Educause Security Discussion mailing list archives
Re: External LDAP Authentication through the firewall
From: "Michael J. Wheeler" <mwheeler () PITTSTATE EDU>
Date: Fri, 8 Jan 2010 08:59:43 -0600
We have an InterLibrary Loan vendor querying our Sun LDAP servers for authentication. MS LDAP is a very different beast though. It's the only LDAP server I know of that defaults to "allow" viewing information about others. It is also the only LDAP server I know of that doesn't promote the use of ACLs to restrict what information accounts can see. If I were running a MS LDAP server, I'd probably deny the request because I couldn't adequately secure the information on the server. But, with any other LDAP server, you should be able to secure the data and be perfectly fine. -- Michael J. Wheeler Assistant Director, Systems and Networking Pittsburg State University Phone: 620-235-4610 E-mail: mwheeler () pittstate edu On 1/8/2010 8:28 AM, Di Fabio, Andrea wrote:
I'd like to get some feedback on the pros and cons of allowing a vendor to directly query the internal LDAP for user authentication. I do understand that there tools out there like shibboleth, but at this point we have gotten a specific request to allow AD authentication through our firewall for an InterLibrary Loan Software. Save the: it should have been a well thought out process/project comments ;-) Sometimes we can control what other IT units do. The MS LDAP is our main and central authentication and GP. I am inclined to deny the request, but I would like to bounce it against you experts and possibly get some points for or against it that I can use when responding to the Library IT person and possibly to upper management. Thank you!
Current thread:
- External LDAP Authentication through the firewall Di Fabio, Andrea (Jan 08)
- <Possible follow-ups>
- Re: External LDAP Authentication through the firewall Matthew Gracie (Jan 08)
- Re: External LDAP Authentication through the firewall schilling (Jan 08)
- Re: External LDAP Authentication through the firewall James Cooley (Jan 08)
- Re: External LDAP Authentication through the firewall Michael J. Wheeler (Jan 08)
- Re: External LDAP Authentication through the firewall Flynn, Gerald (Jan 08)