Re: External LDAP Authentication through the firewall

["Michael J. Wheeler" <mwheeler () PITTSTATE EDU>]

We have an InterLibrary Loan vendor querying our Sun LDAP servers for
authentication. MS LDAP is a very different beast though. It's the only
LDAP server I know of that defaults to "allow" viewing information about
others. It is also the only LDAP server I know of that doesn't promote the
use of ACLs to restrict what information accounts can see.

If I were running a MS LDAP server, I'd probably deny the request because I
couldn't adequately secure the information on the server. But, with any
other LDAP server, you should be able to secure the data and be perfectly fine.

--
Michael J. Wheeler
Assistant Director, Systems and Networking
Pittsburg State University
Phone:  620-235-4610
E-mail: mwheeler () pittstate edu

On 1/8/2010 8:28 AM, Di Fabio, Andrea wrote:
> I'd like to get some feedback on the pros and cons of allowing a vendor to
> directly query the internal LDAP for user authentication.  I do understand
> that there tools out there like shibboleth, but at this point we have gotten a
> specific request to allow AD authentication through our firewall for an
> InterLibrary Loan Software.  Save the: it should have been a well thought out
> process/project comments ;-)  Sometimes we can control what other IT units do.
>
> The MS LDAP is our main and central authentication and GP.  I am inclined to
> deny the request, but I would like to bounce it against you experts and
> possibly get some points for or against it that I can use when responding to
> the Library IT person and possibly to upper management.
>
> Thank you!