2

Many systems store secret or sensitive information in LDAP attributes. For example, IEC/TS 62351-8 prescribes storage of user tokens in LDAP.

Is it safe to store secret or sensitive information as an attribute in LDAP? Can LDAP be configured in such a way as to make it secure?

jtpereyda
  • 1,430
  • 2
  • 16
  • 26
  • You can definitely want to have LDAP over TLS. Also look at discussion [here](https://security.stackexchange.com/questions/60913/is-it-secure-to-be-using-ldap-or-is-ldaps-the-only-secure-option) – Krishna Pandey Dec 14 '17 at 19:31
  • @KrishnaPandey SSL is one concern, although I am mostly concerned about secure storage vs secure transmission. My impression is that LDAP attributes are generally visible to all or many domain users, rather than only to the one user that has the attribute. – jtpereyda Dec 14 '17 at 19:32
  • @jtpereyda If I recall correctly, it's vice versa - an attribute would not be shown unless explicitly retrieved by name..well at least this is how the ldap clients I've been working with worked.. – alecxe Dec 14 '17 at 19:34
  • @jtpereyda Please look at [How secure is your password in LDAP?](https://stackoverflow.com/questions/1078156/how-secure-is-your-password-in-ldap) in that case. – Krishna Pandey Dec 14 '17 at 19:35
  • 2
    @KrishnaPandey This question is about the security of LDAP *attributes*, not the password itself. There are different data-at-rest security concerns involved. – Polynomial Dec 14 '17 at 19:58
  • @alexce Needing to specify an attribute by name does not make it secure, except in the sense of being obscured. Nevertheless, with ldapsearch for example it is easy to list all (or at least a bunch) of attributes for a given user. You can find examples online. – jtpereyda Dec 14 '17 at 20:14

1 Answers1

1

It is as safe to store a secret in LDAP (using Access Control Lists) as it is in say a database with row security or a file system with access control lists

The secrets won't be encrypted, so they can be viewed by a superuser. But they are protected from other users

You would need to use end-to-end encryption to hide secrets from a superuser

Passwords are generally hashed in LDAP

Neil McGuigan
  • 3,379
  • 1
  • 16
  • 20
  • 1
    So it sounds like LDAP *can be configured* in such a way as to allow secure storage of secrets. From the point of view of one developing systems that *use* LDAP, it is an entirely different question whether it is reasonable to expect your users to have configured or be reasonably able to configure LDAP this way. – jtpereyda Dec 14 '17 at 22:27
  • 1
    ....or whether, having partitioned the access to the secrets, the LDAP database is still the right place to store secrets in a recoverable format (what is the risk of the partitioning being compromised? What about handling of backups?....) – symcbean Dec 15 '17 at 14:07