0

I am in the process of setting up an Open Ldap Server (ds-389) however, I cannot find many good resources which define a security or hardening guide which can be applied to the configuration or schema of the directory.

Does anyone have any good links or references that discuss how we can appropriately harden an Open Ldap server configuration?

I found a few references, and an old CIS bench mark, but it seems CIS no longer provide a bench mark for Open LDAP.

sfalzon
  • 1
  • Do you want to use OpenLDAP or 389-DS? Both are completely different LDAP servers. – Michael Ströder Dec 29 '21 at 22:40
  • Ideally 389-ds, but if you have something for open ldap i an happy to review that also. – sfalzon Dec 31 '21 at 00:55
  • The technical details differ a lot. I've implemented what I consider security best practices in [Æ-DIR](https://ae-dir.com) which is basically an IAM baed in [OpenLDAP](https://www.openldap.org). See also my talk at ODD 2018 [Defense in Depth: Hardening an OpenLDAP deployment](https://www.openldap.org/conf/odd-tuebingen-2018/Michael1.pdf) about OS-side hardening (besides all the OpenLDAP config stuff). Being the author I'm biased of course. – Michael Ströder Dec 31 '21 at 13:39

0 Answers0