Best Practices in LDAP Security
Andrew Findlay
October 2011
Abstract
LDAP servers are part of the critical infrastructure of most large organisations. They hold personal data subject to legal protection, and often act as the authoritative source of authentication and authorisation for multiple applications.
This paper divides LDAP security into three major requirements: availability, integrity, and confidentiality. Appropriate controls are proposed for each topic, noting the interactions and compromises that are required. Most of the controls are technical, relating to design and administration issues that affect all LDAP server products. The tradeoff between technical and organisational controls is discussed, with reference to common human factors issues.
The paper was presented
at the LDAPCon2011 conference in Heidelberg.
It is available in PDF format:
- Best Practices in LDAP Security (PDF)
- Presentation slides (PDF)
- Video
Continuing Work
This paper is part of a continuing effort to develop a set of best practices with community consensus: