LDAP Directory Technology Review

LDAP Directories provide enhanced access control for the users from their “objective” nature. LDAP allows users to inherit access privileges according to the user group they belong. Inheritance makes access control management easier (Brian Arkills, 2002).

Because of the multiple groups with different privileges that need to access the data stored in the Directory, the inheritance mechanisms, which are similar to objects, classes and attributes in Object-Oriented programming, provide the ideal solution to the issues arising when a user authenticates.

Additionally LDAP supports the Secure-Socket-Layer (SSL) encryption method, which encrypts communications between the client – who may be accessing the directory from any computer terminal in the world with Internet connection – and the server. This is done through digital certification from authoritative servers and is the standard method used in the web hosting industry.

The schema definitions of the LDAP provide the necessary security control, where only the users with the right privileges have access to parts of the system. The classes and sub-classes available to LDAP designers can easily establish rules about which user has access to which parts of the system (e.g.: which departmental products and services the customer is subscribed to).

Object class inheritance allows content and structure rules to be shared (Brian Arkills, 2002). By creating a set of classes, each of which to hold a set of access rules, and defining which classes each group of users can inherit the proposed system can provide the necessary security controls within the LDAP schema.

Due to the nature of Directory Servers the necessary security mechanisms can be implemented during any stage of the development lifecycle of the proposed system without altering the schema. This is essentially useful, as the schema will need to be changed multiple times during the design process.