On 4/8/21 4:07 PM, work@seyboldt.org wrote:
i need to open my LDAP-Directory to a public available Server.
What is the best secure way to connect my LDAP-Server to my Public server?
This is a pretty broad question.
Good answers usually need more info: - which kind of data is stored inside the LDAP server? - how do LDAP clients access the server? - which OS is the LDAP server running on? - against which attacks do you want to protect your deployment?
Some general security measures include: - use TLS-protected connections everywhere (StartTLS or LDAPS) - use decently secure authentication mechs - implement secure OpenLDAP ACLs to protect the database content - build stripped-down, specific OpenLDAP packages for your needs - use systemd's sand-boxing options (if using systemd on Linux at all) - use kernel-level MAC like SELinux or AppArmor (if OS is Linux)
Ciao, Michael.