Directory access security

Use this information to secure the directory access.

Simple binds require a DN and a password. If no DN is supplied, the binds are said to be anonymous. The administrator can configure the directory so that anonymous binds are not allowed. See Managing connection properties. Generally, the DN corresponds to an entry in the directory. The password that is used for binding to the directory server is the value of the userpassword attribute that is associated with the entry with the DN. The directory server can be configured to enforce password policies that determine what kinds of values passwords can have and how often they must be changed. See Password policy settings. The password data that is stored in the directory is encrypted. See Password encryption. The directory administrator can delegate some administrative responsibilities by configuring an administrative group. The members of this group can be assigned specific authorities in the directory. The DN and passwords for these groups are stored as part of the server configuration. The passwords are encrypted and an administrative password policy can be configured. See Setting the administration password and lockout policy.

Use the DIGEST-MD5 and Kerberos (GSSAPI) information for your configuration. The EXTERNAL mechanism, also referred to as PKI or certificate-based authentication, relies on the authentication that is done by a directory server. It uses SSL or TLS when the server is configured for server and client authentication. The client connection is established only after the client provides a certificate that is provided by a certifying authority (CA) trusted by the server. The client certificate has a DN and it is this DN that is used to identify the user of this client connection. See Configuration of security settings for information about how to configure a directory server to support EXTERNAL binds.