Educause Security Discussion mailing list archives
Re: External LDAP Authentication through the firewall
From: schilling <schilling2006 () GMAIL COM>
Date: Fri, 8 Jan 2010 09:37:41 -0500
LDAP have ACL to control what attribute/value an account can access. Our university is discussing how to accomplish the interlibrary load thing too. SChilling On Fri, Jan 8, 2010 at 9:30 AM, Matthew Gracie <graciem () canisius edu> wrote:
Di Fabio, Andrea wrote:I'd like to get some feedback on the pros and cons of allowing a vendor to directly query the internal LDAP for user authentication. I do understand that there tools out there like shibboleth, but at this point we have gotten a specific request to allow AD authentication through our firewall for an InterLibrary Loan Software. Save the: it should have been a well thought out process/project comments ;-) Sometimes we can control what other IT units do. The MS LDAP is our main and central authentication and GP. I am inclined to deny the request, but I would like to bounce it against you experts and possibly get some points for or against it that I can use when responding to the Library IT person and possibly to upper management. Thank you!One thing to think about is the other information that might be contained in that directory -- allowing access to full user records could easily run afoul of FERPA or other privacy regulations. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- External LDAP Authentication through the firewall Di Fabio, Andrea (Jan 08)
- <Possible follow-ups>
- Re: External LDAP Authentication through the firewall Matthew Gracie (Jan 08)
- Re: External LDAP Authentication through the firewall schilling (Jan 08)
- Re: External LDAP Authentication through the firewall James Cooley (Jan 08)
- Re: External LDAP Authentication through the firewall Michael J. Wheeler (Jan 08)
- Re: External LDAP Authentication through the firewall Flynn, Gerald (Jan 08)