nss_ldap security

nss_ldap security

At the moment we allow anonymous queries to our ldap directory:

ldapsearch -v -h ldapserver -x -b "dc=redflo,dc=de" "(objectClass=*)"

And if you use ethereal or tcpdump, then you'll see that the data are sent unencrypted over the wire. So we have some steps to do:

  • We want the information dtored in the directory to be presented only to authorized people or computers.
  • We want to use kerberos for authentication and basic authorization.
  • We want to use access control lists to limit access even from authenticated people to directory data.
  • Let's encrypt

Erstellt von admin. Letzte Änderung: Sonntag Januar 8, 2006 18:18:44 GMT-0000 by admin.