bind, modify, etc.) proceed securely.

  • The entire session is wrapped in TLS/SSL from the start.

Where is LDAPS used?

  • Secure enterprise authentication systems.

  • Microsoft Active Directory environments.

  • Linux-based LDAP servers like OpenLDAP with TLS enabled.

  • Identity management, access control, and Single Sign-On (SSO) systems.

Which OSI layer does this protocol belong to?

  • LDAPS operates at the Application Layer (Layer 7) of the OSI model.

  • Encryption is provided by TLS/SSL at the Presentation Layer (Layer 6), but the LDAP protocol itself remains an application-layer protocol.

IS LDAPS Windows specific?

  • No, LDAPS is not Windows-specific.

  • While it is heavily used in Windows environments (like Active Directory), it is supported across various platforms.

IS LDAPS Linux Specific?

  • No, LDAPS is not Linux-specific.

  • Linux systems commonly use LDAPS with OpenLDAP or similar directory services, but it’s not limited to Linux.

Which Transport Protocol is used by LDAPS?

  • LDAPS uses TCP as the transport protocol.

  • All data is transmitted over an encrypted TCP connection.

Which Port is used by LDAPS?

  • LDAPS typically uses port 636 for secure connections.

  • This differs from standard LDAP, which uses port 389.

Is LDAPS using Client server model?

  • Yes, LDAPS follows the client-server model.

  • Clients (such as authentication services or applications) connect to the LDAPS server to securely retrieve or manage directory information.

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

  • rfc details

  • setup

  • setup

  • packet details

  • usecases

  • features

  • Reference links