Monday, January 9, 2012

LDAP Security Feature

Lightweight Directory Access Protocol (LDAP) is a scaled-down implementation of X.500 standard.
A network protocol for querying and modifying directory services running over TCP/IP. The LDAP Directory usually follows the x.500 model. The deployments of LDAP today tends to use Domain Name System (DNS) names for structuring the hierarchy.  With LDAP, a client can access the directory services through a LDAP-to-DAP gateway. By default, it is on TCP port 389. It has gained wide support from vendors such as Apache, AT & T, IBM and Apple. It can be implemented on servers such as Apache Directory Server and Red Hat Directory Server.



Security Features of LDAP 
Simple Authentication and Security Layer (SASL)  
Secure Sockets Layer (SSL)

    Simple Authentication and Security Layer (SASL)
    LDAP uses NT LAN Manager (NTLM) or Basic authentication to limit access to known users only. NTLM is a suite of authentication and session security protocols to authenticate the clients. Clients are able to prove their identities without sending a password to the server.

    Secure Sockets Layer (SSL)
    SSL protocol can protect data from sniffing by anyone with physical access to the network.
    It uses a program layer located between the HTTP and TCP layers. SSL uses the public and private key encryption system from Rivest-Shamir-Adleman (RSA), an internet encryption and authentication system.

    Reference
    http://www.slideshare.net/aierano/technical-background-overview-ppt
    http://www.zytrax.com/books/ldap/ch15/
    http://msdn.microsoft.com/en-us/library/aa913688.aspx
    http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL
    Posted by at

    1 comment:

    1. Lim Min-1002171EJanuary 10, 2012 at 6:23 AM

      Hi Yian hock. After reading your post, I feel that you have summarized nicely the key features of LDAP. I can easily understand your post. However, I do not understand what is the LDAP-to-DAP gateway. Perhaps, if you explain about this gateway, it would be slightly easier to understand. You could also perhaps add a video to your post to explain about the technology in more detail, and it would be easier to understand. Also, you can perhaps explain in more details about the encryption system that the SSL uses. Overall, your post is easy to understand and read. Good job!
      Lim Min
      1002171E

      ReplyDelete

    Subscribe to: Post Comments (Atom)