redflo.de | nss_ldap security

nss_ldap security

At the moment we allow anonymous queries to our ldap directory:

ldapsearch -v -h ldapserver -x -b "dc=redflo,dc=de" "(objectClass=*)"

And if you use ethereal or tcpdump, then you'll see that the data are sent unencrypted over the wire. So we have some steps to do:

We want the information dtored in the directory to be presented only to authorized people or computers.
We want to use kerberos for authentication and basic authorization.
We want to use access control lists to limit access even from authenticated people to directory data.
Let's encrypt