5 - LDAP Security

LDAP databases store critical information that must be kept secure. The Apache LDAP API can access the data securely while in flight but can’t protect it while at rest – that’s for the database system itself to do.

Generally speaking when it comes to securing a system, we are addressing the three As: Authentication, Authorization and Auditing.

The only aspect we will focus on is the Authentication part, because the LDAP protocol does not address the other two, when it comes to an API. We will talk about authorization a little bit in the last chapter.

Another aspect of security is encryption:

  • securing the communication between the client and the server
  • password hash

Last, but not least, we have seen how to perform a simple bind to an LDAP server using a name and a password. There are other ways to bind, using SASL. We will also explain how to use certificates in SSL/StartTLS.