Advanced LDAP
page 5 of 6
by Debjani Mallick
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 26669/ 52

Managing LDAP Security

The LDAP security consists of server security and application security.

Server Security

The CFLDAP tag supports secure socket layer (SSL) v2 security which provides certificate-based validation of the LDAP server. It also encrypts data transferred between the ColdFusion server and the LDAP server, ensuring the integrity of data passed between the servers.

The client side of the SSL communication is provided by ColdFusion MX using Java Native Directory Interface (JNDI), the LDAP provider, an SSL package, and the server side is provided by the LDAP server. The LDAP server tried to connect using the CFLDAP tag holds an SSL server certificate which is securely "signed" by a trusted authority. This authenticates the sender. During the initial stage of SSL connection, the LDAP server presents its server certificate to the client which allows the SSL connection if it trusts the certificate and then the communication can begin. The determination of whether to trust a server or not is done by comparing server's certificate with the information in the jre/lib/security/cacerts keystore of the JRE used by ColdFusion MX. The information in this file can also be updated. Once the communication is established, the login credentials need to be provided which are specified in the username and password attributes of CFLDAP tag. If the login credentials are valid, ColdFusion can access the directory.

To specify SSL v2 security, the secure attribute of CFLDAP tag should be set to "cfssl_basic."

Listing 11

<cfldap action="modify" 
modifytype="add" 
atributes="list of attributes" 
dn="distinguished name"
server=LDAP sever name
username=username to access the server 
password=password to access the server>
secure="cfssl_basic" 
port=636>

The port attribute specifies the server port used for secure LDAP communications, which has a default value of 636. If not specified, ColdFusion attempts to connect to the default, nonsecure, LDAP port 389.

Application Security

To ensure application security, outsiders must be prevented from gaining access to the passwords that one uses in CFLDAP tags. This can be done by using variables set on an encrypted application page, for the username and password attributes of CFLDAP tag.


View Entire Article

User Comments

Title: Nice article   
Name: Rahul
Date: 2008-12-06 12:02:24 PM
Comment:
Good simple article

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-03-01 3:12:50 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search