1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
  6. Deployment manual

Securing Connections With Ssl - Netscape DIRECTORY SERVER 6.01 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Securing Connections With SSL

As your directory grows more complicated, it becomes increasingly easy to
accidentally overlap ACIs in this manner. By avoiding ACI overlap, you make
your security management easier while potentially reducing the total number
of ACIs contained in your directory.
Name your ACIs.
While naming ACIs is optional, giving each ACI a short, meaningful name
helps you to manage your security model, especially when examining your
ACIs from the Directory console.
Group your ACIs as closely together as possible within your directory.
Try to limit ACI placement to your directory root point and to major directory
branch points. Grouping ACIs helps you manage your total list of ACIs, as well
as helps you keep the total number of ACIs in your directory to a minimum.
Avoid using double negatives, such as deny write if the bind DN is not equal to
cn=Joe
Although this syntax is perfectly acceptable for the server, it's confusing for a
human administrator.
Securing Connections With SSL
After designing your authentication scheme for identified users and your access
control scheme for protecting information in your directory, you need to design a
way to protect the integrity of the information passed among servers and client
applications.
To provide secure communications over the network you can use the LDAP
protocol over the Secure Sockets Layer (SSL).
SSL can be used in conjunction with the RC2 and RC4 encryption algorithms from
RSA. The encryption method selected for a particular connection is the result of a
negotiation between the client application and Directory Server.
SSL can also be used in conjuction with CRAM-MD5, which is a hashing
mechanism that guarantees that information has not been modified during
transmission.
Directory Server can have SSL-secured connections and non SSL connections
simultaneously.
For information about enabling SSL, refer to the Netscape Directory Server
Administrator's Guide.
142
Netscape Directory Server Deployment Guide • January 2002
.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.01

Table of Contents