LDAP Best Practices Wiki This Wiki exists to collect good LDAP practices, particularly those relating to security. The idea is to make a list for sites to select ...
LDAP Security Requirements Section 2.19 of ISO/IEC 27000:2009 ISO27000 defines information security as "preservation of confidentiality, integrity and availabi...
Password Policy Everyone knows about password policy: 8 or more characters, no repeats, no words, include numbers and symbols, change password every month... The ...
The Structure of this Wiki This Wiki is divided into several Webs each for a particular purpose: * LDAP to hold the actual content * Main to hold user...
Object Classes Every object in the directory is a member of at least one object class. Object classes are used to indicate what sort of real world object the entr...
Proxy Authentication LDAP provides mechanisms for one account to act on behalf of (and with the access rights of) another. Threats 1 In real life, people occa...
Password based SASL mechanisms Several SASL mechanisms provide for authentication using passwords. Their security properties are different. Threats 1 The user...
Simple Bind To authenticate using Simple Bind, the LDAP client supplies a DN and a clear text password. Threats 1 The DN and password can be copied by an atta...
SASL External Authentication SASL allows an authentication established by non LDAP means such as TLS to be used in LDAP. Threats 1 Re usable credentials such ...