Home » Security Bloggers Network » Protecting User Security in LDAP

Protecting User Security in LDAP

Lightweight Directory Access Protocol (LDAP) is a mainstay authentication protocol for IT professionals today. Created in 1993 by Tim Howes, Steve Kille, and Wengyik Yeong at the University of Michigan, and standardized by the Internet Engineering Task Force, LDAP distributes directory information over a network, i.e. as an identity provider (IdP). As such, LDAP is crucial in modern networking, for sharing information about users, devices, networks, and apps across an organization, and for granting access to that variety of IT resources. Let’s dive into some of the best practices IT admins can employ to protect user security in LDAP.

LDAP in Practice

When employees need to access an LDAP database or an IT resource that uses an LDAP service for authentication, they input their username and password and wait for the service to grant access. Their login information is matched to the identities stored in the LDAP database and access is granted. LDAP solutions can be stored on-site or in the cloud. Cloud-based LDAP requires no onsite servers and is scalable as a business grows. 

One of the most popular commercial legacy LDAP instances (or more generally a directory service) in use today is Microsoft^® Active Directory^®. Many organizations rely on Active Directory to manage user information and authenticate resource access, but Active Directory is just one example of a directory service that can use the LDAP protocol (note that AD’s primary, preferred authentication protocol is Kerberos). There are other directory services — many open source, such as Red Hat Directory Service, OpenLDAP™, Apache Directory Server, and more — and they all work with the LDAP protocol.

Protecting User Security in LDAP

Any modern hacker knows that the “keys to the kingdom” are the credentials stored in directory services like OpenLDAP, and therefore it’s essential to keep them secure. Once a hacker has access to one of the organization’s user accounts, it’s a race against the clock to prevent them from accessing critical organization data. LDAP enables access to vital infrastructure in organizations, so securing it before a breach happens is a crucial strategy. Here (Read more...)