Re: External LDAP Authentication through the firewall

[schilling <schilling2006 () GMAIL COM>]

LDAP have ACL to control what attribute/value an account can access.

Our university is discussing how to accomplish the interlibrary load thing too.

SChilling

On Fri, Jan 8, 2010 at 9:30 AM, Matthew Gracie <graciem () canisius edu> wrote:
> Di Fabio, Andrea wrote:
> > I'd like to get some feedback on the pros and cons of allowing a vendor to
> > directly query the internal LDAP for user authentication.  I do understand
> > that there tools out there like shibboleth, but at this point we have gotten a
> > specific request to allow AD authentication through our firewall for an
> > InterLibrary Loan Software.  Save the: it should have been a well thought out
> > process/project comments ;-)  Sometimes we can control what other IT units do.
> >
> > The MS LDAP is our main and central authentication and GP.  I am inclined to
> > deny the request, but I would like to bounce it against you experts and
> > possibly get some points for or against it that I can use when responding to
> > the Library IT person and possibly to upper management.
> >
> > Thank you!
>
> One thing to think about is the other information that might be
> contained in that directory -- allowing access to full user records
> could easily run afoul of FERPA or other privacy regulations.
>
> --
> Matt Gracie                         (716) 888-8378
> Information Security Administrator  graciem () canisius edu
> Canisius College ITS                Buffalo, NY
> http://www2.canisius.edu/~graciem/graciem_public_key.gpg