Tuesday, 10 January 2012

LDAP Security Feature


Introduction of LDAP

The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services that act in accordance with X.500 data and service models. This document provides a road map of the LDAP Technical Specification. LDAP is an extensible protocol.  Extensions to LDAP may be specified in other documents.

Security Features

Examples of security features include authentication, Secure Sockets Layer (SSL) and also uses hashed-method for password.
o   Authentication – uses NTLM or basic authentication to limit the access of known users only. Authentication LDAP also supports negotiate which uses clear text passwords. The negotiate security package selects between Kerberos and NTLM. Negotiate uses Kerberos unless it cannot be used by one of the systems which involved authentication.
o   Secure Sockets Layer – SSL is a protocol that helps protect data from packet sniffing by sniffers with the access of the physical access to the network.
o   Hashed-method for password – there are shadow-password schemes that prevent `ordinary' users from getting hold of the hash data, but these are fairly easy to bypass when used with a NIS. With access to a collection of password hashes, a cracker can mount a dictionary attack with a good chance of success so it would be better to keep the hashes away from client machines entirely.



http://tools.ietf.org/html/rfc4510

http://msdn.microsoft.com/en-us/library/aa913688.aspx

http://www.skills-1st.co.uk/papers/security-with-ldap-jan-2002/security-with-ldap.html

http://www.filehold.com/sites/all/files/images/active-directory-integration.jpg


Posted by at

2 comments:

  1. Kelly10 January 2012 at 23:39

    Hi Nisha!
    After reading your blog post, I get to understand more about LDAP.
    Information were relevant to the topic. The diagram that was inserted makes it easy for me to understand about LDAP more. Security features were also well explained. Maybe you can try to explain more about the diagram which will help the reader to have a more in depth understanding about it. Overall, you have a good post
    Kelly
    1001240I

    ReplyDelete
  2. Nitrium-Jonathan12 January 2012 at 15:30

    Hello Nisha, I have went through your blog post, and I have found that the description that you have put up on LDAP was very useful and quite relevant to the topic. Furthermore, it gives a clear overview on the Security features that LDAP has as well as a diagram to aid in carrying your point across. The post itself was well organised, with bullet points separating the points. Overall, i believe that this is a good post.

    ReplyDelete

Subscribe to: Post Comments (Atom)