Best Practices in LDAP Security
LDAP servers are part of the critical infrastructure of most large organisations. They hold personal data subject to legal protection, and often act as the authoritative source of authentication and authorisation for multiple applications.
This paper divides LDAP security into three major requirements: availability, integrity, and confidentiality. Appropriate controls are proposed for each topic, noting the interactions and compromises that are required. Most of the controls are technical, relating to design and administration issues that affect all LDAP server products. The tradeoff between technical and organisational controls is discussed, with reference to common human factors issues.
This paper is part of a continuing effort to develop a set of best practices with community consensus: