Linux.com: Introduction to LDAP – Part II

“After deploying the basics of LDAP from the first part, now you
dive into practical usage of LDAP in the wild. Some of the
biggest ISPs authenticate everything they can against their LDAP
trees, starting with RADIUS (Remote Authentication DIalin User
, going over to the complete employee index, up the
authentication of the firewalls and SecureID cards. Each of these
LDAP trees are big. Searches take time before matches are returned.
A service like RADIUS runs fast into a timeout, so think about
this before you plan your LDAP tree.”

“The next issue worth your attention is LDAP security. By
default, LDAP’s only built-in features are the access lists of the
slapd.conf file, where you can define read-only or write access for
certain users or certain distinguished names. This strong and
complex feature is fairly useful. However, you must add a extra
layer of security when sending LDAP data over the wires. It is
clear text per default, but TLS (transport layer security) can be
used. Newer versions (many vendors ship a version < 2.0) do
support TLS.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis