Re: Security and OpenLDAP

[Tony Earnshaw <tonni@billy.demon.nl>]

tir, 2003-01-21 kl. 18:12 skrev Chris Whalen:

> I was wondering if anyone out there can point me to a location that has a
> nice breakdown of the security options, their weaknesses, their strengths
> and the tradoffs for OpenLDAP.
> I still find the ACL options somewhat cryptic and can't get the
> configuration that I want to work. I am thinking more along the lines of a
> document that would tell me succinctly about Cyrus-SASL vs/with Kerberos
> vs/with TLS, best ACL configurations, etc.  Yes I am a newbie, but I have
> been trying to get this info off of the many sites and online HOWTOs with
> info about OpenLDAP.  Usually it seems that many of the sites just describe
> their authors favorite configuration without detailing the tradeoffs or
> strengths of that config.

Sorry, this is going to sound awfully cryptic; it isn't meant to be.

IMHO the whole basis of security (SANS, CERT, GIAC, PKI, ISO17799 etc)
should have been assimilated and be be the basis on which to build LDAP
(irrespective of which version or make) and not the other way around.

Anyone will be able to break your security, however well meant, if you
aren't a step ahead of him and have planned for it already.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl