Linux.com: Introduction to LDAP - Part IIOct 28, 2000, 20:07 (1 Talkback[s])
(Other stories by Alexander Reelsen)
"After deploying the basics of LDAP from the first part, now you dive into practical usage of LDAP in the wild. Some of the biggest ISPs authenticate everything they can against their LDAP trees, starting with RADIUS (Remote Authentication DIalin User Service), going over to the complete employee index, up the authentication of the firewalls and SecureID cards. Each of these LDAP trees are big. Searches take time before matches are returned. A service like RADIUS runs fast into a timeout, so think about this before you plan your LDAP tree."
"The next issue worth your attention is LDAP security. By default, LDAP's only built-in features are the access lists of the slapd.conf file, where you can define read-only or write access for certain users or certain distinguished names. This strong and complex feature is fairly useful. However, you must add a extra layer of security when sending LDAP data over the wires. It is clear text per default, but TLS (transport layer security) can be used. Newer versions (many vendors ship a version < 2.0) do support TLS."