Educause Security Discussion mailing list archives
Re: External LDAP Authentication through the firewall
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Fri, 8 Jan 2010 09:30:55 -0500
Di Fabio, Andrea wrote:
I'd like to get some feedback on the pros and cons of allowing a vendor to directly query the internal LDAP for user authentication. I do understand that there tools out there like shibboleth, but at this point we have gotten a specific request to allow AD authentication through our firewall for an InterLibrary Loan Software. Save the: it should have been a well thought out process/project comments ;-) Sometimes we can control what other IT units do. The MS LDAP is our main and central authentication and GP. I am inclined to deny the request, but I would like to bounce it against you experts and possibly get some points for or against it that I can use when responding to the Library IT person and possibly to upper management. Thank you!
One thing to think about is the other information that might be contained in that directory -- allowing access to full user records could easily run afoul of FERPA or other privacy regulations. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- External LDAP Authentication through the firewall Di Fabio, Andrea (Jan 08)
- <Possible follow-ups>
- Re: External LDAP Authentication through the firewall Matthew Gracie (Jan 08)
- Re: External LDAP Authentication through the firewall schilling (Jan 08)
- Re: External LDAP Authentication through the firewall James Cooley (Jan 08)
- Re: External LDAP Authentication through the firewall Michael J. Wheeler (Jan 08)
- Re: External LDAP Authentication through the firewall Flynn, Gerald (Jan 08)