directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1003923 - in /websites/staging/directory/trunk/content: ./ api/user-guide/5-ldap-security.html
Date Sun, 01 Jan 2017 21:09:57 GMT
Author: buildbot
Date: Sun Jan  1 21:09:57 2017
New Revision: 1003923

Staging update by buildbot for directory

    websites/staging/directory/trunk/content/   (props changed)

Propchange: websites/staging/directory/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Sun Jan  1 21:09:57 2017
@@ -1 +1 @@

Modified: websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html
--- websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5-ldap-security.html Sun Jan 
1 21:09:57 2017
@@ -184,11 +184,24 @@
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover
> .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink
{ visibility: visible }</style>
 <h1 id="5-ldap-security">5 - LDAP Security<a class="headerlink" href="#5-ldap-security"
title="Permanent link">&para;</a></h1>
+<p>LDAP stores critical informations, and that needs to be secured. The Apache LDAP
API provides a way to access those data, there is little we can do to protect the access to
those data, but we can at least make it impossible for a third party to capture the transiting
+<p>Generally speaking when it comes to securing a system, we are addressing the three
<strong>A</strong>s :
+<em> Authentication
+</em> Authorization
+* Auditing</p>
+<p>The only aspect we will focus on is the <strong>Authentication</strong>
part, because the <strong>LDAP</strong> protocol does not address the two other
aspects, when it comes to an <strong>API</strong>. We will shortly talk about
authorization in the last chapter.</p>
+<p>An additional aspect is encryption :
+- securing the communication between the client and the server
+- password hash</p>
+<p>Last, not least, we have seen that we can bind on a <strong>LDAP</strong>
server using a name and a password, but there are other ways to bind, using <strong>SASL</strong>.
We will also explain how to use certificates in SSL/StartTLS.</p>
 <h2 id="contents">Contents<a class="headerlink" href="#contents" title="Permanent
-<li><a href="5.1-aci-and-acls.html">5.1 - ACI and ACLs</a></li>
-<li><a href="5.2-ssl.html">5.2 - SSL</a></li>
-<li><a href="5.3-start-tls.html">5.3 - StartTLS</a></li>
+<li><a href="user-guide/5.1-ssl.html">5.1 - SSL (e)</a></li>
+<li><a href="user-guide/5.2-start-tls.html">5.2 - StartTLS (e)</a></li>
+<li><a href="user-guide/5.3-password-handling.html">5.3 - Password handling</a></li>
+<li><a href="user-guide/5.4-sasl-bind.html">5.4 - SASL Bind</a></li>
+<li><a href="user-guide/5.5-certificates.html">5.5 - Certificates</a></li>
+<li><a href="user-guide/5.6-aci-and-acls.html">5.6 - ACI and ACLs (e)</a></li>

View raw message