Managing Ldap Security - MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX Develop Manual

Managing LDAP security

When you consider how to implement LDAP security, you must consider server security and
application security.
Server security
The tag supports secure socket layer (SSL) v2 security. This security provides certificate-
cfldap
based validation of the LDAP server. It also encrypts data transferred between the ColdFusion
server and the LDAP server, including the user password, and ensures the integrity of data passed
between the servers. To specify SSL v2 security, set the
attribute.
About LDAP Server Security
ColdFusion MX uses Java Native Directory Interface (JNDI), the LDAP provider, and an SSL
package to create the client side of an SSL communication. The LDAP server provides the server
side. The LDAP server that the
a certificate that is securely "signed" by a trusted authority and identifies (authenticates) the
sender. During the initial SSL connection, the LDAP server presents its server certificate to the
client. If the client trusts this certificate, the SSL connection is established and secure LDAP
communication can begin.
ColdFusion determines whether to trust the server by comparing the server's certificate with the
information in the jre/lib/security/cacerts keystore of the JRE used by ColdFusion MX. The
ColdFusion MX default cacerts file contains information about many certificate granting
authorities. If you must update the file with additional information, you can use the keytool
utility in the ColdFusion jre/bin directory to import certificates that are in X.509 format. For
example, enter the following:
keytool -import -keystore cacerts -alias ldap -file ldap.crt -keypass bl19mq
The keytool utility initial keypass password is "change it". For more infomration on using the
keytool utility, see the Sun JDK documentation.
Once ColdFusion establishes secure communication with the server, it must provide the server
with login credentials. You specify the login credentials in the
attributes. When the server determines that the login credentials are valid, ColdFusion
password
can access the directory.
Using LDAP security
To use security, first ensure that the LDAP server supports SSL v2 security.
Specify the
cfldap
secure = "cfssl_basic"
For example:
<cfldap action="modify"
modifyType="add"
atributes="cn=Lizzie"
dn="uid=lborden, ou=People, o=Airius.com"
server=#myServer#
username=#myUserName#
password=#myPassword#
secure="cfssl_basic"
port=636>
tag connects to using SSL holds an SSL server certificate,
cfldap
tag attribute as follows:
secure
tag
cfladap secure="cfssl_basic"
tag
cfldap username
Advanced topics
and
503