On 4/8/21 4:07 PM, [email protected] wrote: > i need to open my LDAP-Directory to a public available Server. > > What is the best secure way to connect my LDAP-Server to my Public > server?
This is a pretty broad question. Good answers usually need more info: - which kind of data is stored inside the LDAP server? - how do LDAP clients access the server? - which OS is the LDAP server running on? - against which attacks do you want to protect your deployment? Some general security measures include: - use TLS-protected connections everywhere (StartTLS or LDAPS) - use decently secure authentication mechs - implement secure OpenLDAP ACLs to protect the database content - build stripped-down, specific OpenLDAP packages for your needs - use systemd's sand-boxing options (if using systemd on Linux at all) - use kernel-level MAC like SELinux or AppArmor (if OS is Linux) Ciao, Michael.
