Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Advanced LDAP
page 5 of 6
by Debjani Mallick
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 26356/ 47
Managing LDAP Security

The LDAP security consists of server security and application security.

Server Security

The CFLDAP tag supports secure socket layer (SSL) v2 security which provides certificate-based validation of the LDAP server. It also encrypts data transferred between the ColdFusion server and the LDAP server, ensuring the integrity of data passed between the servers.

The client side of the SSL communication is provided by ColdFusion MX using Java Native Directory Interface (JNDI), the LDAP provider, an SSL package, and the server side is provided by the LDAP server. The LDAP server tried to connect using the CFLDAP tag holds an SSL server certificate which is securely "signed" by a trusted authority. This authenticates the sender. During the initial stage of SSL connection, the LDAP server presents its server certificate to the client which allows the SSL connection if it trusts the certificate and then the communication can begin. The determination of whether to trust a server or not is done by comparing server's certificate with the information in the jre/lib/security/cacerts keystore of the JRE used by ColdFusion MX. The information in this file can also be updated. Once the communication is established, the login credentials need to be provided which are specified in the username and password attributes of CFLDAP tag. If the login credentials are valid, ColdFusion can access the directory.

To specify SSL v2 security, the secure attribute of CFLDAP tag should be set to "cfssl_basic."

Listing 11

<cfldap action="modify" 
modifytype="add" 
atributes="list of attributes" 
dn="distinguished name"
server=LDAP sever name
username=username to access the server 
password=password to access the server>
secure="cfssl_basic" 
port=636>

The port attribute specifies the server port used for secure LDAP communications, which has a default value of 636. If not specified, ColdFusion attempts to connect to the default, nonsecure, LDAP port 389.

Application Security

To ensure application security, outsiders must be prevented from gaining access to the passwords that one uses in CFLDAP tags. This can be done by using variables set on an encrypted application page, for the username and password attributes of CFLDAP tag.
View Entire Article

User Comments

Title: Nice article   
Name: Rahul
Date: 2008-12-06 12:02:24 PM
Comment:
Good simple article

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-26 4:57:05 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search