LDAP Security Feature

Background Information
LDAP (Lightweight Directory Access Protocol) is an application protocol for accessing and maintaining distributed directory information services over an IP (Internet Protocol) network. It is a directory-access protocol derived from X.500. It is a protocol for communications between LDAP servers and LDAP clients. These LDAP servers store "directories" which are being accessed by LDAP clients. The reason why it is called "lightweight" because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.

The four models of LDAP

LDAP Security Issues

• Unauthorized access to data via data-fetching operations
• Unauthorized access to data by monitoring others' access
• Unauthorized modification of data
• Unauthorized modification of configuration

LDAP Authentication Types

• Basic Authentication
• Accomplished is accomplished through the use of a DN (Distinguished Name) and a password. This data is sent either in plaintext or encoded using Base64 encoding.
• Simple Authentication and Security Layer (SASL)
• A framework for plugging in alternative security mechanisms. These mechanisms include:
• S/Key
• GSSAPI
• CRAM-MD5
• TLS
• ANONYMOUS

References

http://www.skills-1st.co.uk/papers/security-with-ldap-jan-2002/security-with-ldap.html

http://docs.oracle.com/javase/jndi/tutorial/ldap/security/

http://www.tech-faq.com/ldap-lightweight-directory-access-protocol.html