LDAP provides a generic directory service. It is often used to store information of all sorts, from information that is about entities on the network, such as users, printers and computers, to location of file systems, to application configuration information. In LDAP servers, some systems are in place for controlling who can read and update the information in the directory.
LDAP authentication
In order to access the LDAP service, LDAP client must authenticate itself to the service first. It must tell the LDAP who is going to access the data so that the server can decide what the client is allowed to both see and do. If the client authenticates successfully to the server, and when the server subsequently receives a request from the client, it will check whether the client is allowed to perform the request. This process is also known as access control.
Security Features of LDAP
1) Only supports basic authentication, Microsoft Windows NT LAN Manager (NTLM) and Negotiate
- Using NTLM or negotiate because basic authentication uses password.
2) Using Secure Socket Layer (SSL)
- Protects data from sniffing by anyone with physical access to the network
Reference
No comments:
Post a Comment