LDAP Security: The Three Aspects

As we have seen already, the directory contains sensitive information. One example of such sensitive information is the userPassword attribute. But other information that may be considered sensitive, such as personal information or confidential information about the organization, may exist in the directory. Such information needs to be protected.

We might ask what is meant by protection in this case. For it is certainly not the case that we want to prevent all clients from seeing everything. What we want rather, is to allow people to get at specific pieces of the directory information. But, on the other hand, there are cases where we want to deny certain users the ability to get at certain pieces of directory information. So protecting our data becomes a matter of providing information in some cases, while denying it in other cases.

While it is possible to draw finer-grained distinctions, here we are going to consider three broad aspects of security where we want to make sure that we are protecting the directory and its information. These three aspects are as follows:

    • Connection Security: This is the process of protecting directory information (and client information) as it is passed between a client and the directory server. We will talk about this in the context of network security with SSL and TLS.

    • Authentication: This is the process of ensuring that the user who tries to access the information in the directory is who he/she/it claims to be. In this chapter we will look at two types of authentication: simple and SASL Binding. SASL stands for Simple Authentication and Security Layer .

    • Authorization: This is the process of ensuring that an identified or authenticated user is allowed to access pieces of information within the directory. OpenLDAP ACLs are used to specify rules for authorization.

    In this tutorial we will look at each of these three aspects of security. By combining all three we will be able to provide suitably fine-grained protection for our directory information.

    Related Articles

    How to add swap space on Ubuntu 21.04 Operating System

    How to add swap space on Ubuntu 21.04 Operating System

    The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

    read more

    Lorem ipsum dolor sit amet consectetur

    0 Comments

    Submit a Comment

    Your email address will not be published. Required fields are marked *

    2 × 1 =