F.1 LDAP Binds

The LDAP binds should take place over a secure connection. We recommend that you always use a SSL/TLS connection and keep in mind the following considerations:

  • The key transmitted over the wire can be sniffed out. So you need to physically secure the corporate network against eaves-dropping or “packet sniffing”.

  • You need to keep the servers in a physically secure location with access by authorized personnel only.

  • When the product is used by users outside of the corporate firewall, a VPN should be employed.

  • If a server is accessible from outside the corporate network, a firewall should be configured to prevent direct access to the server.

  • Audit logs should be checked periodically.

  • Different administrative duties should be given to separate people. Delegation of administration provides granular control over the directory objects.

  • We recommend that you identify a particular LDAP server as the right server for Kerberos management. You can specify the server name in iManager.

IMPORTANT:The user needs to access the LDAP server using the DNS name instead of the IP address of the server. This is because the conversion of the IP address to the DNS name is not secure.