Best Practices in LDAP Security

Andrew Findlay

October 2011

Abstract

LDAP servers are part of the critical infrastructure of most large  organisations. They hold personal data subject to legal protection, and often  act as the authoritative source of authentication and authorisation for  multiple applications.

This paper divides LDAP security into three major requirements: availability,  integrity, and confidentiality. Appropriate controls are proposed for each  topic, noting the interactions and compromises that are required. Most of the  controls are technical, relating to design and administration issues that  affect all LDAP server products. The trade­off between technical and  organisational controls is discussed, with reference to common human­ factors issues.

The paper was presented at the LDAPCon2011 conference in Heidelberg.
It is available in PDF format:

• Best Practices in LDAP Security (PDF)
• Presentation slides (PDF)
• Video

Continuing Work

This paper is part of a continuing effort to develop a set of best practices with community consensus:

• LDAP Best Practices Wiki