Re: Best way to secure LDAP to public Server

Thanks for your Reply, and sorry for my late reply.

• do you only need data integrity or also data confidentiality?

Data confidentiality since it will be read only just for User-Auth.

• which kind of data is stored inside the LDAP server?

Employee data like names, E-Mail, password

• how do LDAP clients access the server?

We want to connect our public git with our local UCS-Server (just for Auth)

• which OS is the LDAP server running on?

Debian 9

• against which attacks do you want to protect your deployment?

We only want to do Gittea user Auth against UCS/LDAP, therefore Proxy/Filter came into our mind to filter out only the needed requests. E.g. in order to Auth a User you don't need to query its telephone number.